58 matches found
EPSON Printers Incorrect Default Permissions (CVE-2020-12695)
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. This plugin only works with Tenable.ot...
MiracleLinux 8 : gssdp-1.0.5-1.el8, gupnp-1.0.6-1.el8 (AXSA:2021-2048:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2048:01 advisory. hostapd: UPnP SUBSCRIBE misbehavior in WPS AP CVE-2020-12695 Tenable has extracted the preceding description block directly from the MiracleLinux security...
RHEL 7 : gupnp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - hostapd: UPnP SUBSCRIBE misbehavior in WPS AP CVE-2020-12695 Note that Nessus has not tested for this issue but has...
RHEL 5 : hostapd (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - hostapd: UPnP SUBSCRIBE misbehavior in WPS AP CVE-2020-12695 Note that Nessus has not tested for this issue but has...
Rocky Linux 8 : gssdp and gupnp (RLSA-2021:1789)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:1789 advisory. - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a differe...
Ubuntu: Security Advisory (USN-4734-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OESA-2022-1768 gupnp security update
GUPnP is an elegant, object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. It provides the same set of features as libupnp,but shields the developer from most...
NewStart CGSL MAIN 6.02 : gupnp Multiple Vulnerabilities (NS-SA-2022-0060)
The remote NewStart CGSL host, running version MAIN 6.02, has gupnp packages installed that are affected by multiple vulnerabilities: - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different...
AlmaLinux 8 : gssdp and gupnp (ALSA-2021:1789)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1789 advisory. - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different...
Mageia: Security Advisory (MGASA-2020-0304)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[slackware-security] wpa_supplicant
New wpasupplicant packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/wpasupplicant-2.9-i586-1slack14.2.txz: Upgraded. This update fixes the following security issues: AP mode PMF...
Oracle Linux 8 : gssdp / and / gupnp (ELSA-2021-1789)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-1789 advisory. gssdp 1.0.5-1 + gssdp-1.0.5-1 - Update to 1.0.5 - Fix SUBSCRIBE misbehaviour - Resolves: 1861928 gupnp 1.0.6-1 + gupnp-1.0.6-1 - Update to 1.0.6 - Fix SUBSCRIBE...
RHEL 8 : gssdp and gupnp (RHSA-2021:1789)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1789 advisory. GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API...
Moderate: Red Hat Security Advisory: gssdp and gupnp security update
An update for gssdp and gupnp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
RLSA-2021:1789 Moderate: gssdp and gupnp security update
GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. The...
ALSA-2021:1789 Moderate: gssdp and gupnp security update
GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. The...
Debian DSA-4898-1 : wpa - security update
Several vulnerabilities have been discovered in wpasupplicant and hostapd. - CVE-2020-12695 It was discovered that hostapd does not properly handle UPnP subscribe messages under certain conditions, allowing an attacker to cause a denial of service. - CVE-2021-0326 It was discovered that...
[SECURITY] [DSA 4898-1] wpa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4898-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 22, 2021 https://www.debian.org/security/faq -...
openSUSE: Security Advisory for hostapd (openSUSE-SU-2021:0519-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:0545-1 Security update for hostapd
This update for hostapd fixes the following issues: - CVE-2021-30004: forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c boo1184348 - CVE-2020-12695: UPnP SUBSCRIBE misbehavior in hostapd WPS AP boo1172700 - CVE-2019-16275: AP mode PMF...