CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-33516 – gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services
https://notcve.org/view.php?id=CVE-2021-33516
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc. Se detectó un problema en GUPnP versiones anteriores a 1.0.7 y 1.1.x y versiones 1.2.x anteriores a 1.2.5. • https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536 https://gitlab.gnome.org/GNOME/gupnp/-/issues/24 https://access.redhat.com/security/cve/CVE-2021-33516 https://bugzilla.redhat.com/show_bug.cgi?id=1964091 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 8%CPEs: 1EXPL: 3CVE-2009-2174 – GUPnP 0.12.7 - Message Handling Denial of Service
https://notcve.org/view.php?id=CVE-2009-2174
GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message. GUPnP v0.12.7 permite a atacantes remotos provocar una denegación de servicio (con caída de la aplicación) a través de un mensaje vacío (1) de suscripción (2) o de control. • https://www.exploit-db.com/exploits/33040 http://bugzilla.openedhand.com/show_bug.cgi?id=1604 http://git.gupnp.org/cgit.cgi?url=gupnp/tree/NEWS&id=ce714a6700ce03953a2886a66ec57db59205f4e6 http://secunia.com/advisories/35472 http://secunia.com/advisories/35482 http://www.osvdb.org/55128 http://www.securityfocus.com/bid/35390 http://www.vupen.com/english/advisories/2009/1597 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00494.html https://www.redhat.com/archive •