Lucene search
K
PexipPexip Infinity

47 matches found

CVE
CVE
added 2022/07/17 8:18 p.m.540 views

CVE-2022-26655

CVE-2022-26655 affects Pexip Infinity 27.x prior to 27.3, where improper input validation in the client API allows remote attackers to trigger a software abort via a gateway call into Teams. Affected product/component: Pexip Infinity (27.x line). Root cause: input validation flaw in the client AP...

7.5CVSS7.5AI score0.0101EPSS
CVE
CVE
added 2022/02/18 9:50 p.m.105 views

CVE-2022-23228

CVE-2022-23228 affects Pexip Infinity prior to 27.0. The issue is improper WebRTC input validation, enabling an unauthenticated remote attacker to exhaust resources and temporarily cause a denial-of-service condition. The description does not provide any exploitation details beyond this impact, n...

7.5CVSS7.5AI score0.01324EPSS
CVE
CVE
added 2022/07/17 8:37 p.m.74 views

CVE-2022-27929

CVE-2022-27929 affects Pexip Infinity 27.x (27.0–27.2) with a faulty input validation path that allows remote attackers to trigger a software abort via HTTP, causing denial of service. The vulnerability is caused by an input validation error in HTTP handling, as reported across multiple sources (...

7.5CVSS7.5AI score0.0101EPSS
CVE
CVE
added 2022/07/17 8:47 p.m.72 views

CVE-2022-27932

CVE-2022-27932 affects Pexip Infinity prior to 27.3. Remote attackers can trigger a software abort via One Touch Join . The root cause involves the input handling in One Touch Join leading to abort conditions. Impact is a potential denial of service through forced software abort. Affected product...

7.5CVSS7.5AI score0.00981EPSS
CVE
CVE
added 2022/07/17 8:30 p.m.69 views

CVE-2022-26656

CVE-2022-26656 affects Pexip Infinity prior to 27.3. The vulnerability is described across multiple sources as an input validation error in the One Touch Join flow that can allow remote attackers to trigger a software abort and potentially enumerate usernames. Concrete affected product/version: P...

8.2CVSS8.2AI score0.00951EPSS
CVE
CVE
added 2022/07/17 8:14 p.m.67 views

CVE-2022-26654

Pexip Infinity vulnerable before 27.3, where an HTTP-based flaw allows remote attackers to force a software abort. Products affected: Pexip Infinity prior to 27.3 (per CVE-2022-26654). The issue is described as an injection/abort condition triggered via HTTP, with impact stated as a software abor...

7.5CVSS7.5AI score0.00988EPSS
CVE
CVE
added 2022/07/17 8:30 p.m.66 views

CVE-2022-26657

CVE-2022-26657 affects Pexip Infinity prior to 27.3, where an input validation error in One Touch Join allows remote attackers to trigger a software abort, causing denial of service. The issue is documented across multiple feeds (Red Hat, CNVD, NVD) with the same impact. Affected product/version:...

7.5CVSS7.5AI score0.0101EPSS
CVE
CVE
added 2022/07/17 8:11 p.m.65 views

CVE-2022-25357

Affected software: Pexip Infinity (27.x) prior to 27.2. Vulnerability: Improper access control that could allow an attacker to join a conference (call join) even if the meeting is locked but without a PIN. Root cause/unwrap: Access control error enabling joining a locked, PIN-less meeting. Impact...

5.3CVSS5.2AI score0.00562EPSS
CVE
CVE
added 2022/07/17 8:51 p.m.65 views

CVE-2022-27934

CVE-2022-27934 affects Pexip Infinity versions prior to 27.3. A remote attacker can trigger a software abort via HTTP . The issue is described as an input-validation/logic flaw in affected versions. Remediation per PT-2022-18702 is to upgrade to 27.3 or later . If not upgrading, there is no other...

7.5CVSS7.5AI score0.0101EPSS
CVE
CVE
added 2022/07/17 8:58 p.m.65 views

CVE-2022-27936

Summary: CVE-2022-27936 affects Pexip Infinity prior to 27.3, where remote attackers can trigger a software abort via H.323, effectively a denial of service. Affected versions: before 27.3. Impact: remote, unauthenticated trigger leading to a crash (DoS). Remediation: upgrade to version 27.3 or l...

7.5CVSS7.5AI score0.0101EPSS
CVE
CVE
added 2022/07/17 8:49 p.m.64 views

CVE-2022-27933

Pexip Infinity prior to 27.3 is affected. An issue in One Touch Join allows remote attackers to trigger a software abort. The Red Hat/CNVD and PTSecurity entries corroborate a remote-exploitation flaw, with a fix available in version 27.3 or later. The root cause cited in some sources references ...

8.2CVSS8.1AI score0.00924EPSS
CVE
CVE
added 2022/07/17 9:0 p.m.64 views

CVE-2022-27937

CVE-2022-27937 affects Pexip Infinity prior to version 27.3. The vulnerability allows remote attackers to trigger excessive resource consumption via H.264, leading to denial of service (availability impact). The issue is mitigated by upgrading to version 27.3 or later as indicated in security adv...

7.5CVSS7.5AI score0.0101EPSS
CVE
CVE
added 2022/07/17 8:32 p.m.62 views

CVE-2022-27928

CVE-2022-27928 affects Pexip Infinity 27.x prior to 27.3. The vulnerability allows remote attackers to trigger a software abort via the Session Initiation Protocol, leading to potential denial of service. The condition is triggered by SIP handling in affected versions. A fix is indicated for vers...

7.5CVSS7.5AI score0.0101EPSS
CVE
CVE
added 2015/02/03 4:0 p.m.60 views

CVE-2014-8779

CVE-2014-8779 affects Pexip Infinity prior to v8, where non-unique SSH host keys are used across different installations. Root cause: fixed/static host keys embedded in images allow an attacker with network access to impersonate a Pexip Infinity node and perform MITM SSH sessions, potentially cap...

7.1CVSS6.6AI score0.01406EPSS
CVE
CVE
added 2020/09/24 1:13 a.m.60 views

CVE-2015-4719

CVE-2015-4719 affects Pexip Infinity prior to v10, where the client API authentication mechanism allows remote attackers to gain privileges via a crafted request. Documents from NVD/Red Hat/CVE lists repeat this description and identify the impact as privilege escalation with network access and n...

9.8CVSS9.5AI score0.01464EPSS
CVE
CVE
added 2022/07/17 8:41 p.m.60 views

CVE-2022-27930

CVE-2022-27930 affects Pexip Infinity, with versions prior to 27.3 vulnerable to a denial-of-service-style trigger of a software abort via the single-sign-on feature if an arbitrary UUID is guessed. The issue is triggered through SSO and can be exploited remotely. Mitigation: upgrade to version 2...

5.9CVSS5.7AI score0.0083EPSS
CVE
CVE
added 2022/07/17 8:44 p.m.59 views

CVE-2022-27931

CVE-2022-27931 affects Pexip Infinity: versions prior to 27.3 are vulnerable to a remote-triggered software abort via the Session Initiation Protocol. The PT-2022-18699 advisory confirms the affected range and recommends upgrading to 27.3 or later to resolve the issue. Other connected sources des...

7.5CVSS7.5AI score0.0101EPSS
CVE
CVE
added 2022/07/17 9:4 p.m.59 views

CVE-2022-29286

Technical details about CVE-2022-29286 are not publicly available in the provided connected documents. Monitor for updates from vendors/security bulletins for impacted versions, affected components, and remediations.

7.5CVSS7.5AI score0.0101EPSS
CVE
CVE
added 2020/09/25 3:34 a.m.57 views

CVE-2020-13387

The CVE-2020-13387 entry applies to Pexip Infinity prior to version 23.4, where a lack of input validation leads to a temporary denial of service via H.323. The vulnerability is documented across multiple sources (NVD/CNVD), confirming the affected product family and root cause, and indicating th...

7.5CVSS7.4AI score0.01075EPSS
CVE
CVE
added 2022/07/17 8:55 p.m.57 views

CVE-2022-27935

Pexip Infinity before 27.3 is affected. The vulnerability allows remote attackers to trigger a software abort via Epic Telehealth, caused by an input validation issue in the affected versions. Impact is described as a potential denial/abort condition rather than data exfiltration. Remediation: up...

7.5CVSS7.5AI score0.0101EPSS
CVE
CVE
added 2025/04/02 12:0 a.m.56 views

CVE-2025-30080

CVE-2025-30080 affects Pexip Infinity versions 29 through 36.2; impact is a temporary denial of service caused by improper input validation in the signalling component. Exploitation is remote and can trigger a software abort. Red Hat and PT Security references corroborate the issue and point to u...

7.5CVSS7.2AI score0.00515EPSS
CVE
CVE
added 2020/09/25 3:30 a.m.55 views

CVE-2017-17477

CVE-2017-17477 concerns Pexip Infinity prior to 17, where an unauthenticated remote attacker can trigger stored cross-site scripting via the management web interface views. The vulnerability affects the admin-facing web UI and can lead to script execution in a user’s browser. The available connec...

6.1CVSS6AI score0.00841EPSS
CVE
CVE
added 2020/09/25 3:26 a.m.54 views

CVE-2019-7178

CVE-2019-7178 affects Pexip Infinity prior to 20.1, enabling privilege escalation by restoring a system backup. Connected sources confirm the vulnerability text and vendor advisories (Red Hat entry reiterates the same description). The exact root cause, vulnerable components, impacted configurati...

9CVSS7.2AI score0.01521EPSS
CVE
CVE
added 2020/09/25 3:31 a.m.54 views

CVE-2020-11805

Technical details of CVE-2020-11805 are not publicly provided in the connected documents. Monitor for updates from vendors and security advisories.

9.8CVSS9.4AI score0.01422EPSS
CVE
CVE
added 2022/07/17 9:6 p.m.54 views

CVE-2022-32263

CVE-2022-32263 affects Pexip Infinity prior to 28.1. The vulnerability allows remote attackers to trigger a software abort via G.719, impacting availability (CVSS v3.1 base score 7.5, HIGH). Affected component is the Pexip Infinity implementation handling G.719 signaling. According to sources, ve...

7.5CVSS7.5AI score0.00886EPSS
CVE
CVE
added 2020/09/25 3:25 a.m.53 views

CVE-2018-10585

Pexip Infinity before 18 is affected by a remote Denial of Service caused by an XML parsing issue. Multiple connected sources (Red Hat, CNVD, NVD, PRION and CVE records) confirm the vulnerability exists in Pexip Infinity prior to version 18 and describe the impact as DoS via XML parsing. The root...

7.8CVSS7.5AI score0.01403EPSS
CVE
CVE
added 2020/09/25 3:26 a.m.53 views

CVE-2019-7177

CVE-2019-7177 affects Pexip Infinity before 20.1. The vulnerability allows Code Injection onto nodes via an admin interface. The available sources identify the affected product/version and the attack vector as administrative input leading to code execution, but do not provide specific root-cause ...

9CVSS7.2AI score0.0136EPSS
CVE
CVE
added 2020/09/25 3:33 a.m.53 views

CVE-2020-12824

Pexip Infinity 23.x prior to 23.3 is affected by an input-validation error that can cause a temporary software abort via RTP. The issue is documented across multiple sources (NVD and partner advisories) as Improper input validation leading to a transient crash in RTP handling. Affected product: P...

7.5CVSS7.4AI score0.01075EPSS
CVE
CVE
added 2020/09/25 3:38 a.m.52 views

CVE-2020-24615

Summary: CVE-2020-24615 affects Pexip Infinity before version 24.1, due to improper input validation that can cause a temporary denial of service over SIP. Affected software (from provided docs): Pexip Infinity (video conferencing platform); versions prior to 24.1. Root cause (as stated): Imprope...

5.3CVSS5.3AI score0.01037EPSS
CVE
CVE
added 2024/06/10 12:0 a.m.51 views

CVE-2024-33850

CVE-2024-33850 affects Pexip Infinity prior to 34.1. The issue is improper access control for people in a waiting room: they can view the conference roster and perform actions that should be restricted until admission. Documents from multiple sources confirm the affected product/versions and the ...

4.3CVSS6.9AI score0.00213EPSS
CVE
CVE
added 2017/05/02 2:0 p.m.49 views

CVE-2017-6551

CVE-2017-6551 : The provided records indicate that Pexip Infinity, versions prior to 14.2, is affected by a vulnerability in Conferencing Nodes that can be remotely triggered to cause a denial of service (service restart) or to execute arbitrary code. The exact vulnerable component or root cause ...

9.8CVSS9.4AI score0.03522EPSS
CVE
CVE
added 2021/07/07 1:42 p.m.49 views

CVE-2020-25868

CVE-2020-25868 affects Pexip Infinity 22.x through 24.x before 24.2, with an improper input validation flaw in call setup. An unauthenticated remote attacker can trigger a software abort, causing temporary service disruption. Public references in the provided documents confirm the impact and affe...

7.5CVSS7.6AI score0.01328EPSS
CVE
CVE
added 2020/09/25 3:24 a.m.47 views

CVE-2018-10432

CVE-2018-10432 affects Pexip Infinity before version 18, enabling Remote Denial of Service via TLS handshakes in RTMP. Multiple sources (NVD, Red Hat, CNVD) corroborate the vuln and that it exists in versions prior to 18. Exploitation details are not provided in the documents; remediation implied...

7.8CVSS7.5AI score0.01403EPSS
CVE
CVE
added 2025/04/02 12:0 a.m.46 views

CVE-2024-37917

CVE-2024-37917 : Pexip Infinity prior to 35.0 is affected by improper input validation that allows a remote attacker to trigger a denial of service (software abort) via a crafted signalling message. This is the stated impact in multiple sources, with CVSS v3.1 indicating NETWORK access, low attac...

7.5CVSS7.1AI score0.00468EPSS
CVE
CVE
added 2021/07/07 2:1 p.m.44 views

CVE-2021-31925

Pexip Infinity 25.x before 25.4 is affected by CVE-2021-31925 due to improper input validation. An unauthenticated remote attacker can cause a denial of service through the administrative web interface. Remediation: upgrade to version 25.4 or later per connected advisories.

7.5CVSS7.5AI score0.01328EPSS
CVE
CVE
added 2023/12/25 12:0 a.m.43 views

CVE-2023-37225

Pexip Infinity before version 32 contains a cross-site scripting (XSS) flaw in the Webapp1 component via preconfigured links. Affected product: Pexip Infinity prior to 32. Root cause: XSS in the legacy Webapp1 workflow. Impact, per sources, centers on client-side script execution with user intera...

6.1CVSS5.9AI score0.00309EPSS
CVE
CVE
added 2023/12/25 12:0 a.m.39 views

CVE-2023-31455

Pexip Infinity prior to version 31.2 is affected by an Improper Input Validation in RTCP handling. The root cause is improper validation of RTCP inputs, which allows remote attackers to trigger an abort. Affected product: Pexip Infinity (versions before 31.2). Impact as described: possibility to ...

7.5CVSS7.5AI score0.00615EPSS
CVE
CVE
added 2023/12/25 12:0 a.m.34 views

CVE-2023-31289

CVE-2023-31289 affects Pexip Infinity prior to version 31.2. The root cause is improper input validation for signalling, allowing remote attackers to trigger a service abort. Impact is a potential denial of service. Remediation per available sources is to upgrade to version 31.2 or later or apply...

7.5CVSS7.5AI score0.00615EPSS
CVE
CVE
added 2025/12/25 12:0 a.m.22 views

CVE-2025-66377

CVE-2025-66377 affects Pexip Infinity prior to 39.0. A missing authentication for a critical function in a product-internal API allows an attacker who already has code execution on one node to impact the operation of other nodes in the installation. This is not listed as exploitable in the provid...

7.5CVSS7.1AI score0.00194EPSS
CVE
CVE
added 2025/12/25 12:0 a.m.20 views

CVE-2025-59683

CVE-2025-59683 affects Pexip Infinity 15.0–38.0; vulnerability due to Improper Access Control in the Secure Scheduler for Exchange service when using Office 365 Legacy Exchange Tokens. Exploitation could allow a remote attacker to read potentially sensitive data and cause resource exhaustion, lea...

9.1CVSS6.4AI score0.00285EPSS
CVE
CVE
added 2025/12/25 12:0 a.m.19 views

CVE-2025-66378

CVE-2025-66378 affects Pexip Infinity 38.0 and 38.1 (before 39.0). The issue is insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node. Supported by Red Hat and ENISA/NVD entries; PT-2025-53393 explicitly recommends updating...

7.5CVSS6.5AI score0.00218EPSS
CVE
CVE
added 2025/12/25 12:0 a.m.18 views

CVE-2025-66443

CVE-2025-66443 affects Pexip Infinity 35.0–38.1 (before 39.0) in non-default configurations that use Direct Media for WebRTC. The issue is improper input validation in the signaling path, allowing an attacker to trigger a software abort and cause a temporary denial of service. Red Hat and other s...

7.5CVSS6.4AI score0.00268EPSS
CVE
CVE
added 2025/12/25 12:0 a.m.17 views

CVE-2025-49088

Pexip Infinity versions 32.0–37.1 (before 37.2) are affected by improper input validation in the OTJ (One Touch Join) service when configuring Teams SIP Guest Join. A remote attacker can trigger a denial of service by sending a crafted calendar invite, leading to a software abort. Red Hat and EUV...

5.9CVSS6.4AI score0.00271EPSS
CVE
CVE
added 2025/12/25 12:0 a.m.15 views

CVE-2025-32095

Affected software: Pexip Infinity (before 37.0). Vulnerability detail: improper input validation in signalling allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in denial of service. This is consistently reported across CVE entries (NVD/Red Hat/EUVD/...

7.5CVSS6.5AI score0.00364EPSS
CVE
CVE
added 2025/12/25 12:0 a.m.15 views

CVE-2025-32096

The CVE-2025-32096 entry affects Pexip Infinity software versions 33.0 through 37.0 (before 37.1). The vulnerability stems from improper input validation in signaling, which can cause an attacker to trigger a software abort and result in a denial of service. Remediation is to upgrade to Pexip Inf...

7.5CVSS6.5AI score0.00268EPSS
CVE
CVE
added 2025/12/25 12:0 a.m.15 views

CVE-2025-48704

CVE-2025-48704 affects Pexip Infinity 35.0–37.2 prior to 38.0. The issue is improper input validation in the signalling path, which can trigger a software abort and cause a denial of service. Red Hat, CIRCL, EUVD, NVD, and CVE listings corroborate the impact as a DoS due to signalling input valid...

7.5CVSS6.4AI score0.00268EPSS
CVE
CVE
added 2025/12/25 12:0 a.m.15 views

CVE-2025-66379

Pexip Infinity prior to 39.0 is affected by an improper input validation flaw in the media implementation. A remote attacker can exploit a crafted media stream to trigger a software abort, resulting in a denial of service. Affected product/version: Pexip Infinity

7.5CVSS6.4AI score0.0032EPSS