Pexip Infinity
by Pexip
CVEs (51)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-25868 | 0.00 | — | 0.01 | Jul 7, 2021 | Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service). | |||
| CVE-2020-24615 | 0.00 | — | 0.01 | Sep 25, 2020 | Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP. | |||
| CVE-2020-13387 | 0.00 | — | 0.01 | Sep 25, 2020 | Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323. | |||
| CVE-2020-12824 | 0.00 | — | 0.01 | Sep 25, 2020 | Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP. | |||
| CVE-2017-17477 | 0.00 | — | 0.01 | Sep 25, 2020 | Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views. | |||
| CVE-2019-7178 | 0.00 | — | 0.02 | Sep 25, 2020 | Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup. | |||
| CVE-2019-7177 | 0.00 | — | 0.01 | Sep 25, 2020 | Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin. | |||
| CVE-2018-10585 | 0.00 | — | 0.01 | Sep 25, 2020 | Pexip Infinity before 18 allows remote Denial of Service (XML parsing). | |||
| CVE-2018-10432 | 0.00 | — | 0.01 | Sep 25, 2020 | Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP). | |||
| CVE-2015-4719 | 0.00 | — | 0.01 | Sep 24, 2020 | The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request. | |||
| CVE-2014-8779 | 0.00 | — | 0.01 | Feb 3, 2015 | Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys. |
- CVE-2020-25868Jul 7, 2021risk 0.00cvss —epss 0.01
Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service).
- CVE-2020-24615Sep 25, 2020risk 0.00cvss —epss 0.01
Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.
- CVE-2020-13387Sep 25, 2020risk 0.00cvss —epss 0.01
Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.
- CVE-2020-12824Sep 25, 2020risk 0.00cvss —epss 0.01
Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.
- CVE-2017-17477Sep 25, 2020risk 0.00cvss —epss 0.01
Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.
- CVE-2019-7178Sep 25, 2020risk 0.00cvss —epss 0.02
Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup.
- CVE-2019-7177Sep 25, 2020risk 0.00cvss —epss 0.01
Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin.
- CVE-2018-10585Sep 25, 2020risk 0.00cvss —epss 0.01
Pexip Infinity before 18 allows remote Denial of Service (XML parsing).
- CVE-2018-10432Sep 25, 2020risk 0.00cvss —epss 0.01
Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP).
- CVE-2015-4719Sep 24, 2020risk 0.00cvss —epss 0.01
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
- CVE-2014-8779Feb 3, 2015risk 0.00cvss —epss 0.01
Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.
Page 3 of 3