Lucene search
+L

698 matches found

CVE
CVE
added 2020/03/14 7:7 p.m.126 views

CVE-2020-10577

Technical details about CVE-2020-10577 are not provided in the supplied documents. Monitor for updates from vendors and security trackers.

5.8CVSS5AI score0.00464EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/03/14 7:7 p.m.28 views

CVE-2020-10577

An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions...

5AI score0.00464EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2020/03/14 7:7 p.m.23 views

CVE-2020-10577

An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions...

5.8CVSS5AI score0.00464EPSS
Exploits0
CVE
CVE
added 2020/03/14 7:6 p.m.127 views

CVE-2020-10575

CVE-2020-10575 affects the Janus WebRTC server (VideoCall plugin) up to version 0.9.1. The issue is a race condition in plugins/janus_videocall.c that mishandles session management, causing references to be freed too early or too many times. This is stated consistently across sources including Re...

4.2CVSS4.4AI score0.00466EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/03/14 7:6 p.m.23 views

CVE-2020-10575

An issue was discovered in Janus through 0.9.1. plugins/janusvideocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times...

4.3AI score0.00466EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2020/03/14 7:6 p.m.25 views

CVE-2020-10575

An issue was discovered in Janus through 0.9.1. plugins/janusvideocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times...

4.2CVSS4.3AI score0.00466EPSS
Exploits0
ossfuzz
ossfuzz
added 2020/02/05 4:50 a.m.20 views

janus-gateway:rtcp_fuzzer: Dynamic-stack-buffer-overflow in janus_rtcp_incoming_transport_cc

Project: https://github.com/meetecho/janus-gateway.git Detailed Report: https://oss-fuzz.com/testcase?key=5648598425665536 Project: janus-gateway Fuzzing Engine: afl Fuzz Target: rtcpfuzzer Job Type: aflasanjanus-gateway Platform Id: linux Crash Type: Dynamic-stack-buffer-overflow READ 2 Crash...

6.8AI score
Exploits0Affected Software1
0day.today
0day.today
added 2019/11/09 12:0 a.m.807 views

Android Janus - APK Signature Bypass Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/payload/apk' class MetasploitModule "Android Janus APK Signature bypass", 'Description' = %q This module exploits CVE-2017-13156 in Android to install ...

7.8CVSS7.7AI score0.20089EPSS
Exploits9
ThreatPost
ThreatPost
added 2019/07/10 1:56 p.m.88 views

Agent Smith Malware Infects 25M Android Phones to Push Rogue Ads

Researchers are warning of a new breed of Android malware, dubbed “Agent Smith,” that they claim has infected 25 million handsets in order to replace legitimate apps with doppelgangers that display rogue ads. The malware is tied to a China-based firm, according to Check Point researchers, and is...

0.8AI score
Exploits0References4
Hacker One
Hacker One
added 2019/04/08 9:20 a.m.70 views

Slack: Slack DTLS uses a private key that is in the public domain, which may lead to SRTP stream hijack

Affects: Janus DTLS certificate Description The Janus server in use by Slack is configured using a certificate and private key that were previously distributed by default. This certificate is used to authenticate the DTLS connection which is later used to exchange keys for the SRTP stream. As a...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2017/12/11 12:0 a.m.112 views

New Android vulnerability allows attackers to modify apps without affecting their signatures(CVE-2017-13156)

A serious vulnerability CVE-2017-13156 in Android allows attackers to modify the code in applications without affecting their signatures. The root of the problem is that a file can be a valid APK file and a valid DEX file at the same time. We have named it the Janus vulnerability, after the Roman...

7.2CVSS7.9AI score0.20089EPSS
Exploits9
The Hacker News
The Hacker News
added 2017/12/10 10:45 p.m.51 views

THN Weekly Roundup — Top 10 Stories You Should Not Miss

Here we are with our weekly roundup, briefing this week's top cybersecurity threats, incidents, and challenges, just in case you missed any of them. Last week has been very short with big news from the theft of over 4,700 Bitcoins from the largest cryptocurrency mining marketplace to the discover...

9.3CVSS8.1AI score0.28327EPSS
Exploits0
The Hacker News
The Hacker News
added 2017/12/08 10:30 p.m.200 views

Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures

Millions of Android devices are at serious risk of a newly disclosed critical vulnerability that allows attackers to secretly overwrite legitimate applications installed on your smartphone with their malicious versions. Dubbed Janus, the vulnerability allows attackers to modify the code of Androi...

7.2CVSS7.4AI score0.20089EPSS
Exploits9
ThreatPost
ThreatPost
added 2017/12/08 5:20 p.m.41 views

Android Flaw Allows Attackers to Poison Signed Apps with Malicious Code

Among the four dozen vulnerabilities Google patched this week was a fix for a bug that allowed attackers to inject malicious code into Android apps without affecting an app’s signature verification certificate. The technique allows an attacker to circumvent device anti-malware protection and...

7.2CVSS7.7AI score0.20089EPSS
Exploits9References3
Malwarebytes
Malwarebytes
added 2017/07/14 4:29 p.m.225 views

Keeping up with the Petyas: Demystifying the malware family

Last June 27, there was a huge outbreak of a Petya-esque malware with WannaCry-style infector in the Ukraine. Since there is still confusion about how exactly this malware is linked to the original Petya, we have prepared this small guide on the background of the Petya family. The origin of Petya...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2017/07/07 9:11 a.m.12 views

Decryption Key to Original Petya Ransomware Released

The master key to the original version of the Petya ransomware – not to be confused with the latest and massive Petya/ExPetr outbreak that swept through the Ukraine and parts of Europe last month – has been released, allowing all the victims of previous Petya attacks to unscramble their encrypted...

0.6AI score
Exploits0References4
Malwarebytes
Malwarebytes
added 2017/07/06 5:6 p.m.74 views

The key to old Petya versions has been published by the malware author

As research concluded, the original author of Petya, Janus, was not involved in the latest attacks on Ukraine. His original malware was pirated and extended by an unknown actor read more here. As a result of the recent events, Janus probably decided to shut down the Petya project. Similarly to th...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2017/06/29 3:17 a.m.18 views

Original Author of Petya Ransomware is Back & He Wants to Help NotPetya Victims

The author of original Petya ransomware is back. After 6 months of silence, the author of the now infamous Petya ransomware appeared today on Twitter to help victims unlock their files encrypted by a new version of Petya, also known as NotPetya. "We're back having a look in NotPetya," tweeted...

7.3AI score
Exploits0
Rows per page
Query Builder