Lucene search
K

174 matches found

OSV
OSV
added 2017/05/24 11:37 a.m.4 views

USN-3298-1 miniupnpc vulnerability

It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library...

9.8CVSS7.5AI score0.24027EPSS
Exploits6References2
Ubuntu
Ubuntu
added 2017/05/24 11:37 a.m.103 views

USN-3298-1: MiniUPnP vulnerability

It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library...

9.8CVSS8.5AI score0.24027EPSS
Exploits6
NVD
NVD
added 2017/05/11 1:29 a.m.8 views

CVE-2017-8798

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact...

9.8CVSS9.8AI score0.24027EPSS
Exploits6References3
OSV
OSV
added 2017/05/11 1:29 a.m.1 views

DEBIAN-CVE-2017-8798

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact...

9.8CVSS7.5AI score0.24027EPSS
Exploits6References1
OSV
OSV
added 2017/05/11 1:29 a.m.23 views

CVE-2017-8798

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact...

9.8CVSS9.7AI score0.24027EPSS
Exploits6References3
CVE
CVE
added 2017/05/11 1:0 a.m.1354 views

CVE-2017-8798

CVE-2017-8798 concerns an integer signedness error in the MiniUPnP library (MiniUPnPc) used by miniupnpc. AffectedVersions: v1.4.20101221 through v2.0. Root cause: a signedness/bounds issue in the getHTTPResponse/miniwget path that parses chunked-encoded HTTP responses. Impact: remote attacker co...

9.8CVSS9.5AI score0.24027EPSS
Exploits6References3Affected Software1
AlpineLinux
AlpineLinux
added 2017/05/11 1:0 a.m.57 views

CVE-2017-8798

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact...

9.8CVSS9.8AI score0.24027EPSS
Exploits6
OSV
OSV
added 2017/05/10 12:0 a.m.3 views

UBUNTU-CVE-2017-8798

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact...

9.8CVSS7.4AI score0.24027EPSS
Exploits6References5
FreeBSD
FreeBSD
added 2017/05/09 12:0 a.m.35 views

miniupnpc -- integer signedness error

Tintinweb reports: An integer signedness error was found in miniupnp's miniwget allowing an unauthenticated remote entity typically located on the local network segment to trigger a heap corruption or an access violation in miniupnp's http response parser when processing a specially crafted...

9.8CVSS0.8AI score0.24027EPSS
Exploits6References1
OpenVAS
OpenVAS
added 2016/11/09 12:0 a.m.16 views

MiniUPnP Detection (UDP)

UDP based detection of MiniUPnP. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.108016";...

5.2AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/11/09 12:0 a.m.9 views

MiniUPnP Detection (TCP)

TCP based detection of MiniUPnP. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.108017";...

5.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/08/30 12:0 a.m.58 views

MiniUPnP DNS Rebind Vulnerability

The remote host is running a version of MiniUPnP that is affected by an unspecified flaw that exists in the Domain Name System DNS related to the 'rebinding' interaction. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to run a...

5.6AI score
Exploits0References1
ThreatPost
ThreatPost
added 2016/01/27 11:0 a.m.33 views

Cisco MiniUPnP Stack Smashing Protection Attack

The Internet of Things security challenge is twofold: finding bugs, and more urgent—fixing them. Cisco’s Talos security intelligence and research group found and privately disclosed a serious and trivially exploitable client-side bug in MiniUPnP that was patched in September of last year. The...

6.8CVSS9.4AI score0.04783EPSS
Exploits1References4
CNVD
CNVD
added 2015/11/04 12:0 a.m.21 views

MiniUPnP Client Buffer Overflow Vulnerability

MiniUPnP Client aka MiniUPnPc is a library developed by the MiniUPnP project that enables applications to forward ports using UPnP-enabled Internet gateway devices. A buffer overflow vulnerability exists in the 'IGDstartelt' function in the igddescparse.c file in versions of MiniUPnP Client prior...

6.8CVSS8.1AI score0.04783EPSS
Exploits1References1
OSV
OSV
added 2015/11/02 7:59 p.m.9 views

CVE-2015-6031

Buffer overflow in the IGDstartelt function in igddescparse.c in the MiniUPnP client aka MiniUPnPc before 1.9.20150917 allows remote UPNP servers to cause a denial of service application crash and possibly execute arbitrary code via an "oversized" XML element name...

7.7AI score
Exploits0References10
Cvelist
Cvelist
added 2015/11/02 7:0 p.m.35 views

CVE-2015-6031

Buffer overflow in the IGDstartelt function in igddescparse.c in the MiniUPnP client aka MiniUPnPc before 1.9.20150917 allows remote UPNP servers to cause a denial of service application crash and possibly execute arbitrary code via an "oversized" XML element name...

7.6AI score0.04783EPSS
Exploits1References9
CVE
CVE
added 2015/11/02 7:0 p.m.132 views

CVE-2015-6031

CVE-2015-6031 : A buffer overflow exists in MiniUPnP Client (MiniUPnPc) in the IGDstartelt function within igd_desc_parse.c. Versions before 1.9.20150917 are affected, allowing remote UPNP servers to crash the application and potentially execute arbitrary code via an oversized XML element name. S...

6.8CVSS7.8AI score0.04783EPSS
Exploits1References9Affected Software1
Debian CVE
Debian CVE
added 2015/11/02 7:0 p.m.35 views

CVE-2015-6031

Buffer overflow in the IGDstartelt function in igddescparse.c in the MiniUPnP client aka MiniUPnPc before 1.9.20150917 allows remote UPNP servers to cause a denial of service application crash and possibly execute arbitrary code via an "oversized" XML element name...

6.8CVSS7.6AI score0.04783EPSS
Exploits1
OSV
OSV
added 2015/10/30 8:11 p.m.9 views

MGASA-2015-0416 Updated miniupnpc package fixes security vulnerability

An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this...

6.8CVSS6.6AI score0.04783EPSS
Exploits1References3
Mageia
Mageia
added 2015/10/30 8:11 p.m.38 views

Updated miniupnpc package fixes security vulnerability

An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this...

6.8CVSS7.2AI score0.04783EPSS
Exploits1References2
Rows per page
Query Builder