Vulnerabilities > Plex > Media Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-18 | CVE-2021-33959 | Origin Validation Error vulnerability in Plex Media Server Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service. | 7.5 |
| 2021-12-08 | CVE-2021-42835 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Plex Media Server An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. | 7.0 |
| 2020-06-15 | CVE-2020-5742 | Unspecified vulnerability in Plex Media Server Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests. | 8.8 |
| 2020-05-08 | CVE-2020-5741 | Deserialization of Untrusted Data vulnerability in Plex Media Server Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. | 7.2 |
| 2020-04-22 | CVE-2020-5740 | Uncontrolled Search Path Element vulnerability in Plex Media Server Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges. | 7.8 |
| 2019-12-19 | CVE-2019-19141 | Path Traversal vulnerability in Plex Media Server 0.9.9.2/1.13.2.5154/1.18.2.2029 The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. | 8.8 |
| 2019-11-18 | CVE-2018-21031 | Insufficiently Protected Credentials vulnerability in Plex Media Server 1.18.2.202936236Cc4C Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. | 6.5 |
| 2018-08-13 | CVE-2018-13415 | XXE vulnerability in Plex Media Server 1.13.2.5154 In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. | 9.8 |