Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/22 1:9 p.m.6 views

CVE-2026-43994

A flaw was found in Coturn, an open-source TURN and STUN server. A remote attacker can exploit a stack buffer overflow vulnerability by providing a specially crafted OAuth access token when the server is configured to use --oauth mode. This could lead to arbitrary code execution RCE, allowing the...

9.8CVSS6.8AI score0.0045EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/20 2:30 a.m.10 views

SUSE CVE-2026-43994

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

9.8CVSS6.1AI score0.0045EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/18 7:44 p.m.20 views

CVE-2026-43994 Coturn: Stack buffer overflow in decode_oauth_token_gcm()

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

8.1CVSS0.0045EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 7:44 p.m.6 views

CVE-2026-43994

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

8.1CVSS5.7AI score0.0045EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/18 7:44 p.m.21 views

CVE-2026-43994

CVE-2026-43994 affects coturn before 4.10.0: a stack buffer overflow in decode_oauth_token_gcm() occurs when parsing an attacker-supplied OAuth token’s nonce_len, which is copied directly to a 256-byte stack buffer without bounds checking. Up to 735 bytes of attacker-controlled data may be writte...

9.8CVSS5.6AI score0.0045EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50787

Name of the Vulnerable Software and Affected Versions Coturn versions prior to 4.10.0 Description A stack buffer overflow exists in the decode oauth token gcm function. A nonce len field, read from an attacker-supplied OAuth access token, is passed to memcpy as the copy length into a 256-byte sta...

9.8CVSS6.7AI score0.0045EPSS
Exploits1References13
Cvelist
Cvelist
added 2026/03/11 8:42 p.m.27 views

CVE-2026-32112 ha-mcp has XSS via Unescaped HTML in OAuth Consent Form

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL could execute...

6.8CVSS0.00181EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24838

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL could execute...

6.8CVSS5.8AI score0.00181EPSS
Exploits0References4
Rows per page
Query Builder