Information Disclosure

janus-gateway is vulnerable to information disclosure. The leakage is possible because the function janusprocessincomingrequest in janus.c causes stack memory leak due to lack of proper handling of errorstr on SDP code...

Unspecified Vulnerability in Meetecho Janus (CNVD-2020-34718)

Meetecho Janus is a WebRTC Web Real Time Communication server from Meetecho. An unspecified vulnerability exists in Meetecho Janus. An attacker can exploit this vulnerability to obtain information about uninitialized stack memory...

CVE-2020-13899

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janusprocessincomingrequest in janus.c discloses information from uninitialized stack memory...

CVE-2020-13899

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janusprocessincomingrequest in janus.c discloses information from uninitialized stack memory...

CVE-2020-13899

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janusprocessincomingrequest in janus.c discloses information from uninitialized stack memory...

Stack overflow

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janusprocessincomingrequest in janus.c discloses information from uninitialized stack memory...

CVE-2020-13899

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janusprocessincomingrequest in janus.c discloses information from uninitialized stack memory...

NewStart CGSL CORE 5.04 / MAIN 5.04 : chrony Multiple Vulnerabilities (NS-SA-2020-0027)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has chrony packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service crash via a crafted 1...

Huawei Data Communication: Resource Exhaustion Vulnerability on Several Products (huawei-sa-20171213-02-h323)

There is a resource exhaustion vulnerability on several products. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2020-0110

A flaw was found in the Pressure stall information subsystem. This flaw allows a local attacker with the ability to write to root-owned files to corrupt kernel stack memory. Mitigation As the attacker must have the ability to write to these files, a possible mitigation would be to reduce the acce...

CVE-2020-10060

In updatehubprobe, right after JSON parsing is complete, objects\1 is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an...

Design/Logic Flaw

In updatehubprobe, right after JSON parsing is complete, objects\1 is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an...

CVE-2020-10060 UpdateHub Might Dereference An Uninitialized Pointer

In updatehubprobe, right after JSON parsing is complete, objects\1 is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an...

Security Bulletin: A Security Vulnerability identified in OpenSSL affect Rational Build Forge (CVE-2018-0739)

Summary OpenSSL has security vulnerabilities that allows a remote attacker to exploit the application. Respective security vulnerabilities are discussed in detail in the subsequent sections. Vulnerability Details This section includes the vulnerability details that affects the Rational Build Forg...

tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack...

Denial Of Service (DoS)

apache apr is vulnerable to denial of service. It was found that the aprfnmatch function used an unconstrained recursion when processing patterns with the '' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for...

Information Disclosure

kernel is vulnerable to information disclosure. The cxgbextensionioctl function in drivers/net/cxgb3/cxgb3main.c does not properly initialize a certain structure member, which allows local users to obtain potentially confidential information from kernel stack memory via a CHELSIOGETQSETNUM ioctl...

CVE-2018-21069

An issue was discovered on Samsung mobile devices with N7.x MediaTek chipsets software. There is information disclosure of kernel stack memory in a MediaTek driver. The Samsung ID is SVE-2018-11852 July 2018...

CVE-2018-21069

An issue was discovered on Samsung mobile devices with N7.x MediaTek chipsets software. There is information disclosure of kernel stack memory in a MediaTek driver. The Samsung ID is SVE-2018-11852 July 2018...

Information disclosure

An issue was discovered on Samsung mobile devices with N7.x MediaTek chipsets software. There is information disclosure of kernel stack memory in a MediaTek driver. The Samsung ID is SVE-2018-11852 July 2018...