CVE-2022-26655

Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.

CVE-2022-23228

Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service.

CVE-2022-27929

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2022-26656

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.

CVE-2022-27932

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

CVE-2022-25357

Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.

CVE-2022-27933

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

CVE-2022-27936

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.

CVE-2022-26654

Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.

CVE-2022-27928

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

CVE-2015-4719

The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.

CVE-2022-26657

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

CVE-2022-27934

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2014-8779

Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.

CVE-2022-27937

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.

CVE-2022-27930

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.

CVE-2022-27935

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.

CVE-2022-29286

Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.

CVE-2019-7178

Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup.

CVE-2022-27931

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

CVE-2019-7177

Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin.

CVE-2017-17477

Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.

CVE-2020-11805

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.

CVE-2020-24615

Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.

CVE-2018-10585

Pexip Infinity before 18 allows remote Denial of Service (XML parsing).

CVE-2020-12824

Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.

CVE-2022-32263

Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.

CVE-2025-30080

Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort).

CVE-2017-6551

Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes.

CVE-2024-33850

Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting.

CVE-2020-13387

Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.

CVE-2018-10432

Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP).

CVE-2024-37917

Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message.

CVE-2020-25868

Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service).

CVE-2021-31925

Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface.

CVE-2023-37225

Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links.

CVE-2023-31455

Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.

CVE-2023-31289

Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort.