13 matches found
CVE-2020-10573
CVE-2020-10573 : Janus up to version 0.9.1 has a flaw in janus_audiobridge.c causing a double mutex unlock when listing private rooms in AudioBridge. This symptom is consistently reported across multiple sources (NVD, Red Hat, OSV, etc.). The provided documents do not specify the impact details, ...
CVE-2020-10574
Mode C: Concrete details found. The CVE-2020-10574 issue affects Meetecho Janus WebRTC gateway (up to version 0.9.1) where janus.c attempts to use a string that does not exist during a query_logger Admin API request, caused by a typo in the JSON validation. This is the described root cause. The p...
CVE-2020-10576
CVE-2020-10576 affects Meetecho Janus WebRTC Server up to version 0.9.1. The vulnerability is a race condition in plugins/janus_voicemail.c (VoiceMail plugin) that can cause the server to crash. The issue is documented across multiple sources (NVD, Red Hat, CNVD, OSV, UBUNTU, Debian, etc.). The a...
CVE-2020-10575
CVE-2020-10575 affects the Janus WebRTC server (VideoCall plugin) up to version 0.9.1. The issue is a race condition in plugins/janus_videocall.c that mishandles session management, causing references to be freed too early or too many times. This is stated consistently across sources including Re...
CVE-2020-10577
Technical details about CVE-2020-10577 are not provided in the supplied documents. Monitor for updates from vendors and security trackers.
CVE-2020-13901
The CVE-2020-13901 entry concerns janus-gateway (Janus WebRTC Server) up to version 0.10.0, where the function janus_sdp_merge in sdp.c contains a stack-based buffer overflow. The connected documents provide concrete technical details on the affected component and root cause. They do not supply a...
CVE-2020-13898
CVE-2020-13898 affects janus-gateway (Janus WebRTC Server) up to v0.10.0. The vulnerability is a NULL pointer dereference in janus_sdp_process (sdp.c). This implies potential crash or denial of service on handling SDP, with no public exploit details provided in the supplied documents. Connected s...
CVE-2020-13899
CVE-2020-13899 affects janus-gateway (Janus WebRTC Server) up to version 0.10.0. The vulnerability is in janus_process_incoming_request (janus.c), which discloses information from uninitialized stack memory. This constitutes an information disclosure issue with potential partial confidentiality i...
CVE-2021-4124
CVE-2021-4124 affects janus-gateway and is described as an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting). Public references in the provided documents confirm the issue and identify janus-gateway as the vulnerable component, with the root cause being input hand...
CVE-2020-14034
CVE-2020-14034 affects janus-gateway (Janus WebRTC Server) up to version 0.10.0. The vulnerability is a buffer overflow in the function janus_get_codec_from_pt within utils.c triggered by a long value in an SDP Offer, leading to potential crash or arbitrary code execution. Multiple connected sour...
CVE-2020-13900
CVE-2020-13900 affects janus-gateway (Janus WebRTC Server) up to version 0.10.0. The issue is in the function janus_sdp_preparse (sdp.c), where a NULL pointer dereference is possible. This can lead to a crash, per the CVE description. The connected documents confirm the vulnerable component and l...
CVE-2020-14033
janus-gateway (Janus WebRTC Server)
CVE-2021-4020
CVE-2021-4020 affects janus-gateway and is described across multiple sources as a Cross-site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. The connected documents consistently identify janus-gateway as the vulnerable component; root cause is ...