Lucene search
+L

103 matches found

cvelist
cvelist
added 2021/06/11 8:50 p.m.22 views

CVE-2021-21382 Unsafe loopback forwarding interface in Restund

Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration that we ship...

8.6CVSS9.4AI score0.01469EPSS
Exploits1References7
cnnvd
cnnvd
added 2021/06/11 12:0 a.m.39 views

Restund 安全漏洞

Restund is an open source network traversal server. A security vulnerability exists in Restund that stems from Restund is an open source NAT traversal server that can be instructed to return a TURN server to open a relay to a range of loopback addresses, which allows you to access any other servi...

9.6CVSS7.1AI score0.01469EPSS
Exploits4References7
ptsecurity
ptsecurity
added 2021/06/11 12:0 a.m.6 views

PT-2021-4479 · Restund · Restund

Name of the Vulnerable Software and Affected Versions: Restund affected versions not specified Description: The issue is related to the Restund TURN server, which can be instructed to open a relay to the loopback address range, potentially exposing private services running on localhost. An attack...

9.6CVSS6.8AI score0.01469EPSS
Exploits4References10
hackerone
hackerone
added 2021/05/13 1:16 p.m.17 views

Nextcloud: Talk discloses turn server to anybody

The attack is straight forward. 1. send a request to bash curl -H 'OCS-APIREQUEST: true' https://server/ocs/v2.php/apps/spreed/api/v2/signaling/settings And you get back a lot of information. signaling server stun server turn server inc credentials The stun server is harmless enough. I did not lo...

6.9AI score
Exploits0
fedora
fedora
added 2021/01/20 1:33 a.m.57 views

[SECURITY] Fedora 33 Update: coturn-4.5.2-1.fc33

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gat eway. It can be used as a general-purpose network traffic TURN server/gateway, to o. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relayin...

7.2CVSS0.8AI score0.01318EPSS
Exploits3
nessus
nessus
added 2021/01/20 12:0 a.m.33 views

Fedora 32 : coturn (2021-32d0068851)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-32d0068851 advisory. - Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and rela...

7.2CVSS7.2AI score0.01318EPSS
Exploits3References2
cvelist
cvelist
added 2021/01/13 6:15 p.m.50 views

CVE-2020-26262 Loopback bypass in Coturn

Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. However, it was observed that when sending a CONNECT request with the XOR-PEER-ADDRESS value...

7.2CVSS6.8AI score0.01318EPSS
Exploits3References5
cnnvd
cnnvd
added 2021/01/11 12:0 a.m.10 views

CoTURN Authorization Issues Vulnerability

CoTURN is an open source implementation of TURN VoIP Media Services NAT Traversal Server and Gateway and STUN Simple Traversal of Network Address Translator for User Datagram Protocol Server. Coturn suffers from an Authorization Problem vulnerability that can be exploited by an attacker to bypass...

7.2CVSS7.1AI score0.01318EPSS
Exploits3References11
cnvd
cnvd
added 2020/11/19 12:0 a.m.6 views

Cisco Expressway Software Information Disclosure Vulnerability

Cisco Expressway is a powerful gateway solution that gives users outside your firewall simple, highly secure access to all collaborative work. An information disclosure vulnerability exists in the TURN server component in Cisco Expressway Software versions prior to X12.6.3. The vulnerability stem...

6.5CVSS6.3AI score0.01361EPSS
Exploits0References1
nvd
nvd
added 2020/11/18 7:15 p.m.23 views

CVE-2020-3482

A vulnerability in the Traversal Using Relays around NAT TURN server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific...

6.5CVSS6.7AI score0.01361EPSS
Exploits0References1
osv
osv
added 2020/11/18 7:15 p.m.6 views

CVE-2020-3482

A vulnerability in the Traversal Using Relays around NAT TURN server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific...

6.5CVSS6.6AI score0.01361EPSS
Exploits0References1
prion
prion
added 2020/11/18 7:15 p.m.20 views

Design/Logic Flaw

A vulnerability in the Traversal Using Relays around NAT TURN server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific...

6.4CVSS6.7AI score0.01361EPSS
Exploits0References1Affected Software2
vulnrichment
vulnrichment
added 2020/11/18 5:41 p.m.8 views

CVE-2020-3482 Cisco Expressway Software Unauthorized Access Information Disclosure Vulnerability

A vulnerability in the Traversal Using Relays around NAT TURN server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific...

6.5CVSS7.2AI score0.01361EPSS
Exploits0References1
cve
cve
added 2020/11/18 5:41 p.m.81 views

CVE-2020-3482

CVE-2020-3482 affects Cisco Expressway’s TURN server component. The issue arises from improper validation of specific connection information, allowing an unauthenticated, remote attacker to bypass security controls and send traffic to destinations beyond the application. Impact could be unauthori...

6.5CVSS6.7AI score0.01361EPSS
Exploits0References1Affected Software2
cnnvd
cnnvd
added 2020/11/18 12:0 a.m.8 views

Cisco Expressway Series 访问控制错误漏洞

Cisco Expressway is a powerful gateway solution that gives users outside your firewall simple, highly secure access to all collaborative work. An information disclosure vulnerability exists in the TURN server component in Cisco Expressway Software versions prior to X12.6.3. The vulnerability stem...

6.5CVSS6.6AI score0.01361EPSS
Exploits0References3
osv
osv
added 2020/09/25 4:23 a.m.3 views

CVE-2020-11805

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN...

9.8CVSS7.3AI score0.01422EPSS
Exploits0References1
prion
prion
added 2020/09/25 4:23 a.m.12 views

Design/Logic Flaw

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN...

9.3CVSS9.4AI score0.01422EPSS
Exploits0References1Affected Software2
cvelist
cvelist
added 2020/09/25 3:31 a.m.22 views

CVE-2020-11805

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN...

9.6AI score0.01422EPSS
Exploits0References1
cve
cve
added 2020/09/25 3:31 a.m.55 views

CVE-2020-11805

Technical details of CVE-2020-11805 are not publicly provided in the connected documents. Monitor for updates from vendors and security advisories.

9.8CVSS9.4AI score0.01422EPSS
Exploits0References1Affected Software2
cnvd
cnvd
added 2020/09/03 12:0 a.m.6 views

Cisco Meetings App Authorization Issues Vulnerability

Cisco Meetings App is a video conferencing application from Cisco USA. An authorization issue vulnerability exists in the API subsystem in Cisco Meetings App, which stems from a flaw in the protection mechanism for TURN server credentials. A remote attacker can exploit this vulnerability by...

5.3CVSS6.6AI score0.00991EPSS
Exploits0References1
Rows per page
Query Builder