CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26505
https://notcve.org/view.php?id=CVE-2022-26505
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. Un problema de reenganche de DNS en ReadyMedia (anteriormente MiniDLNA) versiones anteriores a 1.3.1, permite que un servidor web remoto exfiltre archivos multimedia • http://www.openwall.com/lists/oss-security/2022/03/06/1 https://lists.debian.org/debian-lts-announce/2022/04/msg00005.html https://security.gentoo.org/glsa/202311-12 https://sourceforge.net/p/minidlna/git/ci/c21208508dbc131712281ec5340687e5ae89e940 https://www.openwall.com/lists/oss-security/2022/03/03/1 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.8EPSS: 7%CPEs: 3EXPL: 2CVE-2020-28926
https://notcve.org/view.php?id=CVE-2020-28926
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. ReadyMedia (también se conoce como MiniDLNA) versiones anteriores a 1.3.0, permite una ejecución de código remota. Mediante el envío de una petición HTTP UPnP maliciosa hacia el servicio miniDLNA usando la codificación HTTP fragmentada puede conllevar un bug de firma resultando en un desbordamiento del búfer en unas llamadas hacia memcpy/memmove • https://github.com/lorsanta/exploit-CVE-2020-28926 https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html https://sourceforge.net/projects/minidlna https://www.debian.org/security/2020/dsa-4806 https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2013-2738
https://notcve.org/view.php?id=CVE-2013-2738
minidlna has SQL Injection that may allow retrieval of arbitrary files minidlna, presenta una inyección SQL que puede permitir la recuperación de archivos arbitrarios. • http://archives.neohapsis.com/archives/bugtraq/2013-07/0100.html http://media.blackhat.com/bh-us-12/Briefings/Cutlip/BH_US_12_Cutlip_SQL_Exploitation_WP.pdf https://security-tracker.debian.org/tracker/CVE-2013-2738 https://www.securityfocus.com/archive/1/527299/30/0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 9%CPEs: 4EXPL: 1CVE-2013-2739 – ReadyMedia - Remote Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-2739
MiniDLNA has heap-based buffer overflow MiniDLNA, presenta un desbordamiento de búfer en la región heap de la memoria • https://www.exploit-db.com/exploits/38667 http://archives.neohapsis.com/archives/bugtraq/2013-07/0100.html https://security-tracker.debian.org/tracker/CVE-2013-2739 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •