Summary
Detail | |||
---|---|---|---|
Vendor | Miniupnp Project | First view | 2013-01-31 |
Product | Miniupnpd | Last view | 2019-11-01 |
Version | Type | Application | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2019-11-01 | CVE-2013-2600 | MiniUPnPd has information disclosure use of snprintf() |
7.5 | 2019-05-15 | CVE-2019-12111 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c. |
7.5 | 2019-05-15 | CVE-2019-12109 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port. |
7.5 | 2019-05-15 | CVE-2019-12108 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port. |
7.5 | 2019-05-15 | CVE-2019-12106 | The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability. |
7.8 | 2018-01-03 | CVE-2017-1000494 | Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact |
9.8 | 2017-05-10 | CVE-2017-8798 | Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact. |
7.8 | 2013-01-31 | CVE-2013-1462 | Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a " (double quote) character, a different vulnerability than CVE-2013-0230. |
7.8 | 2013-01-31 | CVE-2013-1461 | The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different vulnerability than CVE-2013-0230. |
10 | 2013-01-31 | CVE-2013-0230 | Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method. |
7.8 | 2013-01-31 | CVE-2013-0229 | The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
33% (3) | CWE-476 | NULL Pointer Dereference |
33% (3) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
11% (1) | CWE-416 | Use After Free |
11% (1) | CWE-200 | Information Exposure |
11% (1) | CWE-189 | Numeric Errors |
Snort® IPS/IDS
Date | Description |
---|---|
2014-05-08 | MiniUPnPd ExecuteSoapAction buffer overflow attempt RuleID : 30507 - Type : SERVER-OTHER - Revision : 3 |
2014-01-10 | MiniUPnPd ExecuteSoapAction null pointer dereference attempt RuleID : 25781 - Type : SERVER-OTHER - Revision : 2 |
2014-01-10 | MiniUPnPd ExecuteSoapAction buffer overflow attempt RuleID : 25780 - Type : SERVER-OTHER - Revision : 5 |
2014-01-10 | MiniUPnPd SSDP request buffer overflow attempt RuleID : 25664 - Type : SERVER-OTHER - Revision : 5 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2017-06-01 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-638.nasl - Type: ACT_GATHER_INFO |
2017-05-25 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-3298-1.nasl - Type: ACT_GATHER_INFO |
2017-05-25 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-3298-2.nasl - Type: ACT_GATHER_INFO |
2017-05-23 | Name: The remote Debian host is missing a security update. File: debian_DLA-949.nasl - Type: ACT_GATHER_INFO |
2017-05-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_da1d5d2e3eca11e788610018fe623f2b.nasl - Type: ACT_GATHER_INFO |
2013-01-31 | Name: A network service running on the remote host has multiple vulnerabilities. File: miniupnpd_1_4.nasl - Type: ACT_GATHER_INFO |