关键漏洞信息 Pexip Infinity CVE-2025-32095 - Description: Invalid input validation in the signaling implementation allows a malicious actor to trigger a software abort resulting in a denial of service. - Severity: High - Risk: High - Updated: March 2025 - Impacted versions: All before 37.0 - Addressed in version: 37.0 CVE-2025-30860 - Description: Insufficient checks in the signaling implementation(s) allow a malicious attacker to trigger a remote code execution in a temporary denial of service. - Severity: High - Risk: High - Updated: March 2025 - Impacted versions: 29 - 36.2 - Addressed in version: 37.0 CVE-2024-12864 - Description: A heap-based buffer overflow flaw was found in the rync daemon, where an insufficient checking of attacker-controlled checksum lengths (cksumlen) in the RSYNC protocol could lead to a crash. - Severity: Critical - Risk: High - Updated: March 2025 - Impacted versions: All before 37.0 - Addressed in version: 37.0 Pexip apps CVE-2022-38392 - Description: Insufficient authority checks in loading resources allow an attacker to load and run untrusted code. - Severity: Medium - Risk: Medium - Updated: July 2024 - Impacted versions: Unknown - Addressed in version: 1.1.0.3 CVE-2022-2478 - Description: Use after free in PDF.js in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. - Severity: High - Risk: High - Updated: March 2023 - Impacted versions: Unknown - Addressed in version: 1.1.2 VMR self-service portal CVE-2023-4028 - Description: The Pexip VMR self-service portal before v9 uses the same SSH keys across different customers' installations, which allows attackers to spoof other instances by leveraging these keys. - Severity: Medium - Risk: Medium - Updated: October 2023 - Impacted versions: All prior to version 3 - Addressed in version: Version 3 Enhanced Room Management CVE-2024-6387 - Description: A race condition was found in OpenSSH's sshd. If a client does not authenticate within 120 seconds then which 2FA/GSSAPI handler is used depends on whether the client has sent any non-empty signal-safe calls. An unauthenticated remote attacker could exploit this flaw to bypass authentication. - Severity: High - Risk: High - Updated: July 2024 - Impacted versions: All prior to 2.0.1 security update 2024-07-09 - Addressed in version: 2.0.1 security update 2024-07-09 ``` 这些关键信息包括漏洞的描述、严重性、风险等级、更新日期、受影响版本和修复版本。