Lucene search

Infinity Security Vulnerabilities

cve

CVE-2023-31289

Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an...

7.5CVSS

7.5AI Score

0.001EPSS

2023-12-25 06:15 AM

cve

CVE-2023-37225

Pexip Infinity before 32 allows Webapp1 XSS via preconfigured...

6.1CVSS

5.9AI Score

0.0005EPSS

2023-12-25 06:15 AM

cve

CVE-2023-31455

Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an...

7.5CVSS

7.5AI Score

0.001EPSS

2023-12-25 06:15 AM

cve

CVE-2023-26465

Pega Platform versions 7.2 to 8.8.1 are affected by an XSS...

6.1CVSS

7.3AI Score

0.001EPSS

2023-06-09 09:15 PM

cve

CVE-2022-26080

Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode...

6.3CVSS

4.8AI Score

0.001EPSS

2023-03-16 01:15 PM

cve

CVE-2022-1607

Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4...

8.8CVSS

8.6AI Score

0.001EPSS

2023-02-24 05:15 AM

cve

CVE-2022-35656

Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings...

4.5CVSS

4.7AI Score

0.0005EPSS

2022-08-22 03:15 PM

cve

CVE-2022-35654

Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect...

6.1CVSS

6AI Score

0.001EPSS

2022-08-22 03:15 PM

cve

CVE-2022-35655

Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage...

6.1CVSS

5.9AI Score

0.001EPSS

2022-08-22 03:15 PM

cve

CVE-2022-24083

Password authentication bypass vulnerability for local accounts can be used to bypass local authentication...

9.8CVSS

9.2AI Score

0.002EPSS

2022-07-25 05:15 PM

cve

CVE-2022-24082

If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on....

9.8CVSS

9.4AI Score

0.016EPSS

2022-07-19 03:15 PM

cve

CVE-2022-29286

Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource...

7.5CVSS

7.5AI Score

0.002EPSS

2022-07-17 10:15 PM

cve

CVE-2022-32263

Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via...

7.5CVSS

7.5AI Score

0.002EPSS

2022-07-17 10:15 PM

cve

CVE-2022-27930

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is...

5.9CVSS

5.7AI Score

0.002EPSS

2022-07-17 09:15 PM

cve

CVE-2022-27932

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch...

7.5CVSS

7.5AI Score

0.002EPSS

2022-07-17 09:15 PM

cve

CVE-2022-27935

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic...

7.5CVSS

7.5AI Score

0.002EPSS

2022-07-17 09:15 PM

cve

CVE-2022-26655

Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into...

7.5CVSS

7.5AI Score

0.002EPSS

2022-07-17 09:15 PM

510

cve

CVE-2022-26657

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch...

7.5CVSS

7.5AI Score

0.002EPSS

2022-07-17 09:15 PM

cve

CVE-2022-27937

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via...

7.5CVSS

7.5AI Score

0.002EPSS

2022-07-17 09:15 PM

cve

CVE-2022-25357

Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a...

5.3CVSS

5.2AI Score

0.001EPSS

2022-07-17 09:15 PM

cve

CVE-2022-27931

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation...

7.5CVSS

7.5AI Score

0.002EPSS

2022-07-17 09:15 PM

cve

CVE-2022-27933

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch...

8.2CVSS

8.1AI Score

0.002EPSS

2022-07-17 09:15 PM

cve

CVE-2022-26654

Pexip Infinity before 27.3 allows remote attackers to force a software abort via...

7.5CVSS

7.5AI Score

0.002EPSS

2022-07-17 09:15 PM

cve

CVE-2022-27928

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation...

7.5CVSS

7.5AI Score

0.002EPSS

2022-07-17 09:15 PM

cve

CVE-2022-27934

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via...

7.5CVSS

7.5AI Score

0.002EPSS

2022-07-17 09:15 PM

cve

CVE-2022-26656

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch...

8.2CVSS

8.2AI Score

0.002EPSS

2022-07-17 09:15 PM

cve

CVE-2022-27929

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via...

7.5CVSS

7.5AI Score

0.002EPSS

2022-07-17 09:15 PM

cve

CVE-2022-27936

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via...

7.5CVSS

7.5AI Score

0.002EPSS

2022-07-17 09:15 PM

cve

CVE-2022-23228

Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of...

7.5CVSS

7.5AI Score

0.002EPSS

2022-02-18 10:15 PM

cve

CVE-2021-29656

Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly...

9.8CVSS

9.4AI Score

0.001EPSS

2022-02-18 10:15 PM

cve

CVE-2021-29655

Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may...

9.8CVSS

9.5AI Score

0.002EPSS

2022-02-18 10:15 PM

cve

CVE-2021-27654

Forgotten password reset functionality for local accounts can be used to bypass local authentication...

7.8CVSS

7.8AI Score

0.0004EPSS

2022-01-28 08:15 PM

cve

CVE-2021-42555

Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input...

7.5CVSS

7.5AI Score

0.002EPSS

2022-01-15 05:15 PM

cve

CVE-2021-35969

Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input...

7.5CVSS

7.5AI Score

0.002EPSS

2022-01-15 05:15 PM

cve

CVE-2021-33499

Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of...

7.5CVSS

7.5AI Score

0.002EPSS

2022-01-15 05:15 PM

cve

CVE-2021-33498

Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of...

7.5CVSS

7.5AI Score

0.002EPSS

2022-01-15 05:15 PM

cve

CVE-2021-32545

Pexip Infinity before 26 allows remote denial of service because of missing RTMP input...

7.5CVSS

7.5AI Score

0.002EPSS

2022-01-15 05:15 PM

cve

CVE-2021-31925

Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web...

7.5CVSS

7.5AI Score

0.002EPSS

2021-07-07 03:15 PM

cve

CVE-2020-25868

Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of...

7.5CVSS

7.6AI Score

0.002EPSS

2021-07-07 02:15 PM

cve

CVE-2021-27651

In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication...

9.8CVSS

9.4AI Score

0.068EPSS

2021-04-29 03:15 PM

cve

CVE-2021-27653

Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data...

6.6CVSS

5AI Score

0.001EPSS

2021-04-01 07:15 PM

cve

CVE-2020-24615

Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via...

5.3CVSS

5.3AI Score

0.001EPSS

2020-09-25 04:23 AM

cve

CVE-2019-7177

Pexip Infinity before 20.1 allows Code Injection onto nodes via an...

7.2CVSS

7.2AI Score

0.001EPSS

2020-09-25 04:23 AM

cve

CVE-2020-13387

Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via...

7.5CVSS

7.4AI Score

0.001EPSS

2020-09-25 04:23 AM

cve

CVE-2020-11805

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via...

9.8CVSS

9.4AI Score

0.003EPSS

2020-09-25 04:23 AM

cve

CVE-2019-7178

Pexip Infinity before 20.1 allows privilege escalation by restoring a system...

7.2CVSS

7.2AI Score

0.001EPSS

2020-09-25 04:23 AM

cve

CVE-2018-10585

Pexip Infinity before 18 allows remote Denial of Service (XML...

7.5CVSS

7.5AI Score

0.002EPSS

2020-09-25 04:23 AM

cve

CVE-2018-10432

Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in...

7.5CVSS

7.5AI Score

0.002EPSS

2020-09-25 04:23 AM

cve

CVE-2020-12824

Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via...

7.5CVSS

7.4AI Score

0.001EPSS

2020-09-25 04:23 AM

cve

CVE-2017-17477

Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface...

6.1CVSS

6AI Score

0.002EPSS

2020-09-25 04:23 AM

Total number of security vulnerabilities65