Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 3 of 3 results

CVE-2021-33516

Medium priority

Some fixes available 9 of 11

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP...

1 affected packages

gupnp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gupnp Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2020-12695

Medium priority

Some fixes available 17 of 30

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka...

5 affected packages

gupnp, libupnp, minidlna, pupnp-1.8, wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gupnp Not affected Not affected Fixed Vulnerable Vulnerable
libupnp Not in release Not in release Not in release Vulnerable Vulnerable
minidlna Not affected Not affected Fixed Fixed Fixed
pupnp-1.8 Not in release Vulnerable Vulnerable Vulnerable Not in release
wpa Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2009-2174

Medium priority
Ignored

GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message.

1 affected packages

gupnp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gupnp
Show less packages