CVE-2011-1165 — King Vino vulnerability

10 documents7 sources

Severity

5.1MEDIUMNVD

EPSS

0.7%

top 28.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

David King Vino

Timeline

PublishedMar 12

Latest updateMay 17

Description

Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDdavid_king/vino3.1.92+102

Patches

Patch: git.gnome.org ↗Patch: git.gnome.org ↗

🔴Vulnerability Details

GHSA

GHSA-v9m5-9vg5-h8w2: Vino, possibly before 3↗2022-05-17

▶

CVEList

CVE-2011-1165: Vino, possibly before 3↗2013-03-12

▶

OSV

CVE-2011-1165: Vino, possibly before 3↗2013-03-12

▶

📋Vendor Advisories

Debian

CVE-2011-1165: vino - Vino, possibly before 3.2, does not properly document that it opens ports in UPn...↗2011

▶

Red Hat

vino-preferences does not warn about UPnP especially with no password and no confirmation.↗2009-09-08

▶

💬Community

Bugzilla

CVE-2011-2982 Mozilla: Miscellaneous memory safety hazards↗2011-08-14

▶

Bugzilla

CVE-2011-2983 Mozilla: Private data leakage using RegExp.input↗2011-08-14

▶

Bugzilla

CVE-2011-2908 CSRF on jmx-console allows invocation of operations on mbeans↗2011-08-12

▶

Bugzilla

CVE-2011-1165 vino-preferences does not warn about UPnP especially with no password and no confirmation.↗2011-02-20

▶