Pexip Infinity Security Vulnerabilities - 2020

CVE-2015-4719

The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.

CVE-2017-17477

Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.

CVE-2018-10432

Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP).

CVE-2018-10585

Pexip Infinity before 18 allows remote Denial of Service (XML parsing).

CVE-2019-7177

Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin.

CVE-2019-7178

Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup.

CVE-2020-11805

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.

CVE-2020-12824

Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.

CVE-2020-13387

Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.

CVE-2020-24615

Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.