Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.
6.6AI Score
0.001EPSS
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
9.8CVSS
9.5AI Score
0.005EPSS
Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.
6.1CVSS
6AI Score
0.002EPSS
Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes.
9.8CVSS
9.4AI Score
0.015EPSS
7.5CVSS
7.5AI Score
0.002EPSS
7.5CVSS
7.5AI Score
0.002EPSS
7.2CVSS
7.2AI Score
0.001EPSS
Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup.
7.2CVSS
7.2AI Score
0.001EPSS
Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.
9.8CVSS
9.4AI Score
0.003EPSS
Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.
7.5CVSS
7.4AI Score
0.001EPSS
Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.
7.5CVSS
7.4AI Score
0.001EPSS
Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.
5.3CVSS
5.3AI Score
0.001EPSS
Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service).
7.5CVSS
7.6AI Score
0.002EPSS
Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2).
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2).
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.
5.3CVSS
5.2AI Score
0.001EPSS
Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.
8.2CVSS
8.2AI Score
0.002EPSS
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.
5.9CVSS
5.7AI Score
0.002EPSS
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
8.2CVSS
8.1AI Score
0.002EPSS
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.
7.5CVSS
7.5AI Score
0.002EPSS
Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort.
7.5CVSS
7.5AI Score
0.001EPSS
Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.
7.5CVSS
7.5AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.0005EPSS