IDCVSSSummaryLast (major) updatePublished
CVE-2018-4056 7.5
An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which cou
20-02-2019 - 18:46 05-02-2019 - 18:29
CVE-2018-4058 4.0
An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide acc
27-03-2019 - 16:57 21-03-2019 - 16:00
CVE-2018-4059 10.0
An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide admin
27-03-2019 - 16:22 21-03-2019 - 16:00
CVE-2020-4067 5.0
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligent
29-06-2020 - 20:38 29-06-2020 - 20:15
CVE-2020-6061 7.5
An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trig
19-02-2020 - 19:29 19-02-2020 - 19:15
CVE-2020-6062 5.0
An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigge
19-02-2020 - 19:29 19-02-2020 - 19:15
Back to Top Mark selected
Back to Top