47 matches found
CVE-2022-26655
CVE-2022-26655 affects Pexip Infinity 27.x prior to 27.3, where improper input validation in the client API allows remote attackers to trigger a software abort via a gateway call into Teams. Affected product/component: Pexip Infinity (27.x line). Root cause: input validation flaw in the client AP...
CVE-2022-23228
CVE-2022-23228 affects Pexip Infinity prior to 27.0. The issue is improper WebRTC input validation, enabling an unauthenticated remote attacker to exhaust resources and temporarily cause a denial-of-service condition. The description does not provide any exploitation details beyond this impact, n...
CVE-2022-27929
CVE-2022-27929 affects Pexip Infinity 27.x (27.0–27.2) with a faulty input validation path that allows remote attackers to trigger a software abort via HTTP, causing denial of service. The vulnerability is caused by an input validation error in HTTP handling, as reported across multiple sources (...
CVE-2022-27932
CVE-2022-27932 affects Pexip Infinity prior to 27.3. Remote attackers can trigger a software abort via One Touch Join . The root cause involves the input handling in One Touch Join leading to abort conditions. Impact is a potential denial of service through forced software abort. Affected product...
CVE-2022-26656
CVE-2022-26656 affects Pexip Infinity prior to 27.3. The vulnerability is described across multiple sources as an input validation error in the One Touch Join flow that can allow remote attackers to trigger a software abort and potentially enumerate usernames. Concrete affected product/version: P...
CVE-2022-26654
Pexip Infinity vulnerable before 27.3, where an HTTP-based flaw allows remote attackers to force a software abort. Products affected: Pexip Infinity prior to 27.3 (per CVE-2022-26654). The issue is described as an injection/abort condition triggered via HTTP, with impact stated as a software abor...
CVE-2022-26657
CVE-2022-26657 affects Pexip Infinity prior to 27.3, where an input validation error in One Touch Join allows remote attackers to trigger a software abort, causing denial of service. The issue is documented across multiple feeds (Red Hat, CNVD, NVD) with the same impact. Affected product/version:...
CVE-2022-25357
Affected software: Pexip Infinity (27.x) prior to 27.2. Vulnerability: Improper access control that could allow an attacker to join a conference (call join) even if the meeting is locked but without a PIN. Root cause/unwrap: Access control error enabling joining a locked, PIN-less meeting. Impact...
CVE-2022-27934
CVE-2022-27934 affects Pexip Infinity versions prior to 27.3. A remote attacker can trigger a software abort via HTTP . The issue is described as an input-validation/logic flaw in affected versions. Remediation per PT-2022-18702 is to upgrade to 27.3 or later . If not upgrading, there is no other...
CVE-2022-27936
Summary: CVE-2022-27936 affects Pexip Infinity prior to 27.3, where remote attackers can trigger a software abort via H.323, effectively a denial of service. Affected versions: before 27.3. Impact: remote, unauthenticated trigger leading to a crash (DoS). Remediation: upgrade to version 27.3 or l...
CVE-2022-27933
Pexip Infinity prior to 27.3 is affected. An issue in One Touch Join allows remote attackers to trigger a software abort. The Red Hat/CNVD and PTSecurity entries corroborate a remote-exploitation flaw, with a fix available in version 27.3 or later. The root cause cited in some sources references ...
CVE-2022-27937
CVE-2022-27937 affects Pexip Infinity prior to version 27.3. The vulnerability allows remote attackers to trigger excessive resource consumption via H.264, leading to denial of service (availability impact). The issue is mitigated by upgrading to version 27.3 or later as indicated in security adv...
CVE-2022-27928
CVE-2022-27928 affects Pexip Infinity 27.x prior to 27.3. The vulnerability allows remote attackers to trigger a software abort via the Session Initiation Protocol, leading to potential denial of service. The condition is triggered by SIP handling in affected versions. A fix is indicated for vers...
CVE-2014-8779
CVE-2014-8779 affects Pexip Infinity prior to v8, where non-unique SSH host keys are used across different installations. Root cause: fixed/static host keys embedded in images allow an attacker with network access to impersonate a Pexip Infinity node and perform MITM SSH sessions, potentially cap...
CVE-2015-4719
CVE-2015-4719 affects Pexip Infinity prior to v10, where the client API authentication mechanism allows remote attackers to gain privileges via a crafted request. Documents from NVD/Red Hat/CVE lists repeat this description and identify the impact as privilege escalation with network access and n...
CVE-2022-27930
CVE-2022-27930 affects Pexip Infinity, with versions prior to 27.3 vulnerable to a denial-of-service-style trigger of a software abort via the single-sign-on feature if an arbitrary UUID is guessed. The issue is triggered through SSO and can be exploited remotely. Mitigation: upgrade to version 2...
CVE-2022-27931
CVE-2022-27931 affects Pexip Infinity: versions prior to 27.3 are vulnerable to a remote-triggered software abort via the Session Initiation Protocol. The PT-2022-18699 advisory confirms the affected range and recommends upgrading to 27.3 or later to resolve the issue. Other connected sources des...
CVE-2022-29286
Technical details about CVE-2022-29286 are not publicly available in the provided connected documents. Monitor for updates from vendors/security bulletins for impacted versions, affected components, and remediations.
CVE-2020-13387
The CVE-2020-13387 entry applies to Pexip Infinity prior to version 23.4, where a lack of input validation leads to a temporary denial of service via H.323. The vulnerability is documented across multiple sources (NVD/CNVD), confirming the affected product family and root cause, and indicating th...
CVE-2022-27935
Pexip Infinity before 27.3 is affected. The vulnerability allows remote attackers to trigger a software abort via Epic Telehealth, caused by an input validation issue in the affected versions. Impact is described as a potential denial/abort condition rather than data exfiltration. Remediation: up...
CVE-2025-30080
CVE-2025-30080 affects Pexip Infinity versions 29 through 36.2; impact is a temporary denial of service caused by improper input validation in the signalling component. Exploitation is remote and can trigger a software abort. Red Hat and PT Security references corroborate the issue and point to u...
CVE-2017-17477
CVE-2017-17477 concerns Pexip Infinity prior to 17, where an unauthenticated remote attacker can trigger stored cross-site scripting via the management web interface views. The vulnerability affects the admin-facing web UI and can lead to script execution in a user’s browser. The available connec...
CVE-2019-7178
CVE-2019-7178 affects Pexip Infinity prior to 20.1, enabling privilege escalation by restoring a system backup. Connected sources confirm the vulnerability text and vendor advisories (Red Hat entry reiterates the same description). The exact root cause, vulnerable components, impacted configurati...
CVE-2020-11805
Technical details of CVE-2020-11805 are not publicly provided in the connected documents. Monitor for updates from vendors and security advisories.
CVE-2022-32263
CVE-2022-32263 affects Pexip Infinity prior to 28.1. The vulnerability allows remote attackers to trigger a software abort via G.719, impacting availability (CVSS v3.1 base score 7.5, HIGH). Affected component is the Pexip Infinity implementation handling G.719 signaling. According to sources, ve...
CVE-2018-10585
Pexip Infinity before 18 is affected by a remote Denial of Service caused by an XML parsing issue. Multiple connected sources (Red Hat, CNVD, NVD, PRION and CVE records) confirm the vulnerability exists in Pexip Infinity prior to version 18 and describe the impact as DoS via XML parsing. The root...
CVE-2019-7177
CVE-2019-7177 affects Pexip Infinity before 20.1. The vulnerability allows Code Injection onto nodes via an admin interface. The available sources identify the affected product/version and the attack vector as administrative input leading to code execution, but do not provide specific root-cause ...
CVE-2020-12824
Pexip Infinity 23.x prior to 23.3 is affected by an input-validation error that can cause a temporary software abort via RTP. The issue is documented across multiple sources (NVD and partner advisories) as Improper input validation leading to a transient crash in RTP handling. Affected product: P...
CVE-2020-24615
Summary: CVE-2020-24615 affects Pexip Infinity before version 24.1, due to improper input validation that can cause a temporary denial of service over SIP. Affected software (from provided docs): Pexip Infinity (video conferencing platform); versions prior to 24.1. Root cause (as stated): Imprope...
CVE-2024-33850
CVE-2024-33850 affects Pexip Infinity prior to 34.1. The issue is improper access control for people in a waiting room: they can view the conference roster and perform actions that should be restricted until admission. Documents from multiple sources confirm the affected product/versions and the ...
CVE-2017-6551
CVE-2017-6551 : The provided records indicate that Pexip Infinity, versions prior to 14.2, is affected by a vulnerability in Conferencing Nodes that can be remotely triggered to cause a denial of service (service restart) or to execute arbitrary code. The exact vulnerable component or root cause ...
CVE-2020-25868
CVE-2020-25868 affects Pexip Infinity 22.x through 24.x before 24.2, with an improper input validation flaw in call setup. An unauthenticated remote attacker can trigger a software abort, causing temporary service disruption. Public references in the provided documents confirm the impact and affe...
CVE-2018-10432
CVE-2018-10432 affects Pexip Infinity before version 18, enabling Remote Denial of Service via TLS handshakes in RTMP. Multiple sources (NVD, Red Hat, CNVD) corroborate the vuln and that it exists in versions prior to 18. Exploitation details are not provided in the documents; remediation implied...
CVE-2024-37917
CVE-2024-37917 : Pexip Infinity prior to 35.0 is affected by improper input validation that allows a remote attacker to trigger a denial of service (software abort) via a crafted signalling message. This is the stated impact in multiple sources, with CVSS v3.1 indicating NETWORK access, low attac...
CVE-2021-31925
Pexip Infinity 25.x before 25.4 is affected by CVE-2021-31925 due to improper input validation. An unauthenticated remote attacker can cause a denial of service through the administrative web interface. Remediation: upgrade to version 25.4 or later per connected advisories.
CVE-2023-37225
Pexip Infinity before version 32 contains a cross-site scripting (XSS) flaw in the Webapp1 component via preconfigured links. Affected product: Pexip Infinity prior to 32. Root cause: XSS in the legacy Webapp1 workflow. Impact, per sources, centers on client-side script execution with user intera...
CVE-2023-31455
Pexip Infinity prior to version 31.2 is affected by an Improper Input Validation in RTCP handling. The root cause is improper validation of RTCP inputs, which allows remote attackers to trigger an abort. Affected product: Pexip Infinity (versions before 31.2). Impact as described: possibility to ...
CVE-2023-31289
CVE-2023-31289 affects Pexip Infinity prior to version 31.2. The root cause is improper input validation for signalling, allowing remote attackers to trigger a service abort. Impact is a potential denial of service. Remediation per available sources is to upgrade to version 31.2 or later or apply...
CVE-2025-66377
CVE-2025-66377 affects Pexip Infinity prior to 39.0. A missing authentication for a critical function in a product-internal API allows an attacker who already has code execution on one node to impact the operation of other nodes in the installation. This is not listed as exploitable in the provid...
CVE-2025-59683
CVE-2025-59683 affects Pexip Infinity 15.0–38.0; vulnerability due to Improper Access Control in the Secure Scheduler for Exchange service when using Office 365 Legacy Exchange Tokens. Exploitation could allow a remote attacker to read potentially sensitive data and cause resource exhaustion, lea...
CVE-2025-66378
CVE-2025-66378 affects Pexip Infinity 38.0 and 38.1 (before 39.0). The issue is insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node. Supported by Red Hat and ENISA/NVD entries; PT-2025-53393 explicitly recommends updating...
CVE-2025-66443
CVE-2025-66443 affects Pexip Infinity 35.0–38.1 (before 39.0) in non-default configurations that use Direct Media for WebRTC. The issue is improper input validation in the signaling path, allowing an attacker to trigger a software abort and cause a temporary denial of service. Red Hat and other s...
CVE-2025-49088
Pexip Infinity versions 32.0–37.1 (before 37.2) are affected by improper input validation in the OTJ (One Touch Join) service when configuring Teams SIP Guest Join. A remote attacker can trigger a denial of service by sending a crafted calendar invite, leading to a software abort. Red Hat and EUV...
CVE-2025-32095
Affected software: Pexip Infinity (before 37.0). Vulnerability detail: improper input validation in signalling allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in denial of service. This is consistently reported across CVE entries (NVD/Red Hat/EUVD/...
CVE-2025-32096
The CVE-2025-32096 entry affects Pexip Infinity software versions 33.0 through 37.0 (before 37.1). The vulnerability stems from improper input validation in signaling, which can cause an attacker to trigger a software abort and result in a denial of service. Remediation is to upgrade to Pexip Inf...
CVE-2025-48704
CVE-2025-48704 affects Pexip Infinity 35.0–37.2 prior to 38.0. The issue is improper input validation in the signalling path, which can trigger a software abort and cause a denial of service. Red Hat, CIRCL, EUVD, NVD, and CVE listings corroborate the impact as a DoS due to signalling input valid...
CVE-2025-66379
Pexip Infinity prior to 39.0 is affected by an improper input validation flaw in the media implementation. A remote attacker can exploit a crafted media stream to trigger a software abort, resulting in a denial of service. Affected product/version: Pexip Infinity