Filtered by vendor Pexip
Subscribe
Total
55 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49088 | 1 Pexip | 1 Pexip Infinity | 2026-01-05 | N/A | 5.9 MEDIUM |
|
Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.
|
|||||
| CVE-2025-48704 | 1 Pexip | 1 Pexip Infinity | 2026-01-05 | N/A | 7.5 HIGH |
|
Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.
|
|||||
| CVE-2025-32096 | 1 Pexip | 1 Pexip Infinity | 2026-01-05 | N/A | 7.5 HIGH |
|
Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.
|
|||||
| CVE-2025-32095 | 1 Pexip | 1 Pexip Infinity | 2026-01-05 | N/A | 7.5 HIGH |
|
Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.
|
|||||
| CVE-2025-66377 | 1 Pexip | 1 Pexip Infinity | 2026-01-05 | N/A | 7.5 HIGH |
|
Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation.
|
|||||
| CVE-2025-59683 | 1 Pexip | 1 Pexip Infinity | 2026-01-05 | N/A | 8.2 HIGH |
|
Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service.
|
|||||
| CVE-2025-66378 | 1 Pexip | 1 Pexip Infinity | 2026-01-05 | N/A | 5.9 MEDIUM |
|
Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.
|
|||||
| CVE-2025-66379 | 1 Pexip | 1 Pexip Infinity | 2026-01-05 | N/A | 7.5 HIGH |
|
Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.
|
|||||
| CVE-2025-66443 | 1 Pexip | 1 Pexip Infinity | 2026-01-05 | N/A | 7.5 HIGH |
|
Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.
|
|||||
| CVE-2024-33850 | 1 Pexip | 1 Pexip Infinity | 2025-06-20 | N/A | 4.3 MEDIUM |
|
Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting.
|
|||||
| CVE-2024-37917 | 1 Pexip | 1 Pexip Infinity | 2025-06-18 | N/A | 7.5 HIGH |
|
Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message.
|
|||||
| CVE-2025-30080 | 1 Pexip | 1 Pexip Infinity | 2025-06-18 | N/A | 7.5 HIGH |
|
Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort).
|
|||||
| CVE-2023-40236 | 1 Pexip | 1 Virtual Meeting Rooms | 2025-04-23 | N/A | 5.3 MEDIUM |
|
In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass.
|
|||||
| CVE-2017-6551 | 1 Pexip | 1 Pexip Infinity | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes.
|
|||||
| CVE-2014-8779 | 1 Pexip | 1 Pexip Infinity | 2025-04-12 | 7.1 HIGH | N/A |
|
Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.
|
|||||
| CVE-2023-37225 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links.
|
|||||
| CVE-2023-31455 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | N/A | 7.5 HIGH |
|
Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.
|
|||||
| CVE-2023-31289 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | N/A | 7.5 HIGH |
|
Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort.
|
|||||
| CVE-2022-32263 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | N/A | 7.5 HIGH |
|
Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.
|
|||||
| CVE-2022-29286 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.
|
|||||
| CVE-2022-27937 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.
|
|||||
| CVE-2022-27936 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.
|
|||||
| CVE-2022-27935 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.
|
|||||
| CVE-2022-27934 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.
|
|||||
| CVE-2022-27933 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.8 MEDIUM | 8.2 HIGH |
|
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
|
|||||
| CVE-2022-27932 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
|
|||||
| CVE-2022-27931 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
|
|||||
| CVE-2022-27930 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.
|
|||||
| CVE-2022-27929 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.
|
|||||
| CVE-2022-27928 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
|
|||||
| CVE-2022-26657 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
|
|||||
| CVE-2022-26656 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
|
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.
|
|||||
| CVE-2022-26655 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.
|
|||||
| CVE-2022-26654 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.
|
|||||
| CVE-2022-25357 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.
|
|||||
| CVE-2022-23228 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service.
|
|||||
| CVE-2021-42555 | 1 Pexip | 1 Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.
|
|||||
| CVE-2021-35969 | 1 Pexip | 1 Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.
|
|||||
| CVE-2021-33499 | 1 Pexip | 1 Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2).
|
|||||
| CVE-2021-33498 | 1 Pexip | 1 Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2).
|
|||||