Lucene search
K

46 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in wpa, pupnp-1.8

The Open Connectivity Foundation’s UPnP specification prior to April 17, 2020, does not prohibit the acceptance of a subscription request with a delivery URL located in a different network segment than the fully qualified event-subscription URL. This is known as the “CallStranger” issue...

7.8CVSS6.7AI score0.15193EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.2 views

EPSON Printers Incorrect Default Permissions (CVE-2020-12695)

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. This plugin only works with Tenable.ot...

7.8CVSS6.8AI score0.15193EPSS
Exploits3References17
Gitee
Gitee
added 2025/07/06 2:28 a.m.244 views

Exploit for Incorrect Default Permissions in Ui Unifi_Controller

CallStranger This script created by Yunus Çadırcı https://twitter.com/yunuscadirci to check against CallStranger CVE-2020-12695 vulnerability. An attacker can use this vulnerability for: Bypassing DLP for exfiltrating data Using millions of Internet-facing UPnP device as source of amplified...

7.8CVSS6.5AI score0.15193EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2020-12695

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a differen...

7.8CVSS6.6AI score0.15193EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2024/11/29 12:0 a.m.7 views

Dell UPnP SUBSCRIBE function Incorrect Default Permissions (CVE-2020-12695)

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. This plugin only works with Tenable.ot...

7.8CVSS6.6AI score0.15193EPSS
Exploits3References33
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.29 views

Rocky Linux 8 : gssdp and gupnp (RLSA-2021:1789)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:1789 advisory. - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a differe...

7.8CVSS6.7AI score0.15193EPSS
Exploits3References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.2 views

SUSE CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

7.5CVSS6.9AI score0.15193EPSS
Exploits3References10
OSV
OSV
added 2022/07/22 11:4 a.m.2 views

OESA-2022-1768 gupnp security update

GUPnP is an elegant, object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. It provides the same set of features as libupnp,but shields the developer from most...

7.8CVSS6.9AI score0.15193EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2022/05/09 12:0 a.m.32 views

NewStart CGSL MAIN 6.02 : gupnp Multiple Vulnerabilities (NS-SA-2022-0060)

The remote NewStart CGSL host, running version MAIN 6.02, has gupnp packages installed that are affected by multiple vulnerabilities: - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different...

8.1CVSS6.8AI score0.15193EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2022/05/09 12:0 a.m.42 views

NewStart CGSL MAIN 6.02 : gssdp Vulnerability (NS-SA-2022-0065)

The remote NewStart CGSL host, running version MAIN 6.02, has gssdp packages installed that are affected by a vulnerability: - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network...

7.8CVSS6.7AI score0.15193EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.24 views

AlmaLinux 8 : gssdp and gupnp (ALSA-2021:1789)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1789 advisory. - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different...

7.8CVSS6.7AI score0.15193EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.7 views

Mageia: Security Advisory (MGASA-2020-0304)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.8AI score0.15193EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2021/12/29 12:0 a.m.39 views

Slackware Linux 14.0 / 14.1 / 14.2 / current wpa_supplicant Multiple Vulnerabilities (SSA:2021-362-01)

The version of wpasupplicant installed on the remote host is prior to 2.9. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2021-362-01 advisory. - hostapd before 2.10 and wpasupplicant before 2.10 allow an incorrect indication of disconnection in certain situations...

7.9CVSS7.9AI score0.15193EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2021/05/26 12:0 a.m.48 views

Oracle Linux 8 : gssdp / and / gupnp (ELSA-2021-1789)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-1789 advisory. gssdp 1.0.5-1 + gssdp-1.0.5-1 - Update to 1.0.5 - Fix SUBSCRIBE misbehaviour - Resolves: 1861928 gupnp 1.0.6-1 + gupnp-1.0.6-1 - Update to 1.0.6 - Fix SUBSCRIBE...

7.8CVSS6.8AI score0.15193EPSS
Exploits3References2
RedHat Linux
RedHat Linux
added 2021/05/18 2:13 p.m.5 views

hostapd: UPnP SUBSCRIBE misbehavior in WPS AP

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

7.8CVSS7.3AI score0.15193EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2021/02/22 12:0 a.m.34 views

EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2021-1372)

According to the version of the wpasupplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a deliver...

7.8CVSS6.8AI score0.15193EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2021/02/22 12:0 a.m.25 views

Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2021-1372)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.8AI score0.15193EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2021/01/20 12:0 a.m.22 views

EulerOS 2.0 SP3 : wpa_supplicant (EulerOS-SA-2021-1131)

According to the version of the wpasupplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a deliver...

7.8CVSS6.8AI score0.15193EPSS
Exploits3References2
Mageia
Mageia
added 2020/12/31 2:32 p.m.50 views

Updated minidlna packages fix security vulnerabilities

It was discovered that minidlna does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue CVE-2020-12695. Minidlna before versions 1.3.0 allows remote code execution...

9.8CVSS1.5AI score0.15193EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2020/12/11 12:0 a.m.38 views

Debian DLA-2489-1 : minidlna security update

It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code. In addition minidlna was susceptible to the 'CallStranger' UPnP vulnerability. For Debian 9 stretch, these problems have been fixed in version...

9.8CVSS7AI score0.15193EPSS
Exploits4References5
Rows per page
Query Builder