CPE Details
Plex Media Server 1.18.2.2029-36236cc4c
1.18.2.2029-36236cc4c
2021-12-10
15h57 +00:00
15h57 +00:00
2021-12-10
15h58 +00:00
15h58 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:plex:media_server:1.18.2.2029-36236cc4c:*:*:*:*:*:*:*
Informations
Vendor
plexProduct
media_serverVersion
1.18.2.2029-36236cc4cRelated CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service. | 7.5 |
High |
||
| An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC functionality and execute code from a path of his choice (local, or remote via SMB) because of a TOCTOU race condition. This code execution is in the context of the Plex update service (which runs as SYSTEM). | 7 |
High |
||
| Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests. | 8.8 |
High |
||
| Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. | 7.2 |
High |
||
| Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges. | 7.8 |
High |
||
| Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initially, this id was associated with Plex Media Server 1.18.2.2029-36236cc4c as the affected product and version. Further research indicated that Tautulli is the correct affected product. | 6.5 |
Medium |
2025©
tesweb SA
