Vulnerabilities > Wowza

DATE CVE VULNERABILITY TITLE RISK
2020-08-03 CVE-2019-19453 Cross-site Scripting vulnerability in Wowza Streaming Engine
Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2).
network
low complexity
wowza CWE-79
5.4
2020-05-18 CVE-2019-19456 Cross-site Scripting vulnerability in Wowza Streaming Engine
A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x.
network
low complexity
wowza CWE-79
6.1
2020-05-18 CVE-2019-19454 Unspecified vulnerability in Wowza Streaming Engine
An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine <= 4.x.x.
network
low complexity
wowza
7.5
2020-04-14 CVE-2020-9004 Missing Authentication for Critical Function vulnerability in Wowza Streaming Engine
A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality.
network
low complexity
wowza CWE-306
8.8
2020-01-29 CVE-2019-7656 Incorrect Permission Assignment for Critical Resource vulnerability in Wowza Streaming Engine
A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root.
local
low complexity
wowza CWE-732
7.8
2020-01-29 CVE-2019-7655 Cross-site Scripting vulnerability in Wowza Streaming Engine
Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form.
network
low complexity
wowza CWE-79
5.4
2020-01-29 CVE-2019-7654 Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine
Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities.
network
low complexity
wowza CWE-352
6.5
2019-03-21 CVE-2018-19365 Path Traversal vulnerability in Wowza Streaming Engine 4.7.4.0.1
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.
network
low complexity
wowza CWE-22
critical
9.1
2018-03-05 CVE-2017-16922 Path Traversal vulnerability in Wowza Streaming Engine
In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request.
network
low complexity
wowza CWE-22
5.3
2018-03-01 CVE-2018-7049 Cross-site Scripting vulnerability in Wowza Streaming Engine
An issue was discovered in Wowza Streaming Engine before 4.7.1.
network
low complexity
wowza CWE-79
6.1