4 matches found
CVE-2020-5741
Plex Media Server on Windows prior to version 1.19.3 is affected by CVE-2020-5741: an authenticated attacker can trigger unsafe Python pickle deserialization (Dict file) during camera-upload related processing, leading to remote code execution as the OS user who runs Plex. Public references descr...
CVE-2020-5742
CVE-2020-5742 : Affected software is Plex Media Server. The vulnerability is due to improper access control, allowing any origin to execute cross-origin application requests prior to 2020-06-15. The root cause is inadequate restriction on cross-origin interactions, enabling potentially unauthoriz...
CVE-2020-5740
Plex Media Server (Windows) is affected by CVE-2020-5740 due to improper input validation. The vulnerability allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges through the Plex update service/related input handling. This is a local privilege-escalatio...
CVE-2021-42835
Plex Media Server up to version 1.24.4.5081-e362dc1ee is affected by a TOCTOU race in the exposed RPC interface of the Product Update Service, enabling a local attacker with a low-privileged account to interact with the RPC and execute code from a chosen path (local or via SMB) with the update se...