Vendor CVEs
Pexip
All CVEs
56 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6551 | Cri | 0.64 | 9.8 | 0.04 | May 2, 2017 | Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes. | ||
| CVE-2024-38392 | Cri | 0.59 | 9.1 | 0.00 | Apr 2, 2025 | Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted code. | ||
| CVE-2025-66378 | 0.00 | — | 0.00 | Dec 25, 2025 | Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node. | |||
| CVE-2025-66443 | 0.00 | — | 0.00 | Dec 25, 2025 | Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service. | |||
| CVE-2025-59683 | 0.00 | — | 0.00 | Dec 25, 2025 | Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to… | |||
| CVE-2025-32095 | 0.00 | — | 0.00 | Dec 25, 2025 | Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service. | |||
| CVE-2025-66379 | 0.00 | — | 0.00 | Dec 25, 2025 | Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service. | |||
| CVE-2025-49088 | 0.00 | — | 0.00 | Dec 25, 2025 | Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial… | |||
| CVE-2025-32096 | 0.00 | — | 0.00 | Dec 25, 2025 | Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service. | |||
| CVE-2025-48704 | 0.00 | — | 0.00 | Dec 25, 2025 | Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service. | |||
| CVE-2025-66377 | 0.00 | — | 0.00 | Dec 25, 2025 | Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation. | |||
| CVE-2024-37917 | 0.00 | — | 0.00 | Apr 2, 2025 | Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message. | |||
| CVE-2025-30080 | 0.00 | — | 0.01 | Apr 2, 2025 | Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort). | |||
| CVE-2024-33850 | 0.00 | — | 0.00 | Jun 10, 2024 | Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting. | |||
| CVE-2023-31455 | 0.00 | — | 0.01 | Dec 25, 2023 | Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort. | |||
| CVE-2023-31289 | 0.00 | — | 0.01 | Dec 25, 2023 | Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort. | |||
| CVE-2023-40236 | 0.00 | — | 0.00 | Dec 25, 2023 | In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass. | |||
| CVE-2023-37225 | 0.00 | — | 0.00 | Dec 25, 2023 | Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links. | |||
| CVE-2022-32263 | 0.00 | — | 0.01 | Jul 17, 2022 | Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719. | |||
| CVE-2022-29286 | 0.00 | — | 0.01 | Jul 17, 2022 | Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling. | |||
| CVE-2022-27937 | 0.00 | — | 0.01 | Jul 17, 2022 | Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264. | |||
| CVE-2022-27936 | 0.00 | — | 0.01 | Jul 17, 2022 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323. | |||
| CVE-2022-27935 | 0.00 | — | 0.01 | Jul 17, 2022 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth. | |||
| CVE-2022-27934 | 0.00 | — | 0.01 | Jul 17, 2022 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP. | |||
| CVE-2022-27933 | 0.00 | — | 0.01 | Jul 17, 2022 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. | |||
| CVE-2022-27932 | 0.00 | — | 0.01 | Jul 17, 2022 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. | |||
| CVE-2022-27931 | 0.00 | — | 0.01 | Jul 17, 2022 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol. | |||
| CVE-2022-27930 | 0.00 | — | 0.01 | Jul 17, 2022 | Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed. | |||
| CVE-2022-27929 | 0.00 | — | 0.01 | Jul 17, 2022 | Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP. | |||
| CVE-2022-27928 | 0.00 | — | 0.01 | Jul 17, 2022 | Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol. | |||
| CVE-2022-26657 | 0.00 | — | 0.01 | Jul 17, 2022 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. | |||
| CVE-2022-26656 | 0.00 | — | 0.01 | Jul 17, 2022 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join. | |||
| CVE-2022-26655 | 0.00 | — | 0.01 | Jul 17, 2022 | Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams. | |||
| CVE-2022-26654 | 0.00 | — | 0.01 | Jul 17, 2022 | Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP. | |||
| CVE-2022-25357 | 0.00 | — | 0.01 | Jul 17, 2022 | Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN. | |||
| CVE-2022-23228 | 0.00 | — | 0.01 | Feb 18, 2022 | Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service. | |||
| CVE-2021-29656 | 0.00 | — | 0.01 | Feb 18, 2022 | Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked. | |||
| CVE-2021-29655 | 0.00 | — | 0.01 | Feb 18, 2022 | Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute. | |||
| CVE-2021-42555 | 0.00 | — | 0.01 | Jan 15, 2022 | Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation. | |||
| CVE-2021-35969 | 0.00 | — | 0.01 | Jan 15, 2022 | Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation. | |||
| CVE-2021-33499 | 0.00 | — | 0.01 | Jan 15, 2022 | Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2). | |||
| CVE-2021-33498 | 0.00 | — | 0.01 | Jan 15, 2022 | Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2). | |||
| CVE-2021-32545 | 0.00 | — | 0.01 | Jan 15, 2022 | Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation. | |||
| CVE-2021-31925 | 0.00 | — | 0.01 | Jul 7, 2021 | Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface. | |||
| CVE-2020-25868 | 0.00 | — | 0.01 | Jul 7, 2021 | Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service). | |||
| CVE-2020-24615 | 0.00 | — | 0.01 | Sep 25, 2020 | Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP. | |||
| CVE-2020-13387 | 0.00 | — | 0.01 | Sep 25, 2020 | Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323. | |||
| CVE-2020-12824 | 0.00 | — | 0.01 | Sep 25, 2020 | Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP. | |||
| CVE-2020-11805 | 0.00 | — | 0.01 | Sep 25, 2020 | Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. | |||
| CVE-2017-17477 | 0.00 | — | 0.01 | Sep 25, 2020 | Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views. |
- risk 0.64cvss 9.8epss 0.04
Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes.
- risk 0.59cvss 9.1epss 0.00
Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted code.
- CVE-2025-66378Dec 25, 2025risk 0.00cvss —epss 0.00
Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.
- CVE-2025-66443Dec 25, 2025risk 0.00cvss —epss 0.00
Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.
- CVE-2025-59683Dec 25, 2025risk 0.00cvss —epss 0.00
Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to…
- CVE-2025-32095Dec 25, 2025risk 0.00cvss —epss 0.00
Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.
- CVE-2025-66379Dec 25, 2025risk 0.00cvss —epss 0.00
Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.
- CVE-2025-49088Dec 25, 2025risk 0.00cvss —epss 0.00
Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial…
- CVE-2025-32096Dec 25, 2025risk 0.00cvss —epss 0.00
Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.
- CVE-2025-48704Dec 25, 2025risk 0.00cvss —epss 0.00
Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.
- CVE-2025-66377Dec 25, 2025risk 0.00cvss —epss 0.00
Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation.
- CVE-2024-37917Apr 2, 2025risk 0.00cvss —epss 0.00
Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message.
- CVE-2025-30080Apr 2, 2025risk 0.00cvss —epss 0.01
Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort).
- CVE-2024-33850Jun 10, 2024risk 0.00cvss —epss 0.00
Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting.
- CVE-2023-31455Dec 25, 2023risk 0.00cvss —epss 0.01
Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.
- CVE-2023-31289Dec 25, 2023risk 0.00cvss —epss 0.01
Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort.
- CVE-2023-40236Dec 25, 2023risk 0.00cvss —epss 0.00
In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass.
- CVE-2023-37225Dec 25, 2023risk 0.00cvss —epss 0.00
Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links.
- CVE-2022-32263Jul 17, 2022risk 0.00cvss —epss 0.01
Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.
- CVE-2022-29286Jul 17, 2022risk 0.00cvss —epss 0.01
Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.
- CVE-2022-27937Jul 17, 2022risk 0.00cvss —epss 0.01
Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.
- CVE-2022-27936Jul 17, 2022risk 0.00cvss —epss 0.01
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.
- CVE-2022-27935Jul 17, 2022risk 0.00cvss —epss 0.01
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.
- CVE-2022-27934Jul 17, 2022risk 0.00cvss —epss 0.01
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.
- CVE-2022-27933Jul 17, 2022risk 0.00cvss —epss 0.01
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
- CVE-2022-27932Jul 17, 2022risk 0.00cvss —epss 0.01
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
- CVE-2022-27931Jul 17, 2022risk 0.00cvss —epss 0.01
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
- CVE-2022-27930Jul 17, 2022risk 0.00cvss —epss 0.01
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.
- CVE-2022-27929Jul 17, 2022risk 0.00cvss —epss 0.01
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.
- CVE-2022-27928Jul 17, 2022risk 0.00cvss —epss 0.01
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
- CVE-2022-26657Jul 17, 2022risk 0.00cvss —epss 0.01
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
- CVE-2022-26656Jul 17, 2022risk 0.00cvss —epss 0.01
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.
- CVE-2022-26655Jul 17, 2022risk 0.00cvss —epss 0.01
Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.
- CVE-2022-26654Jul 17, 2022risk 0.00cvss —epss 0.01
Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.
- CVE-2022-25357Jul 17, 2022risk 0.00cvss —epss 0.01
Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.
- CVE-2022-23228Feb 18, 2022risk 0.00cvss —epss 0.01
Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service.
- CVE-2021-29656Feb 18, 2022risk 0.00cvss —epss 0.01
Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked.
- CVE-2021-29655Feb 18, 2022risk 0.00cvss —epss 0.01
Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute.
- CVE-2021-42555Jan 15, 2022risk 0.00cvss —epss 0.01
Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.
- CVE-2021-35969Jan 15, 2022risk 0.00cvss —epss 0.01
Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.
- CVE-2021-33499Jan 15, 2022risk 0.00cvss —epss 0.01
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2).
- CVE-2021-33498Jan 15, 2022risk 0.00cvss —epss 0.01
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2).
- CVE-2021-32545Jan 15, 2022risk 0.00cvss —epss 0.01
Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation.
- CVE-2021-31925Jul 7, 2021risk 0.00cvss —epss 0.01
Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface.
- CVE-2020-25868Jul 7, 2021risk 0.00cvss —epss 0.01
Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service).
- CVE-2020-24615Sep 25, 2020risk 0.00cvss —epss 0.01
Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.
- CVE-2020-13387Sep 25, 2020risk 0.00cvss —epss 0.01
Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.
- CVE-2020-12824Sep 25, 2020risk 0.00cvss —epss 0.01
Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.
- CVE-2020-11805Sep 25, 2020risk 0.00cvss —epss 0.01
Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.
- CVE-2017-17477Sep 25, 2020risk 0.00cvss —epss 0.01
Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.
Page 1 of 2