Search CVE reports


Toggle filters

1 – 3 of 3 results


CVE-2021-33516

Medium priority

Some fixes available 10 of 12

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP...

1 affected packages

gupnp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gupnp Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2020-12695

Medium priority

Some fixes available 18 of 31

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka...

5 affected packages

gupnp, libupnp, minidlna, pupnp-1.8, wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gupnp Not affected Not affected Fixed Vulnerable Vulnerable
libupnp Not in release Not in release Not in release Vulnerable Vulnerable
minidlna Not affected Not affected Fixed Fixed Fixed
pupnp-1.8 Not in release Vulnerable Vulnerable Vulnerable Not in release
wpa Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2009-2174

Medium priority
Ignored

GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message.

1 affected packages

gupnp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gupnp
Show less packages