Readymedia Project: >> Readymedia >> 1.0.20 Security Vulnerabilities
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.
CVSS Score
7.4
EPSS Score
0.002
Published
2022-03-06
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.
CVSS Score
9.8
EPSS Score
0.653
Published
2020-11-30
MiniDLNA has heap-based buffer overflow
CVSS Score
9.8
EPSS Score
0.123
Published
2019-11-01
minidlna has SQL Injection that may allow retrieval of arbitrary files
CVSS Score
9.8
EPSS Score
0.004
Published
2019-11-01