CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5742
https://notcve.org/view.php?id=CVE-2020-5742
15 Jun 2020 — Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests. Un Control de Acceso Inapropiado en Plex Media Server antes del 15 de junio de 2020, permite que cualquier origen ejecute peticiones de aplicaciones de origen cruzado • https://www.tenable.com/security/research/tra-2020-35 •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 1CVE-2017-15687 – Logitech Media Server - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-15687
23 Oct 2017 — DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI. Existe Cross-Site Scripting (XSS) basado en DOM en Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0 y 7.9.1 mediante una URI manipulada. • https://www.exploit-db.com/exploits/43024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 2CVE-2007-6036 – LIVE555 Media Server 2007.11.1 - ParseRTSPRequestString Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-6036
20 Nov 2007 — The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation. La función parseRTSPRequestString en LIVE555 Media Server 2007.11.01 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de demonio) a través de una consulta pequeña RTSP, lo cual deriba en un número negativo para ser usado a lo largo de loc... • https://www.exploit-db.com/exploits/30776 • CWE-20: Improper Input Validation •