Vulnerabilities > Wowza

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-05	CVE-2021-35491	Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. network wowza CWE-352	5.8
2021-10-05	CVE-2021-35492	Allocation of Resources Without Limits or Throttling vulnerability in Wowza Streaming Engine Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. network low complexity wowza CWE-770	4.0
2021-04-23	CVE-2021-31540	Incorrect Permission Assignment for Critical Resource vulnerability in Wowza Streaming Engine Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. local low complexity wowza CWE-732	3.6
2021-04-23	CVE-2021-31539	Cleartext Storage of Sensitive Information vulnerability in Wowza Streaming Engine Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. local low complexity wowza CWE-312	2.1
2020-08-03	CVE-2019-19455	Incorrect Permission Assignment for Critical Resource vulnerability in Wowza Streaming Engine Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as root. local low complexity wowza CWE-732	7.2
2020-08-03	CVE-2019-19453	Cross-site Scripting vulnerability in Wowza Streaming Engine Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). network low complexity wowza CWE-79	5.4
2020-05-18	CVE-2019-19456	Cross-site Scripting vulnerability in Wowza Streaming Engine A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x. network wowza CWE-79	4.3
2020-05-18	CVE-2019-19454	Unspecified vulnerability in Wowza Streaming Engine An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine <= 4.x.x. network low complexity wowza	5.0
2020-04-14	CVE-2020-9004	Missing Authentication for Critical Function vulnerability in Wowza Streaming Engine A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality. network low complexity wowza CWE-306 critical	9.0
2020-01-29	CVE-2019-7656	Incorrect Permission Assignment for Critical Resource vulnerability in Wowza Streaming Engine A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. local low complexity wowza CWE-732	7.2

Vulnerabilities > Wowza {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Wowza"}]}

Vulnerabilities > Wowza