13 matches found
Mageia: Security Advisory (MGASA-2021-0087)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2021-0087 Updated coturn package fixes a security vulnerability
When sending a CONNECT request with the XOR-PEER-ADDRESS value of 0.0.0.0, a malicious user would be able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either ::1 or :: as t...
Updated coturn package fixes a security vulnerability
When sending a CONNECT request with the XOR-PEER-ADDRESS value of 0.0.0.0, a malicious user would be able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either ::1 or :: as t...
Fedora 33 : coturn (2021-dee141fc61)
The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-dee141fc61 advisory. - Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and rela...
Fedora 32 : coturn (2021-32d0068851)
The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-32d0068851 advisory. - Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and rela...
CVE-2020-26262
creationtimestamp| type| source ---|---|--- 2021-01-18 11:05:06+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/2519...
CVE-2020-26262 Loopback bypass in Coturn
Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. However, it was observed that when sending a CONNECT request with the XOR-PEER-ADDRESS value...
CVE-2020-26262
Technical details about CVE-2020-26262 are not publicly provided in the supplied documents; no affected versions or fixes are confirmed here. Monitor for updates from official advisories.
CVE-2020-26262
Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. However, it was observed that when sending a CONNECT request with the XOR-PEER-ADDRESS value...
[SECURITY] [DSA 4829-1] coturn security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4829-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 11, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4829-1] coturn security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4829-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 11, 2021 https://www.debian.org/security/faq -...
CVE-2020-26262
Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. However, it was observed that when sending a CONNECT request with the XOR-PEER-ADDRESS value...
Coturn 4.5.1.x Access Control Bypass
Loopback access control bypass in coturn by using 0.0.0.0, ::1 or :: as the peer address - Fixed version: 4.5.2 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-01-coturn-access-control-bypass - Coturn Security Advisory:...