Pexip Infinity vulnerabilities
47 known vulnerabilities affecting pexip/pexip_infinity.
Total CVEs
47
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH35MEDIUM8
Vulnerabilities
Page 3 of 3
CVE-2017-17477P4MEDIUMCVSS 6.1≥ 10, < 172020-09-25
CVE-2017-17477 [MEDIUM] CWE-79 CVE-2017-17477: Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via managem
Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.
nvd
CVE-2025-66443P4MEDIUMCVSS 5.3≥ 35.0, < 39.02025-12-25
CVE-2025-66443 [MEDIUM] CWE-617 CVE-2025-66443: Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media fo
Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.
nvd
CVE-2014-8779P4HIGHCVSS 7.1≤ 7.02015-02-03
CVE-2014-8779 [HIGH] CWE-254 CVE-2014-8779: Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which
Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.
nvd
CVE-2022-25357P4MEDIUMCVSS 5.3≥ 27.0, < 27.22022-07-17
CVE-2022-25357 [MEDIUM] CVE-2022-25357: Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a confer
Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.
nvd
CVE-2023-37225P4MEDIUMCVSS 6.1fixed in 32.02023-12-25
CVE-2023-37225 [MEDIUM] CWE-79 CVE-2023-37225: Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links.
Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links.
nvd
CVE-2020-24615P4MEDIUMCVSS 5.3fixed in 24.12020-09-25
CVE-2020-24615 [MEDIUM] CWE-20 CVE-2020-24615: Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via
Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.
nvd
CVE-2024-33850P4MEDIUMCVSS 4.3fixed in 34.12024-06-10
CVE-2024-33850 [MEDIUM] CVE-2024-33850: Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see t
Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting.
nvd
← Previous3 / 3