Pexip ≫ Pexip Infinity

Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.

Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service.

Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface.

Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service).

Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.

Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.

Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.

Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup.

Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin.