Vulnerabilities > Plex > Media Server > 1.18.2.2029.36236cc4c
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-18 | CVE-2021-33959 | Origin Validation Error vulnerability in Plex Media Server Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service. | 7.5 |
| 2021-12-08 | CVE-2021-42835 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Plex Media Server An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. | 6.9 |
| 2020-05-08 | CVE-2020-5741 | Deserialization of Untrusted Data vulnerability in Plex Media Server Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. | 6.5 |
| 2020-04-22 | CVE-2020-5740 | Uncontrolled Search Path Element vulnerability in Plex Media Server Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges. | 7.2 |
| 2019-11-18 | CVE-2018-21031 | Insufficiently Protected Credentials vulnerability in Plex Media Server 1.18.2.202936236Cc4C Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. | 4.0 |