Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1422 matches found

Debian
Debianadded 2021/01/11 1:57 p.m.29 views

[SECURITY] [DSA 4829-1] coturn security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4829-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 11, 2021 https://www.debian.org/security/faq -...

6.4CVSS2AI score0.00267EPSS
Exploits3
OSV
OSVadded 2021/01/11 12:0 a.m.1 views

UBUNTU-CVE-2020-26262

Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. However, it was observed that when sending a CONNECT request with the XOR-PEER-ADDRESS value...

7.2CVSS7AI score0.00267EPSS
Exploits3References4
0day.today
0day.todayadded 2021/01/11 12:0 a.m.69 views

Coturn 4.5.1.x Access Control Bypass Vulnerability

Coturn 4.5.1.x Access Control Bypass Vulnerability Loopback access control bypass in coturn by using 0.0.0.0, ::1 or :: as the peer address - Fixed version: 4.5.2 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-01-coturn-access-control-bypass - Coturn...

7.2CVSS7.1AI score0.00267EPSS
Exploits3
Packet Storm
Packet Stormadded 2021/01/11 12:0 a.m.362 views

Coturn 4.5.1.x Access Control Bypass

Loopback access control bypass in coturn by using 0.0.0.0, ::1 or :: as the peer address - Fixed version: 4.5.2 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-01-coturn-access-control-bypass - Coturn Security Advisory:...

0.6AI score0.00267EPSS
Exploits3
UbuntuCve
UbuntuCveadded 2021/01/11 12:0 a.m.16 views

CVE-2020-26262

Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. However, it was observed that when sending a CONNECT request with the XOR-PEER-ADDRESS value...

7.2CVSS6.9AI score0.00267EPSS
Exploits3References3
Exploit DB
Exploit DBadded 2021/01/08 12:0 a.m.500 views

Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)

Exploit Title: Cockpit Version 234 - Server-Side Request Forgery Unauthenticated Date: 08.01.2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://cockpit-project.org/ Version: v234 Tested on: Ubuntu 18.04 !/usr/bin/python3 import argparse import requests import sys import urllib3...

7.4AI score
Exploits0
OSV
OSVadded 2020/12/31 10:15 a.m.4 views

DEBIAN-CVE-2020-35863

An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface...

9.8CVSS9.1AI score0.02006EPSS
Exploits0References1
NVD
NVDadded 2020/12/31 10:15 a.m.8 views

CVE-2020-35863

An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface...

9.8CVSS9.8AI score0.02006EPSS
Exploits0References1
OSV
OSVadded 2020/12/31 10:15 a.m.10 views

CVE-2020-35863

An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface...

9.8CVSS7.8AI score
Exploits0References1
UbuntuCve
UbuntuCveadded 2020/12/31 10:15 a.m.19 views

CVE-2020-35863

An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface...

9.8CVSS7.6AI score0.02006EPSS
Exploits0References3
OSV
OSVadded 2020/12/31 10:15 a.m.3 views

UBUNTU-CVE-2020-35863

An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface...

9.8CVSS7.7AI score0.02006EPSS
Exploits0References4
Cvelist
Cvelistadded 2020/12/31 8:29 a.m.13 views

CVE-2020-35863

An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface...

9.8AI score0.02006EPSS
Exploits0References1
Debian CVE
Debian CVEadded 2020/12/31 8:29 a.m.17 views

CVE-2020-35863

An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface...

9.8CVSS9.8AI score0.02006EPSS
Exploits0
CNNVD
CNNVDadded 2020/12/31 12:0 a.m.6 views

Rust Code Injection Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust hyper crate before 0.12.34, which stems from the possibility of HTTP request smuggling. In some cases, remote code can be executed using an HTTP server on a loopback...

9.8CVSS6.1AI score0.02006EPSS
Exploits0References2
CNVD
CNVDadded 2020/12/22 12:0 a.m.3 views

IBM Loopback Injection Vulnerability

IBM Loopback is a U.S. IBM NodeJs-based API framework. The framework can support NodeJs applications and most major databases , IOS, Android and other devices , data sources , configuration sources to interact . Loopback version 8.0.0 suffers from an injection vulnerability that allows an attacke...

9.8CVSS7.5AI score0.00615EPSS
Exploits0References1
OSV
OSVadded 2020/12/21 6:15 p.m.1 views

CVE-2020-4988

Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706...

9.8CVSS7.2AI score0.00615EPSS
Exploits0References1
NVD
NVDadded 2020/12/21 6:15 p.m.8 views

CVE-2020-4988

Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706...

9.8CVSS7.8AI score0.00615EPSS
Exploits0References1
Prion
Prionadded 2020/12/21 6:15 p.m.13 views

Design/Logic Flaw

Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706...

7.5CVSS8.8AI score0.00615EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2020/12/21 5:50 p.m.12 views

CVE-2020-4988

Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706...

7.3CVSS9.1AI score0.00615EPSS
Exploits0References1
CVE
CVEadded 2020/12/21 5:50 p.m.35 views

CVE-2020-4988

CVE-2020-4988 affects LoopBack 8.0.0. The linked documents describe a vulnerability that could manipulate or pollute JavaScript values, with potential denial of service or remote code execution, tied to a prototype-pollution style issue in the REST layer. A remediation visible in the sources is t...

9.8CVSS9AI score0.00615EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder