Search CVE reports
1 – 10 of 14 results
CVE-2021-29462
Medium priorityThe Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of...
3 affected packages
libupnp, mediatomb, pupnp-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libupnp | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| mediatomb | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| pupnp-1.8 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2021-28302
Medium priorityA stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.
3 affected packages
libupnp, mediatomb, pupnp-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libupnp | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| mediatomb | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| pupnp-1.8 | Not in release | Vulnerable | Vulnerable | Vulnerable | Not in release |
CVE-2020-12695
Medium prioritySome fixes available 18 of 31
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka...
5 affected packages
gupnp, libupnp, minidlna, pupnp-1.8, wpa
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gupnp | Not affected | Not affected | Fixed | Vulnerable | Vulnerable |
| libupnp | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| minidlna | Not affected | Not affected | Fixed | Fixed | Fixed |
| pupnp-1.8 | Not in release | Vulnerable | Vulnerable | Vulnerable | Not in release |
| wpa | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2020-13848
Medium priorityPortable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath...
2 affected packages
libupnp, pupnp-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libupnp | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| pupnp-1.8 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2016-8863
Medium prioritySome fixes available 3 of 8
Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via...
2 affected packages
libupnp, libupnp4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libupnp | — | Not in release | Not in release | Not affected | Fixed |
| libupnp4 | — | Not in release | Not in release | Not in release | Not in release |
CVE-2016-6255
High prioritySome fixes available 2 of 7
Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
1 affected package
libupnp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libupnp | — | Not in release | Not in release | Not affected | Fixed |
CVE-2012-5965
Medium prioritySome fixes available 7 of 9
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to...
2 affected packages
libupnp, libupnp4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libupnp | — | — | — | — | — |
| libupnp4 | — | — | — | — | — |
CVE-2012-5964
Medium prioritySome fixes available 7 of 9
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to...
2 affected packages
libupnp, libupnp4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libupnp | — | — | — | — | — |
| libupnp4 | — | — | — | — | — |
CVE-2012-5963
Medium prioritySome fixes available 7 of 9
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to...
2 affected packages
libupnp, libupnp4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libupnp | — | — | — | — | — |
| libupnp4 | — | — | — | — | — |
CVE-2012-5962
Medium prioritySome fixes available 7 of 9
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to...
2 affected packages
libupnp, libupnp4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libupnp | — | — | — | — | — |
| libupnp4 | — | — | — | — | — |