Search CVE reports
1 – 9 of 9 results
Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file.
1 affected package
minidlna
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| minidlna | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c.
1 affected package
minidlna
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| minidlna | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 5 of 6
ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other...
1 affected package
minidlna
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| minidlna | Not affected | Fixed | Fixed | Fixed |
Some fixes available 4 of 5
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.
1 affected package
minidlna
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| minidlna | — | Fixed | Fixed | Fixed |
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in...
1 affected package
minidlna
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| minidlna | — | — | Fixed | Fixed |
Some fixes available 19 of 32
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka...
5 affected packages
wpa, gupnp, minidlna, pupnp-1.8, libupnp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| wpa | Fixed | Fixed | Fixed | Fixed |
| gupnp | Not affected | Not affected | Fixed | Vulnerable |
| minidlna | Not affected | Not affected | Fixed | Fixed |
| pupnp-1.8 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| libupnp | Not in release | Not in release | Not in release | Vulnerable |
Some fixes available 6 of 10
An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0
1 affected package
minidlna
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| minidlna | — | — | — | — |
Some fixes available 6 of 10
MiniDLNA has heap-based buffer overflow
1 affected package
minidlna
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| minidlna | — | — | — | — |
Some fixes available 6 of 10
minidlna has SQL Injection that may allow retrieval of arbitrary files
1 affected package
minidlna
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| minidlna | — | — | — | — |