Shodan
Vulnerabilities
Vulnerable Software
Miniupnp Project:  >> Miniupnpd  >> 1.0  Security Vulnerabilities
CVE-2019-12108
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-05-15
CVE-2019-12109
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-05-15
CVE-2019-12111
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c.
CVSS Score
7.5
EPSS Score
0.01
Published
2019-05-15
CVE-2017-1000494
Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact
CVSS Score
7.8
EPSS Score
0.002
Published
2018-01-03
CVE-2013-0229
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
CVSS Score
7.8
EPSS Score
0.743
Published
2013-01-31
CVE-2013-0230
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
CVSS Score
10.0
EPSS Score
0.801
Published
2013-01-31
CVE-2013-1461
The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different vulnerability than CVE-2013-0230.
CVSS Score
7.8
EPSS Score
0.007
Published
2013-01-31
CVE-2013-1462
Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a " (double quote) character, a different vulnerability than CVE-2013-0230.
CVSS Score
7.8
EPSS Score
0.007
Published
2013-01-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved