| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting. |
| Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message. |
| Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort). |
| Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes. |
| Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys. |
| Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links. |
| Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort. |
| Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort. |
| Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719. |
| Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling. |
| Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264. |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323. |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth. |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP. |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol. |
| Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed. |
| Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP. |
| Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol. |
