Lucene search
K

271 matches found

OSV
OSV
added 2021/01/12 12:0 a.m.16 views

DLA-2522-1 coturn - security update

Bulletin has no description...

7.2CVSS6.9AI score0.01318EPSS
Exploits3
OpenVAS
OpenVAS
added 2021/01/12 12:0 a.m.14 views

Debian: Security Advisory (DSA-4829-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS7AI score0.01318EPSS
Exploits3References4
ArchLinux
ArchLinux
added 2021/01/12 12:0 a.m.122 views

[ASA-202101-21] coturn: insufficient validation

Arch Linux Security Advisory ASA-202101-21 ========================================== Severity: High Date : 2021-01-12 CVE-ID : CVE-2020-26262 Package : coturn Type : insufficient validation Remote : Yes Link : https://security.archlinux.org/AVG-1430 Summary ======= The package coturn before...

7.2CVSS1.2AI score0.01318EPSS
Exploits3References11
Tenable Nessus
Tenable Nessus
added 2021/01/12 12:0 a.m.31 views

Debian DSA-4829-1 : coturn - security update

A flaw was discovered in coturn, a TURN and STUN server for VoIP. By default coturn does not allow peers on the loopback addresses 127.x.x.x and ::1. A remote attacker can bypass the protection via a specially crafted request using a peer address of '0.0.0.0' and trick coturn in relaying to the...

7.2CVSS7.3AI score0.01318EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2021/01/12 12:0 a.m.26 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : coTURN vulnerability (USN-4690-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4690-1 advisory. It was discovered that coTURN allowed peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. A malicious user...

7.2CVSS7.2AI score0.01318EPSS
Exploits3References2
OSV
OSV
added 2021/01/11 9:19 p.m.4 views

USN-4690-1 coturn vulnerability

It was discovered that coTURN allowed peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. A malicious user could use this vulnerability to insert packages into the loopback interface...

7.2CVSS7AI score0.01318EPSS
Exploits3References2
Ubuntu
Ubuntu
added 2021/01/11 9:19 p.m.113 views

USN-4690-1: coTURN vulnerability

It was discovered that coTURN allowed peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. A malicious user could use this vulnerability to insert packages into the loopback interface...

7.2CVSS7.2AI score0.01318EPSS
Exploits3
Veracode
Veracode
added 2021/01/11 8:53 p.m.15 views

Authorization Bypass

coturn is vulnerable to authorization bypass. An attacker is able to bypass validation to connect and relay packets to the loopback address...

7.2CVSS3.4AI score0.01318EPSS
Exploits3References9Affected Software4
Debian
Debian
added 2021/01/11 1:57 p.m.51 views

[SECURITY] [DSA 4829-1] coturn security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4829-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 11, 2021 https://www.debian.org/security/faq -...

7.2CVSS7.1AI score0.01318EPSS
Exploits3
Debian
Debian
added 2021/01/11 1:57 p.m.31 views

[SECURITY] [DSA 4829-1] coturn security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4829-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 11, 2021 https://www.debian.org/security/faq -...

6.4CVSS2AI score0.01318EPSS
Exploits3
UbuntuCve
UbuntuCve
added 2021/01/11 12:0 a.m.21 views

CVE-2020-26262

Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. However, it was observed that when sending a CONNECT request with the XOR-PEER-ADDRESS value...

7.2CVSS6.9AI score0.01318EPSS
Exploits3References3
OSV
OSV
added 2021/01/11 12:0 a.m.21 views

DSA-4829-1 coturn - security update

Bulletin has no description...

7.2CVSS6.9AI score0.01318EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/01/11 12:0 a.m.367 views

Coturn 4.5.1.x Access Control Bypass

Loopback access control bypass in coturn by using 0.0.0.0, ::1 or :: as the peer address - Fixed version: 4.5.2 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-01-coturn-access-control-bypass - Coturn Security Advisory:...

0.6AI score0.01318EPSS
Exploits3
0day.today
0day.today
added 2021/01/11 12:0 a.m.71 views

Coturn 4.5.1.x Access Control Bypass Vulnerability

Coturn 4.5.1.x Access Control Bypass Vulnerability Loopback access control bypass in coturn by using 0.0.0.0, ::1 or :: as the peer address - Fixed version: 4.5.2 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-01-coturn-access-control-bypass - Coturn...

7.2CVSS7.1AI score0.01318EPSS
Exploits3
OSV
OSV
added 2021/01/11 12:0 a.m.5 views

UBUNTU-CVE-2020-26262

Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. However, it was observed that when sending a CONNECT request with the XOR-PEER-ADDRESS value...

7.2CVSS7AI score0.01318EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 2020/10/01 12:0 a.m.3 views

PT-2020-5861

Name of the Vulnerable Software and Affected Versions: Coturn versions prior to 4.5.2 Description: The issue is related to incorrect input validation in Coturn, a free open source implementation of TURN and STUN Server. By sending a CONNECT request with the XOR-PEER-ADDRESS value of 0.0.0.0, a...

9.8CVSS5.2AI score0.05116EPSS
Exploits4References38
BDU FSTEC
BDU FSTEC
added 2020/08/19 12:0 a.m.6 views

The vulnerability of the Coturn web server, related to the swapping of the zero pointer, allows attackers to trigger a service failure.

The vulnerability of the Coturn web server is related to the handling of the zero pointer. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS6.7AI score0.06102EPSS
Exploits1References8Affected Software4
BDU FSTEC
BDU FSTEC
added 2020/08/19 12:0 a.m.9 views

The vulnerability of the Coturn web server involves an operation that goes beyond the allowed buffer data limits. This allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Coturn web server is related to the execution of operations that exceed the allowable buffer data limits. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

10CVSS7.5AI score0.05116EPSS
Exploits1References8Affected Software4
BDU FSTEC
BDU FSTEC
added 2020/08/19 12:0 a.m.8 views

The vulnerability of the STUN/TURN response buffer in the Coturn web server allows a attacker to access confidential data.

The vulnerability of the STUN/TURN response buffer in the Coturn web server is related to initialization errors. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...

7.8CVSS7.3AI score0.01898EPSS
Exploits0References8Affected Software5
Veracode
Veracode
added 2020/08/06 9:33 p.m.23 views

Information Disclosure

coturn is vulnerable to information disclosure. The STUN/TURN response buffer is not initialized properly and causes a leak of information between different client connections. An attacker is able to use their connection to intelligently query coturn to get interesting bytes in the padding bytes...

7.5CVSS2.8AI score0.01898EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder