Every CVE whose affected-product data names Meetecho Janus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2020-13901 — CVSS 9.8 (critical): An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge in sdp.c has a stack-based buffer…
CVE-2020-10574 — CVSS 9.8 (critical): An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API…
CVE-2020-14034 — CVSS 9.8 (critical): An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_get_codec_from_pt in utils.c has a Buffer Overflow…
CVE-2020-14033 — CVSS 9.8 (critical): An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_streaming_rtsp_parse_sdp in plugins/janus_streaming…
CVE-2020-10573 — CVSS 7.5 (high): An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge.
CVE-2020-13898 — CVSS 7.5 (high): An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer…
CVE-2020-13899 — CVSS 7.5 (high): An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses…
CVE-2020-13900 — CVSS 7.5 (high): An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer…
CVE-2021-4124 — CVSS 6.1 (medium): janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-10576 — CVSS 5.9 (medium): An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a…
CVE-2021-4020 — CVSS 5.4 (medium): janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-10577 — CVSS 4.8 (medium): An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session…
CVE-2020-10575 — CVSS 4.2 (medium): An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a…