cbcvebase.

Pexip Infinity vulnerabilities

47 known vulnerabilities affecting pexip/pexip_infinity.

Total CVEs
47
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH35MEDIUM8

Vulnerabilities

Page 1 of 3
CVE-2015-4719P2CRITICALCVSS 9.8fixed in 102020-09-24
CVE-2015-4719 [CRITICAL] CWE-269 CVE-2015-4719: The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
nvd
CVE-2025-59683P3CRITICALCVSS 9.1≥ 15, < 38.12025-12-25
CVE-2025-59683 [CRITICAL] CWE-863 CVE-2025-59683: Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service.
nvd
CVE-2017-6551P3CRITICALCVSS 9.8≤ 14.12017-05-02
CVE-2017-6551 [CRITICAL] CWE-20 CVE-2017-6551: Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes.
nvd
CVE-2020-11805P3CRITICALCVSS 9.8v23v23.12020-09-25
CVE-2020-11805 [CRITICAL] CWE-20 CVE-2020-11805: Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.
nvd
CVE-2025-66377P3HIGHCVSS 7.5fixed in 39.02025-12-25
CVE-2025-66377 [HIGH] CWE-306 CVE-2025-66377: Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation.
nvd
CVE-2022-27933P3HIGHCVSS 8.2≥ 24.0, < 27.32022-07-17
CVE-2022-27933 [HIGH] CVE-2022-27933: Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
nvd
CVE-2022-26656P3HIGHCVSS 8.2fixed in 27.32022-07-17
CVE-2022-26656 [HIGH] CVE-2022-26656: Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumera Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.
nvd
CVE-2020-25868P3HIGHCVSS 7.5≥ 22.0, < 24.22021-07-07
CVE-2020-25868 [HIGH] CWE-20 CVE-2020-25868: Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauth Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service).
nvd
CVE-2022-26655P3HIGHCVSS 7.5≥ 27.0, < 27.32022-07-17
CVE-2022-26655 [HIGH] CWE-20 CVE-2022-26655: Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attacker Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.
nvd
CVE-2022-27936P3HIGHCVSS 7.5fixed in 28.02022-07-17
CVE-2022-27936 [HIGH] CVE-2022-27936: Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323. Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.
nvd
CVE-2022-27935P3HIGHCVSS 7.5≥ 25.0, < 27.32022-07-17
CVE-2022-27935 [HIGH] CVE-2022-27935: Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth. Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.
nvd
CVE-2022-26657P3HIGHCVSS 7.5fixed in 27.32022-07-17
CVE-2022-26657 [HIGH] CVE-2022-26657: Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
nvd
CVE-2022-26654P3HIGHCVSS 7.5fixed in 27.32022-07-17
CVE-2022-26654 [HIGH] CVE-2022-26654: Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP. Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.
nvd
CVE-2022-27932P3HIGHCVSS 7.5≥ 24.0, < 27.32022-07-17
CVE-2022-27932 [HIGH] CVE-2022-27932: Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
nvd
CVE-2022-32263P3HIGHCVSS 7.5≥ 13, < 28.12022-07-17
CVE-2022-32263 [HIGH] CVE-2022-32263: Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719. Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.
nvd
CVE-2023-31289P3HIGHCVSS 7.5fixed in 31.22023-12-25
CVE-2023-31289 [HIGH] CWE-20 CVE-2023-31289: Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers t Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort.
nvd
CVE-2023-31455P3HIGHCVSS 7.5fixed in 31.22023-12-25
CVE-2023-31455 [HIGH] CWE-20 CVE-2023-31455: Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trig Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.
nvd
CVE-2022-27931P3HIGHCVSS 7.5≥ 24.0, < 27.32022-07-17
CVE-2022-27931 [HIGH] CVE-2022-27931: Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initi Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
nvd
CVE-2022-27934P3HIGHCVSS 7.5≥ 25.0, < 27.32022-07-17
CVE-2022-27934 [HIGH] CVE-2022-27934: Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP. Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.
nvd
CVE-2022-27928P3HIGHCVSS 7.5≥ 27.0, < 27.32022-07-17
CVE-2022-27928 [HIGH] CVE-2022-27928: Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
nvd
Pexip Infinity vulnerabilities | cvebase