CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-33476 – Debian Security Advisory 5434-1
https://notcve.org/view.php?id=CVE-2023-33476
02 Jun 2023 — ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write. It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks. A remote attacker could possibly use this issue to trick the local DL... • https://github.com/mellow-hype/cve-2023-33476 • CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26505 – Gentoo Linux Security Advisory 202311-12
https://notcve.org/view.php?id=CVE-2022-26505
06 Mar 2022 — A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. Un problema de reenganche de DNS en ReadyMedia (anteriormente MiniDLNA) versiones anteriores a 1.3.1, permite que un servidor web remoto exfiltre archivos multimedia It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks. A remote attacker could possibly use this issue to trick the local DLNA server to leak information. This issue only affected Ubuntu 16.04 LTS, Ubunt... • http://www.openwall.com/lists/oss-security/2022/03/06/1 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.8EPSS: 65%CPEs: 3EXPL: 2CVE-2020-28926 – Debian Security Advisory 4806-1
https://notcve.org/view.php?id=CVE-2020-28926
30 Nov 2020 — ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. ReadyMedia (también se conoce como MiniDLNA) versiones anteriores a 1.3.0, permite una ejecución de código remota. Mediante el envío de una petición HTTP UPnP maliciosa hacia el servicio miniDLNA usando la codificación HTTP fragmentada puede conllevar... • https://github.com/lorsanta/exploit-CVE-2020-28926 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2013-2738 – MiniDLNA SQL Injection / Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-2738
17 Jul 2013 — minidlna has SQL Injection that may allow retrieval of arbitrary files minidlna, presenta una inyección SQL que puede permitir la recuperación de archivos arbitrarios. MiniDLNA versions prior to 1.1.0 suffer from heap-based buffer overflow and remote SQL injection vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2013-07/0100.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 12%CPEs: 4EXPL: 1CVE-2013-2739 – ReadyMedia - Remote Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-2739
17 Jul 2013 — MiniDLNA has heap-based buffer overflow MiniDLNA, presenta un desbordamiento de búfer en la región heap de la memoria MiniDLNA versions prior to 1.1.0 suffer from heap-based buffer overflow and remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/38667 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •