Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Miniupnp Project Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-3985 2 Miniupnp Project, Opensuse 2 Miniupnp, Opensuse 2020-09-28 5.0 MEDIUM N/A
The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read.
CVE-2015-6031 4 Canonical, Debian, Miniupnp Project and 1 more 5 Ubuntu Linux, Debian Linux, Miniupnpc and 2 more 2019-06-18 6.8 MEDIUM N/A
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.
CVE-2013-0230 1 Miniupnp Project 1 Miniupnpd 2016-12-08 10.0 HIGH N/A
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
CVE-2013-1462 1 Miniupnp Project 1 Miniupnpd 2015-10-08 7.8 HIGH N/A
Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a " (double quote) character, a different vulnerability than CVE-2013-0230.
CVE-2013-1461 1 Miniupnp Project 1 Miniupnpd 2015-10-08 7.8 HIGH N/A
The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different vulnerability than CVE-2013-0230.
CVE-2013-0229 1 Miniupnp Project 1 Miniupnpd 2015-10-08 7.8 HIGH N/A
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.