VYPR
Vendor

No IP

Products
2
CVEs
4
Across products
4
Status
Private

Products

2

Recent CVEs

4
  • CVE-2024-40457CriSep 12, 2024
    risk 0.59cvss 9.1epss 0.01

    No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command line or in a file. NOTE: the vendor's position is that cleartext in /etc/default/noip-duc is recommended and is the intentional behavior.

  • CVE-2008-5297Dec 1, 2008
    risk 0.04cvss epss 0.18

    Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length check in the GetNextLine function.

  • CVE-2008-5369Dec 8, 2008
    risk 0.00cvss epss 0.00

    noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file.

  • CVE-2008-2747Jun 18, 2008
    risk 0.00cvss epss 0.00

    No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and…