Search CVE reports
1 – 3 of 3 results
Some fixes available 11 of 13
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP...
1 affected package
gupnp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gupnp | Fixed | Fixed | Fixed | Needs evaluation |
Some fixes available 19 of 32
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka...
5 affected packages
wpa, gupnp, minidlna, libupnp, pupnp-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| wpa | Fixed | Fixed | Fixed | Fixed |
| gupnp | Not affected | Not affected | Fixed | Vulnerable |
| minidlna | Not affected | Not affected | Fixed | Fixed |
| libupnp | Not in release | Not in release | Not in release | Vulnerable |
| pupnp-1.8 | Not in release | Vulnerable | Vulnerable | Vulnerable |
GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message.
1 affected package
gupnp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gupnp | — | — | — | — |