CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2019-12111 – Ubuntu Security Notice USN-4542-1
https://notcve.org/view.php?id=CVE-2019-12111
15 May 2019 — A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c. Existe una vulnerabilidad de Denegación de Servicio en MiniUPnP MiniUPnPd hasta la versión 2.1, debido a una desreferencia de puntero NULL en copyIPv6IfDifferent en pcpserver.c. It was discovered that MiniUPnPd did not properly validate callback addresses. A remote attacker could possibly use this issue to expose sensitive information. It was discovered that Min... • https://github.com/miniupnp/miniupnp/commit/cb8a02af7a5677cf608e86d57ab04241cf34e24f • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12110 – Ubuntu Security Notice USN-4542-1
https://notcve.org/view.php?id=CVE-2019-12110
15 May 2019 — An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c. Se presenta una vulnerabilidad de Denegación de Servicio (DoS) en AddPortMap en MiniUPnP MiniUPnPd versión hasta 2.1, a causa de una desreferencia del puntero NULL en upnpredirect.c. It was discovered that MiniUPnPd did not properly validate callback addresses. A remote attacker could possibly use this issue to expose sensitive information. It was discovered that Mi... • https://github.com/miniupnp/miniupnp/commit/f321c2066b96d18afa5158dfa2d2873a2957ef38 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12109
https://notcve.org/view.php?id=CVE-2019-12109
15 May 2019 — A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port. Existe una vulnerabilidad de Denegación de Servicio en MiniUPnP MiniUPnPd hasta la versión 2.1, debido a una diferencia de puntero NULL en GetOutboundPinholeTimeout en upnpsoap.c para rem_port. • https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12108
https://notcve.org/view.php?id=CVE-2019-12108
15 May 2019 — A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port. Existe una vulnerabilidad de Denegación de Servicio en MiniUPnP MiniUPnPd hasta la versión 2.1, debido a una diferencia de puntero NULL en GetOutboundPinholeTimeout en upnpsoap.c para int_port. • https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12107 – Ubuntu Security Notice USN-4542-1
https://notcve.org/view.php?id=CVE-2019-12107
15 May 2019 — The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value. La función upnp_event_prepare en el archivo upnpevents.c en MiniUPnP MiniUPnPd hasta la versión 2.1, permite a un atacante remoto filtrar información desde la pila debido a la validación inapropiada de un valor de retorno snprintf. It was discovered that MiniUPnPd did not properly validate callback addresses. A re... • https://github.com/miniupnp/miniupnp/commit/bec6ccec63cadc95655721bc0e1dd49dac759d94 • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-12106
https://notcve.org/view.php?id=CVE-2019-12106
15 May 2019 — The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability. La función updateDevice en minissdpd.c en MiniUPnP MiniSSDPd versión 1.4 y versión 1.5, permite que un atacante remoto bloquee el proceso debido a una vulnerabilidad de acceso a memoria previamente liberada (User-After-Free). • https://github.com/miniupnp/miniupnp/commit/cd506a67e174a45c6a202eff182a712955ed6d6f • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1000494 – Ubuntu Security Notice USN-3562-1
https://notcve.org/view.php?id=CVE-2017-1000494
03 Jan 2018 — Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact Vulnerabilidad de variable de pila no inicializada en NameValueParserEndElt (upnpreplyparse.c) en miniupnpd en versiones posteriores a la 2.0 permite que un atacante provoque una denegación de servicio (fallo de segmentación y corrupción de memoria) o que, posiblemente, caus... • https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 27%CPEs: 6EXPL: 3CVE-2017-8798 – MiniUPnP MiniUPnPc < 2.0 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2017-8798
11 May 2017 — Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact. Error de entero sin signo en MiniUPnP MiniUPnPc versiónes desde la 1.4.20101221 hasta la 2.0 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado. USN-3298-1 fixed a vulnerability in MiniUPnP. This update provides the corresponding update for Ubuntu 17.04. It was discovered that Min... • https://packetstorm.news/files/id/142491 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •