Lucene search
K

32 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in wpa, pupnp-1.8

The Open Connectivity Foundation’s UPnP specification prior to April 17, 2020, does not prohibit the acceptance of a subscription request with a delivery URL located in a different network segment than the fully qualified event-subscription URL. This is known as the “CallStranger” issue...

7.8CVSS6.7AI score0.15193EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2020-12695

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a differen...

7.8CVSS6.6AI score0.15193EPSS
Exploits3References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.2 views

SUSE CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

7.5CVSS6.9AI score0.15193EPSS
Exploits3References10
Tenable Nessus
Tenable Nessus
added 2022/05/09 12:0 a.m.32 views

NewStart CGSL MAIN 6.02 : gupnp Multiple Vulnerabilities (NS-SA-2022-0060)

The remote NewStart CGSL host, running version MAIN 6.02, has gupnp packages installed that are affected by multiple vulnerabilities: - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different...

8.1CVSS6.8AI score0.15193EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2022/05/09 12:0 a.m.42 views

NewStart CGSL MAIN 6.02 : gssdp Vulnerability (NS-SA-2022-0065)

The remote NewStart CGSL host, running version MAIN 6.02, has gssdp packages installed that are affected by a vulnerability: - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network...

7.8CVSS6.7AI score0.15193EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.24 views

AlmaLinux 8 : gssdp and gupnp (ALSA-2021:1789)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1789 advisory. - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different...

7.8CVSS6.7AI score0.15193EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2021/12/29 12:0 a.m.39 views

Slackware Linux 14.0 / 14.1 / 14.2 / current wpa_supplicant Multiple Vulnerabilities (SSA:2021-362-01)

The version of wpasupplicant installed on the remote host is prior to 2.9. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2021-362-01 advisory. - hostapd before 2.10 and wpasupplicant before 2.10 allow an incorrect indication of disconnection in certain situations...

7.9CVSS7.9AI score0.15193EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2021/05/18 2:13 p.m.5 views

hostapd: UPnP SUBSCRIBE misbehavior in WPS AP

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

7.8CVSS7.3AI score0.15193EPSS
Exploits3References4
BDU FSTEC
BDU FSTEC
added 2021/03/15 12:0 a.m.5 views

The vulnerability of the Open Connectivity Foundation UPnP specification allows a intruder to gain access to confidential data and also cause service failure.

The vulnerability of the Open Connectivity Foundation UPnP specification is related to the lack of a mechanism for standard permissions. Exploiting this vulnerability can allow an attacker to gain access to confidential data, as well as cause service failures...

7.8CVSS6.8AI score0.15193EPSS
Exploits3References17Affected Software6
Tenable Nessus
Tenable Nessus
added 2021/01/20 12:0 a.m.22 views

EulerOS 2.0 SP3 : wpa_supplicant (EulerOS-SA-2021-1131)

According to the version of the wpasupplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a deliver...

7.8CVSS6.8AI score0.15193EPSS
Exploits3References2
ArchLinux
ArchLinux
added 2020/12/09 12:0 a.m.89 views

[ASA-202012-16] hostapd: proxy injection

Arch Linux Security Advisory ASA-202012-16 ========================================== Severity: Medium Date : 2020-12-09 CVE-ID : CVE-2020-12695 Package : hostapd Type : proxy injection Remote : Yes Link : https://security.archlinux.org/AVG-1322 Summary ======= The package hostapd before version...

7.8CVSS0.5AI score0.15193EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2020/11/06 12:0 a.m.25 views

EulerOS Virtualization 3.0.6.6 : wpa_supplicant (EulerOS-SA-2020-2477)

According to the version of the wpasupplicant package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request...

7.8CVSS6.7AI score0.15193EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2020/11/05 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2020-2477)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.8AI score0.15193EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2020/10/30 12:0 a.m.34 views

EulerOS 2.0 SP5 : wpa_supplicant (EulerOS-SA-2020-2276)

According to the version of the wpasupplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a deliver...

7.8CVSS6.8AI score0.15193EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2020/10/30 12:0 a.m.18 views

Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2020-2276)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.8AI score0.15193EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2020/08/10 12:0 a.m.32 views

Debian DLA-2318-1 : wpa security update

The following CVEs have been reported against src:wpa. CVE-2019-10064 hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjuncti...

7.8CVSS6.7AI score0.15193EPSS
Exploits4References5
OSV
OSV
added 2020/07/31 11:25 p.m.10 views

MGASA-2020-0304 Updated gssdp/gupnp packages fix security vulnerability

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. CVE-2020-12695...

7.8CVSS7.6AI score0.15193EPSS
Exploits3References3
Mageia
Mageia
added 2020/07/31 11:25 p.m.43 views

Updated gssdp/gupnp packages fix security vulnerability

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. CVE-2020-12695...

7.8CVSS1.9AI score0.15193EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2020/06/10 2:56 p.m.41 views

CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. Mitigation To mitigate this flaw, close of...

7.8CVSS0.8AI score0.15193EPSS
Exploits3References3
CNVD
CNVD
added 2020/06/09 12:0 a.m.3 views

UPnP denial of service vulnerability

UPnP is a Universal Plug and Play protocol from the Open Connectivity Foundation. A security vulnerability exists in versions of UPnP prior to 2020-04-17. An attacker could exploit the vulnerability by sending traffic to an arbitrary location with the help of the SUBSCRIBE feature, resulting in a...

7.8CVSS6.8AI score0.15193EPSS
Exploits3References1
Rows per page
Query Builder