cbcvebase.

Pexip Infinity vulnerabilities

47 known vulnerabilities affecting pexip/pexip_infinity.

Total CVEs
47
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH35MEDIUM8

Vulnerabilities

Page 3 of 3
CVE-2017-17477P4MEDIUMCVSS 6.1≥ 10, < 172020-09-25
CVE-2017-17477 [MEDIUM] CWE-79 CVE-2017-17477: Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via managem Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.
nvd
CVE-2025-66443P4MEDIUMCVSS 5.3≥ 35.0, < 39.02025-12-25
CVE-2025-66443 [MEDIUM] CWE-617 CVE-2025-66443: Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media fo Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.
nvd
CVE-2014-8779P4HIGHCVSS 7.1≤ 7.02015-02-03
CVE-2014-8779 [HIGH] CWE-254 CVE-2014-8779: Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.
nvd
CVE-2022-25357P4MEDIUMCVSS 5.3≥ 27.0, < 27.22022-07-17
CVE-2022-25357 [MEDIUM] CVE-2022-25357: Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a confer Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.
nvd
CVE-2023-37225P4MEDIUMCVSS 6.1fixed in 32.02023-12-25
CVE-2023-37225 [MEDIUM] CWE-79 CVE-2023-37225: Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links. Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links.
nvd
CVE-2020-24615P4MEDIUMCVSS 5.3fixed in 24.12020-09-25
CVE-2020-24615 [MEDIUM] CWE-20 CVE-2020-24615: Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.
nvd
CVE-2024-33850P4MEDIUMCVSS 4.3fixed in 34.12024-06-10
CVE-2024-33850 [MEDIUM] CVE-2024-33850: Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see t Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting.
nvd
Pexip Infinity vulnerabilities | cvebase