Vulnerabilities > Coturn Project

DATE CVE VULNERABILITY TITLE RISK
2021-01-13 CVE-2020-26262 Confused Deputy vulnerability in multiple products
Coturn is free open source implementation of TURN and STUN Server.
network
low complexity
coturn-project fedoraproject CWE-441
7.2
2020-06-29 CVE-2020-4067 Improper Initialization vulnerability in multiple products
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly.
7.5
2020-02-19 CVE-2020-6062 NULL Pointer Dereference vulnerability in multiple products
An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests.
7.5
2020-02-19 CVE-2020-6061 Out-of-bounds Read vulnerability in multiple products
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests.
network
low complexity
coturn-project fedoraproject debian canonical CWE-125
critical
9.8
2019-03-21 CVE-2018-4059 Missing Authorization vulnerability in Coturn Project Coturn
An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9.
network
low complexity
coturn-project CWE-862
critical
10.0
2019-03-21 CVE-2018-4058 Unspecified vulnerability in Coturn Project Coturn
An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9.
network
low complexity
coturn-project
4.0
2019-02-05 CVE-2018-4056 SQL Injection vulnerability in multiple products
An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9.
network
low complexity
coturn-project debian CWE-89
7.5