Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 8 of 8 results

CVE-2023-47430

Medium priority
Needs evaluation

Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c.

1 affected packages

minidlna

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
minidlna Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-33476

Medium priority

Some fixes available 5 of 6

ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other...

1 affected packages

minidlna

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
minidlna Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-26505

Medium priority

Some fixes available 4 of 5

A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.

1 affected packages

minidlna

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
minidlna Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-28926

Medium priority
Fixed

ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in...

1 affected packages

minidlna

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
minidlna Fixed Fixed Fixed
Show less packages

CVE-2020-12695

Medium priority

Some fixes available 17 of 30

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka...

5 affected packages

gupnp, libupnp, minidlna, pupnp-1.8, wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gupnp Not affected Not affected Fixed Vulnerable Vulnerable
libupnp Not in release Not in release Not in release Vulnerable Vulnerable
minidlna Not affected Not affected Fixed Fixed Fixed
pupnp-1.8 Not in release Vulnerable Vulnerable Vulnerable Not in release
wpa Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2013-2745

Medium priority

Some fixes available 6 of 10

An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0

1 affected packages

minidlna

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
minidlna Fixed
Show less packages

CVE-2013-2739

Medium priority

Some fixes available 6 of 10

MiniDLNA has heap-based buffer overflow

1 affected packages

minidlna

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
minidlna Fixed
Show less packages

CVE-2013-2738

Medium priority

Some fixes available 6 of 10

minidlna has SQL Injection that may allow retrieval of arbitrary files

1 affected packages

minidlna

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
minidlna Fixed
Show less packages