{"url":"http://public2.vulnerablecode.io/api/packages/94954?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.1-1?distro=trixie","type":"deb","namespace":"debian","name":"miniupnpd","version":"2.3.1-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.3.10-1","latest_non_vulnerable_version":"2.3.10-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69007?format=json","vulnerability_id":"VCID-wus4-4ghh-17dn","summary":"miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improper length validation in ParseHttpHeaders(), where the parsed length underflows to a large unsigned value when passed to memchr(), causing the process to scan memory far beyond the allocated HTTP request buffer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5720","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17412","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17567","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17593","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17576","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5720","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5720"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134334","reference_id":"1134334","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134334"},{"reference_url":"https://github.com/miniupnp/miniupnp/commit/f56bd09b2f2650126b832c5f30a65a09e28167fa","reference_id":"f56bd09b2f2650126b832c5f30a65a09e28167fa","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T14:51:38Z/"}],"url":"https://github.com/miniupnp/miniupnp/commit/f56bd09b2f2650126b832c5f30a65a09e28167fa"},{"reference_url":"https://github.com/miniupnp/miniupnp/","reference_id":"miniupnp","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T14:51:38Z/"}],"url":"https://github.com/miniupnp/miniupnp/"},{"reference_url":"https://www.vulncheck.com/advisories/miniupnpd-integer-underflow-soapaction-header-parsing","reference_id":"miniupnpd-integer-underflow-soapaction-header-parsing","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T14:51:38Z/"}],"url":"https://www.vulncheck.com/advisories/miniupnpd-integer-underflow-soapaction-header-parsing"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94957?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.10-1%3Fdistro=trixie"}],"aliases":["CVE-2026-5720"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wus4-4ghh-17dn"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218478?format=json","vulnerability_id":"VCID-3n5r-pt3x-y3eg","summary":"The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different vulnerability than CVE-2013-0230.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1461","reference_id":"","reference_type":"","scores":[{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.72327","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.72408","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.72422","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.72416","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1461"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94955?format=json","purl":"pkg:deb/debian/miniupnpd@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94956?format=json","purl":"pkg:deb/debian/miniupnpd@2.2.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94954?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94958?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.9-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.9-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94957?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.10-1%3Fdistro=trixie"}],"aliases":["CVE-2013-1461"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3n5r-pt3x-y3eg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218476?format=json","vulnerability_id":"VCID-58mb-1vtr-pugt","summary":"The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0229","reference_id":"","reference_type":"","scores":[{"value":"0.74349","scoring_system":"epss","scoring_elements":"0.98863","published_at":"2026-06-11T12:55:00Z"},{"value":"0.74349","scoring_system":"epss","scoring_elements":"0.98867","published_at":"2026-06-12T12:55:00Z"},{"value":"0.74349","scoring_system":"epss","scoring_elements":"0.98869","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0229"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/38249.txt","reference_id":"CVE-2013-0229","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/38249.txt"},{"reference_url":"https://www.securityfocus.com/bid/57602/info","reference_id":"CVE-2013-0229","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/57602/info"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/hardware/dos/37517.pl","reference_id":"CVE-2013-0230;CVE-2013-0229;OSVDB-89625;OSVDB-89624","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/hardware/dos/37517.pl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94955?format=json","purl":"pkg:deb/debian/miniupnpd@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94956?format=json","purl":"pkg:deb/debian/miniupnpd@2.2.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94954?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94958?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.9-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.9-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94957?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.10-1%3Fdistro=trixie"}],"aliases":["CVE-2013-0229"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-58mb-1vtr-pugt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204725?format=json","vulnerability_id":"VCID-bgk8-m1nq-27f4","summary":"Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000494","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23739","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23936","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23944","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23922","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000494"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887129","reference_id":"887129","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887129"},{"reference_url":"https://usn.ubuntu.com/3562-1/","reference_id":"USN-3562-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3562-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94960?format=json","purl":"pkg:deb/debian/miniupnpd@2.0.20171212-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.0.20171212-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94956?format=json","purl":"pkg:deb/debian/miniupnpd@2.2.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94954?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94958?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.9-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.9-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94957?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.10-1%3Fdistro=trixie"}],"aliases":["CVE-2017-1000494"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bgk8-m1nq-27f4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206705?format=json","vulnerability_id":"VCID-due3-vryw-8qa5","summary":"An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12110","reference_id":"","reference_type":"","scores":[{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69784","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69875","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.6989","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69887","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12110"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930050","reference_id":"930050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930050"},{"reference_url":"https://usn.ubuntu.com/4542-1/","reference_id":"USN-4542-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4542-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94961?format=json","purl":"pkg:deb/debian/miniupnpd@2.1-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.1-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94956?format=json","purl":"pkg:deb/debian/miniupnpd@2.2.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94954?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94958?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.9-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.9-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94957?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.10-1%3Fdistro=trixie"}],"aliases":["CVE-2019-12110"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-due3-vryw-8qa5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218477?format=json","vulnerability_id":"VCID-fpdw-qkqt-vbc4","summary":"Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0230","reference_id":"","reference_type":"","scores":[{"value":"0.65944","scoring_system":"epss","scoring_elements":"0.98535","published_at":"2026-06-11T12:55:00Z"},{"value":"0.65944","scoring_system":"epss","scoring_elements":"0.9854","published_at":"2026-06-13T12:55:00Z"},{"value":"0.65944","scoring_system":"epss","scoring_elements":"0.98539","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0230"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/25975.rb","reference_id":"CVE-2013-0230;OSVDB-89624","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/25975.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/36839.py","reference_id":"CVE-2013-0230;OSVDB-89624","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/36839.py"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94955?format=json","purl":"pkg:deb/debian/miniupnpd@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94956?format=json","purl":"pkg:deb/debian/miniupnpd@2.2.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94954?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94958?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.9-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.9-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94957?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.10-1%3Fdistro=trixie"}],"aliases":["CVE-2013-0230"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fpdw-qkqt-vbc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218479?format=json","vulnerability_id":"VCID-fqaw-5775-eqde","summary":"Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a \" (double quote) character, a different vulnerability than CVE-2013-0230.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1462","reference_id":"","reference_type":"","scores":[{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.72327","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.72408","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.72422","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.72416","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1462"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94955?format=json","purl":"pkg:deb/debian/miniupnpd@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94956?format=json","purl":"pkg:deb/debian/miniupnpd@2.2.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94954?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94958?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.9-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.9-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94957?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.10-1%3Fdistro=trixie"}],"aliases":["CVE-2013-1462"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fqaw-5775-eqde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206703?format=json","vulnerability_id":"VCID-qjst-hkej-x3fn","summary":"A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12108","reference_id":"","reference_type":"","scores":[{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67769","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67858","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67869","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67866","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12108"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12108","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12108"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930050","reference_id":"930050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930050"},{"reference_url":"https://usn.ubuntu.com/4542-1/","reference_id":"USN-4542-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4542-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94961?format=json","purl":"pkg:deb/debian/miniupnpd@2.1-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.1-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94956?format=json","purl":"pkg:deb/debian/miniupnpd@2.2.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94954?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94958?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.9-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.9-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94957?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.10-1%3Fdistro=trixie"}],"aliases":["CVE-2019-12108"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qjst-hkej-x3fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202832?format=json","vulnerability_id":"VCID-qwsc-5d98-bfhn","summary":"MiniUPnPd has information disclosure use of snprintf()","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2600","reference_id":"","reference_type":"","scores":[{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66149","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66243","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66257","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66254","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2600"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2600","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2600"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=716936","reference_id":"716936","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=716936"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94959?format=json","purl":"pkg:deb/debian/miniupnpd@1.8.20130730-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@1.8.20130730-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94956?format=json","purl":"pkg:deb/debian/miniupnpd@2.2.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94954?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94958?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.9-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.9-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94957?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.10-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2600"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwsc-5d98-bfhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206704?format=json","vulnerability_id":"VCID-r2r8-3r8z-uqdk","summary":"A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12109","reference_id":"","reference_type":"","scores":[{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67769","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67858","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67869","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67866","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12109","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12109"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930050","reference_id":"930050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930050"},{"reference_url":"https://usn.ubuntu.com/4542-1/","reference_id":"USN-4542-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4542-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94961?format=json","purl":"pkg:deb/debian/miniupnpd@2.1-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.1-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94956?format=json","purl":"pkg:deb/debian/miniupnpd@2.2.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94954?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94958?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.9-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.9-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94957?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.10-1%3Fdistro=trixie"}],"aliases":["CVE-2019-12109"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r2r8-3r8z-uqdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206701?format=json","vulnerability_id":"VCID-tbub-9kut-uqh1","summary":"The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12107","reference_id":"","reference_type":"","scores":[{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.59043","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.59155","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.59167","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.59158","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12107"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12107","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12107"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930050","reference_id":"930050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930050"},{"reference_url":"https://usn.ubuntu.com/4542-1/","reference_id":"USN-4542-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4542-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94961?format=json","purl":"pkg:deb/debian/miniupnpd@2.1-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.1-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94956?format=json","purl":"pkg:deb/debian/miniupnpd@2.2.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94954?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94958?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.9-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.9-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94957?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.10-1%3Fdistro=trixie"}],"aliases":["CVE-2019-12107"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbub-9kut-uqh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206706?format=json","vulnerability_id":"VCID-tp4q-u9nv-z7cx","summary":"A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12111","reference_id":"","reference_type":"","scores":[{"value":"0.01158","scoring_system":"epss","scoring_elements":"0.78986","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01158","scoring_system":"epss","scoring_elements":"0.79051","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01158","scoring_system":"epss","scoring_elements":"0.79065","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01158","scoring_system":"epss","scoring_elements":"0.79063","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12111"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930050","reference_id":"930050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930050"},{"reference_url":"https://usn.ubuntu.com/4542-1/","reference_id":"USN-4542-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4542-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94961?format=json","purl":"pkg:deb/debian/miniupnpd@2.1-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.1-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94956?format=json","purl":"pkg:deb/debian/miniupnpd@2.2.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94954?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94958?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.9-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wus4-4ghh-17dn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.9-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94957?format=json","purl":"pkg:deb/debian/miniupnpd@2.3.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.10-1%3Fdistro=trixie"}],"aliases":["CVE-2019-12111"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tp4q-u9nv-z7cx"}],"risk_score":"3.2","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/miniupnpd@2.3.1-1%3Fdistro=trixie"}