) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:plex:media_server:1.19.1.2701:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2021-33959 |
Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service. Published: January 18, 2023; 9:15:10 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2021-42835 |
An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC functionality and execute code from a path of his choice (local, or remote via SMB) because of a TOCTOU race condition. This code execution is in the context of the Plex update service (which runs as SYSTEM). Published: December 08, 2021; 10:15:10 AM -0500 |
V3.1: 7.0 HIGH V2.0: 6.9 MEDIUM |
| CVE-2020-5742 |
Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests. Published: June 15, 2020; 4:15:11 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2020-5741 |
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. Published: May 08, 2020; 9:15:11 AM -0400 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |