Vulnerabilities > Wowza

DATE CVE VULNERABILITY TITLE RISK
2021-10-05 CVE-2021-35491 Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine
A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter.
network
low complexity
wowza CWE-352
8.1
2021-10-05 CVE-2021-35492 Allocation of Resources Without Limits or Throttling vulnerability in Wowza Streaming Engine
Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter.
network
low complexity
wowza CWE-770
6.5
2021-04-23 CVE-2021-31540 Incorrect Permission Assignment for Critical Resource vulnerability in Wowza Streaming Engine
Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory.
local
low complexity
wowza CWE-732
7.1
2021-04-23 CVE-2021-31539 Cleartext Storage of Sensitive Information vulnerability in Wowza Streaming Engine
Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file.
local
low complexity
wowza CWE-312
5.5
2020-08-03 CVE-2019-19455 Incorrect Permission Assignment for Critical Resource vulnerability in Wowza Streaming Engine
Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as root.
local
low complexity
wowza CWE-732
7.8
2020-08-03 CVE-2019-19453 Cross-site Scripting vulnerability in Wowza Streaming Engine
Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2).
network
low complexity
wowza CWE-79
5.4
2020-05-18 CVE-2019-19456 Cross-site Scripting vulnerability in Wowza Streaming Engine
A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x.
network
low complexity
wowza CWE-79
6.1
2020-05-18 CVE-2019-19454 Unspecified vulnerability in Wowza Streaming Engine
An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine <= 4.x.x.
network
low complexity
wowza
7.5
2020-04-14 CVE-2020-9004 Missing Authentication for Critical Function vulnerability in Wowza Streaming Engine
A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality.
network
low complexity
wowza CWE-306
8.8
2020-01-29 CVE-2019-7656 Incorrect Permission Assignment for Critical Resource vulnerability in Wowza Streaming Engine
A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root.
local
low complexity
wowza CWE-732
7.8