CVE-2018-4058

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that...

Default configuration

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that...

UBUNTU-CVE-2018-4059

An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuratio...

UBUNTU-CVE-2018-4058

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that...

CVE-2018-4058

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that...

CVE-2018-4058

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that...

CVE-2019-6139

Forcepoint User ID FUID server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent the vulnerability on...

CVE-2017-2637

A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default by director listening on 0.0.0.0 all interfaces with no-authentication or encryption. Anyone able to make a TCP connection to any comput...

Updated cups packages fix security vulnerability

Updated cups packages fix security vulnerability: Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could...

CVE-2014-0219

Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service shutdown by sending a shutdown command to all listening high ports...

Updated tcpreplay packages fixes CVE-2016-6160

Updated tcpreplay package fixes security vulnerability: The tcprewrite program, part of the tcpreplay suite, does not check the size of the frames it processes. Huge frames may trigger a segmentation fault, and they occur on interfaces with an MTU of or close to 65536. For example, the loopback...

Microsoft Windows WIND server privilege escalation

Loopback interface packets handling vulnereability...

FreeBSD -- Lost mbuf flag resulting in data corruption

Problem Description: The read-only flag is not correctly copied when a mbuf buffer reference is duplicated. When the sendfile2 system call is used to transmit data over the loopback interface, this can result in the backing pages for the transmitted file being modified, causing data corruption...

CVE-2002-1921

The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database...

CVE-1999-1423

ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service crash via a ping request to a multicast address through the loopback interface, e.g. via ping -i...

Solaris 2.5.1 - 'Ping' System Panic (Denial of Service)

source: https://www.securityfocus.com/bid/209/info The ping program is used to assess network connectivity between network devices. A denial of service condition exists in the ping program that may cause the system to panic by sending ping requests to a multicast address through the loopback...

Solaris 2.5.1 - Ping System Panic (Denial of Service)

Solaris 2.5.1 - Ping System Panic Denial of Service source: https://www.securityfocus.com/bid/209/info The ping program is used to assess network connectivity between network devices. A denial of service condition exists in the ping program that may cause the system to panic by sending ping...