Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Janus Security Vulnerabilities - November

cve
cve

CVE-2020-10573

An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge.

7.5CVSS

7.5AI Score

0.001EPSS

2020-03-14 08:15 PM
115
cve
cve

CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation.

9.8CVSS

9.3AI Score

0.002EPSS

2020-03-14 08:15 PM
106
cve
cve

CVE-2020-10575

An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times.

4.2CVSS

4.4AI Score

0.001EPSS

2020-03-14 08:15 PM
101
cve
cve

CVE-2020-10576

An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash.

5.9CVSS

5.6AI Score

0.001EPSS

2020-03-14 08:15 PM
104
cve
cve

CVE-2020-10577

An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions.

4.8CVSS

5AI Score

0.001EPSS

2020-03-14 08:15 PM
101
cve
cve

CVE-2020-13898

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference.

7.5CVSS

7.5AI Score

0.003EPSS

2020-06-10 10:15 PM
34
3
cve
cve

CVE-2020-13899

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory.

7.5CVSS

7.3AI Score

0.003EPSS

2020-06-10 10:15 PM
38
3
cve
cve

CVE-2020-13900

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference.

7.5CVSS

7.5AI Score

0.003EPSS

2020-06-10 10:15 PM
31
3
cve
cve

CVE-2020-13901

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge in sdp.c has a stack-based buffer overflow.

9.8CVSS

9.5AI Score

0.005EPSS

2020-06-10 10:15 PM
36
3
cve
cve

CVE-2020-14033

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_streaming_rtsp_parse_sdp in plugins/janus_streaming.c has a Buffer Overflow via a crafted RTSP server.

9.8CVSS

9.2AI Score

0.003EPSS

2020-06-15 05:15 PM
29
cve
cve

CVE-2020-14034

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_get_codec_from_pt in utils.c has a Buffer Overflow via long value in an SDP Offer packet.

9.8CVSS

9.4AI Score

0.003EPSS

2020-06-15 05:15 PM
33
cve
cve

CVE-2021-4020

janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.4CVSS

5.4AI Score

0.001EPSS

2021-11-27 10:15 AM
31
cve
cve

CVE-2021-4124

janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1CVSS

6.2AI Score

0.001EPSS

2021-12-16 02:15 PM
29