Vulnerabilities > Plex > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-08 | CVE-2021-42835 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Plex Media Server An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. | 6.9 |
| 2020-06-15 | CVE-2020-5742 | Exposure of Resource to Wrong Sphere vulnerability in Plex Media Server 1.13.2.5154/1.18.2.2029 Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests. | 6.8 |
| 2020-05-08 | CVE-2020-5741 | Deserialization of Untrusted Data vulnerability in Plex Media Server Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. | 6.5 |
| 2019-12-19 | CVE-2019-19141 | Unrestricted Upload of File with Dangerous Type vulnerability in Plex Media Server 1.13.2.5154/1.18.2.2029 The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. | 6.5 |
| 2019-11-18 | CVE-2018-21031 | Insufficiently Protected Credentials vulnerability in Plex Media Server 1.18.2.202936236Cc4C Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. | 4.0 |
| 2014-12-02 | CVE-2014-9181 | Path Traversal vulnerability in Plex Media Server 0.9.9.2 Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. | 5.0 |