Filtered by vendor Emby
Subscribe
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26948 | 1 Emby | 1 Emby | 2023-01-10 | 7.5 HIGH | 9.8 CRITICAL |
| Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. | |||||
| CVE-2022-36223 | 1 Emby | 1 Emby | 2022-12-20 | N/A | 6.1 MEDIUM |
| In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account. | |||||
| CVE-2021-32833 | 1 Emby | 1 Emby.releases | 2021-09-16 | 4.3 MEDIUM | 8.6 HIGH |
| Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.4.0 and may not be patched in later versions. Known vulnerable routes are /Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer, /Images/Ratings/theme/name and /Images/MediaInfo/theme/name. For more details including proof of concept code, refer to the referenced GHSL-2021-051. This issue may lead to unauthorized access to the system especially when Emby Server is configured to be accessible from the Internet. | |||||