Pexip Infinity

pexip_infinity

Vendor: Pexip • 47 CVEs

CVEs (47)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-66443 1Pexip 1Pexip Infinity Jan 5, 2026 Dec 25, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in...Show more Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.Show less
CVE-2025-66379 1Pexip 1Pexip Infinity Jan 5, 2026 Dec 25, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.
CVE-2025-66378 1Pexip 1Pexip Infinity Jan 5, 2026 Dec 25, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.
CVE-2025-66377 1Pexip 1Pexip Infinity Jan 5, 2026 Dec 25, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to i...Show more Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation.Show less
CVE-2025-59683 1Pexip 1Pexip Infinity Jan 5, 2026 Dec 25, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially s...Show more Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service.Show less
CVE-2025-49088 1Pexip 1Pexip Infinity Jan 5, 2026 Dec 25, 2025 N/A· v4 5.9 MEDIUM· v3 N/A· v2 Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software...Show more Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.Show less
CVE-2025-48704 1Pexip 1Pexip Infinity Jan 5, 2026 Dec 25, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.
CVE-2025-32096 1Pexip 1Pexip Infinity Jan 5, 2026 Dec 25, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.
CVE-2025-32095 1Pexip 1Pexip Infinity Jan 5, 2026 Dec 25, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.
CVE-2025-30080 1Pexip 1Pexip Infinity Jun 18, 2025 Apr 2, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort).
CVE-2024-37917 1Pexip 1Pexip Infinity Jun 18, 2025 Apr 2, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message.
CVE-2024-33850 1Pexip 1Pexip Infinity Jun 20, 2025 Jun 10, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meetin...Show more Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting.Show less
CVE-2023-37225 1Pexip 1Pexip Infinity Nov 21, 2024 Dec 25, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links.
CVE-2023-31455 1Pexip 1Pexip Infinity Nov 21, 2024 Dec 25, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.
CVE-2023-31289 1Pexip 1Pexip Infinity Nov 21, 2024 Dec 25, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort.
CVE-2022-32263 1Pexip 1Pexip Infinity Nov 21, 2024 Jul 17, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.
CVE-2022-29286 1Pexip 1Pexip Infinity Nov 21, 2024 Jul 17, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.
CVE-2022-27937 1Pexip 1Pexip Infinity Nov 21, 2024 Jul 17, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.
CVE-2022-27936 1Pexip 1Pexip Infinity Nov 21, 2024 Jul 17, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.
CVE-2022-27935 1Pexip 1Pexip Infinity Nov 21, 2024 Jul 17, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.

12 3 Next