Pexip Pexip_infinity
47 CVEs affecting Pexip Pexip_infinity. Latest disclosed: 2025-12-25. Critical: 3, High: 35.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-11805 | Critical | 9.8 | 2020-09-25 | Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. |
CVE-2015-4719 | Critical | 9.8 | 2020-09-24 | The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request. |
CVE-2017-6551 | Critical | 9.8 | 2017-05-02 | Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing… |
CVE-2025-59683 | High | 8.2 | 2025-12-25 | Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchang… |
CVE-2022-27933 | High | 8.2 | 2022-07-17 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. |
CVE-2022-26656 | High | 8.2 | 2022-07-17 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join. |
CVE-2025-66443 | High | 7.5 | 2025-12-25 | Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that… |
CVE-2025-66379 | High | 7.5 | 2025-12-25 | Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted medi… |
CVE-2025-66377 | High | 7.5 | 2025-12-25 | Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execut… |
CVE-2025-48704 | High | 7.5 | 2025-12-25 | Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a de… |
CVE-2025-32096 | High | 7.5 | 2025-12-25 | Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a den… |
CVE-2025-32095 | High | 7.5 | 2025-12-25 | Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling messa… |
CVE-2025-30080 | High | 7.5 | 2025-04-02 | Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (s… |
CVE-2024-37917 | High | 7.5 | 2025-04-02 | Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling… |
CVE-2023-31455 | High | 7.5 | 2023-12-25 | Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort. |
CVE-2023-31289 | High | 7.5 | 2023-12-25 | Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort. |
CVE-2022-32263 | High | 7.5 | 2022-07-17 | Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719. |
CVE-2022-29286 | High | 7.5 | 2022-07-17 | Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling. |
CVE-2022-27937 | High | 7.5 | 2022-07-17 | Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264. |
CVE-2022-27936 | High | 7.5 | 2022-07-17 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323. |