Search CVE reports


Toggle filters

1 – 7 of 7 results


CVE-2020-26262

Medium priority
Fixed

Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it...

1 affected package

coturn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
coturn Fixed Fixed Fixed
Show less packages

CVE-2020-4067

Medium priority
Fixed

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their...

1 affected package

coturn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
coturn Fixed Fixed Fixed
Show less packages

CVE-2020-6062

Medium priority
Fixed

An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an...

1 affected package

coturn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
coturn Fixed Fixed Fixed
Show less packages

CVE-2020-6061

Medium priority
Fixed

An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to...

1 affected package

coturn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
coturn Fixed Fixed Fixed
Show less packages

CVE-2018-4059

Medium priority
Fixed

An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface....

1 affected package

coturn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
coturn Not affected Fixed Fixed
Show less packages

CVE-2018-4058

Medium priority
Fixed

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host....

1 affected package

coturn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
coturn Not affected Fixed Fixed
Show less packages

CVE-2018-4056

Medium priority
Fixed

An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting...

1 affected package

coturn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
coturn Not affected Fixed Fixed
Show less packages