Lucene search
K

4 matches found

CVE
CVE
added 2020/05/08 12:2 p.m.756 views

CVE-2020-5741

Plex Media Server on Windows prior to version 1.19.3 is affected by CVE-2020-5741: an authenticated attacker can trigger unsafe Python pickle deserialization (Dict file) during camera-upload related processing, leading to remote code execution as the OS user who runs Plex. Public references descr...

7.2CVSS7.2AI score0.7275EPSS
In wildWeb
CVE
CVE
added 2020/06/15 7:26 p.m.292 views

CVE-2020-5742

CVE-2020-5742 : Affected software is Plex Media Server. The vulnerability is due to improper access control, allowing any origin to execute cross-origin application requests prior to 2020-06-15. The root cause is inadequate restriction on cross-origin interactions, enabling potentially unauthoriz...

8.8CVSS8.7AI score0.01415EPSS
CVE
CVE
added 2020/04/22 3:2 p.m.123 views

CVE-2020-5740

Plex Media Server (Windows) is affected by CVE-2020-5740 due to improper input validation. The vulnerability allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges through the Plex update service/related input handling. This is a local privilege-escalatio...

7.8CVSS7.9AI score0.00747EPSS
CVE
CVE
added 2021/12/08 2:34 p.m.78 views

CVE-2021-42835

Plex Media Server up to version 1.24.4.5081-e362dc1ee is affected by a TOCTOU race in the exposed RPC interface of the Product Update Service, enabling a local attacker with a low-privileged account to interact with the RPC and execute code from a chosen path (local or via SMB) with the update se...

7CVSS7.1AI score0.01166EPSS