23 matches found
SUSE CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...
hostapd: UPnP SUBSCRIBE misbehavior in WPS AP
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...
EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2021-1372)
According to the version of the wpasupplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a deliver...
Debian DLA-2489-1 : minidlna security update
It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code. In addition minidlna was susceptible to the 'CallStranger' UPnP vulnerability. For Debian 9 stretch, these problems have been fixed in version...
[SECURITY] [DLA 2489-1] minidlna security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2489-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz December 10, 2020 https://wiki.debian.org/LTS -...
Debian DSA-4806-1 : minidlna - security update
It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code. In addition minidlna was susceptible to the'CallStranger' UPnP vulnerability. C Tenable Network Security, Inc. The descriptive text and package checks in...
Debian: Security Advisory (DSA-4806-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4806-1] minidlna security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4806-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 07, 2020 https://www.debian.org/security/faq -...
EulerOS Virtualization 3.0.6.6 : wpa_supplicant (EulerOS-SA-2020-2477)
According to the version of the wpasupplicant package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request...
EulerOS 2.0 SP5 : wpa_supplicant (EulerOS-SA-2020-2276)
According to the version of the wpasupplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a deliver...
Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2020-2276)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Authorization Bypass
hostapd is vulnerable to authorization bypass. The vulnerability exists as the Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription...
Updated gssdp/gupnp packages fix security vulnerability
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. CVE-2020-12695...
Security Advisory - CallStranger Vulnerability in UPnP Protocol
There is an vulnerability in UPnP protocol that does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, named CallStranger. The UPnP function of Huawei product is enabled only on the LAN side and ...
CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. Mitigation To mitigate this flaw, close of...
CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...
CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...
Open redirect
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...
CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...
CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...