Janus Security Vulnerabilities and Issues — Janus CVE List

Lucene search

MeetechoJanus

13 matches found

CVE•added 2020/03/14 8:15 p.m.•127 views

CVE-2020-10573

An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge.

7.5CVSS7.5AI score0.00335EPSS

CVE•added 2020/03/14 8:15 p.m.•117 views

CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation.

9.8CVSS9.3AI score0.00418EPSS

CVE•added 2020/03/14 8:15 p.m.•114 views

CVE-2020-10576

An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash.

5.9CVSS5.6AI score0.00259EPSS

CVE•added 2020/03/14 8:15 p.m.•112 views

CVE-2020-10575

An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times.

4.2CVSS4.4AI score0.00254EPSS

CVE•added 2020/03/14 8:15 p.m.•111 views

CVE-2020-10577

An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions.

5.8CVSS5AI score0.00254EPSS

CVE•added 2020/06/10 10:15 p.m.•50 views

CVE-2020-13901

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge in sdp.c has a stack-based buffer overflow.

9.8CVSS9.5AI score0.00703EPSS

CVE•added 2020/06/10 10:15 p.m.•48 views

CVE-2020-13898

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference.

7.5CVSS7.5AI score0.0065EPSS

CVE•added 2020/06/10 10:15 p.m.•48 views

CVE-2020-13899

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory.

7.5CVSS7.3AI score0.00452EPSS

CVE•added 2020/06/10 10:15 p.m.•44 views

CVE-2020-13900

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference.

7.5CVSS7.5AI score0.0065EPSS

CVE•added 2020/06/15 5:15 p.m.•43 views

CVE-2020-14034

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_get_codec_from_pt in utils.c has a Buffer Overflow via long value in an SDP Offer packet.

9.8CVSS9.4AI score0.00717EPSS

CVE•added 2021/12/16 2:15 p.m.•43 views

CVE-2021-4124

janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

8.1CVSS6.5AI score0.0029EPSS

CVE•added 2021/11/27 10:15 a.m.•40 views

CVE-2021-4020

janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

8.8CVSS5.8AI score0.00318EPSS

CVE•added 2020/06/15 5:15 p.m.•39 views

CVE-2020-14033

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_streaming_rtsp_parse_sdp in plugins/janus_streaming.c has a Buffer Overflow via a crafted RTSP server.

9.8CVSS9.2AI score0.00775EPSS