Vulnerabilities > Wowza > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-05 CVE-2021-35491 Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine
A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter.
network
low complexity
wowza CWE-352
8.1
8.1
2021-04-23 CVE-2021-31540 Incorrect Permission Assignment for Critical Resource vulnerability in Wowza Streaming Engine
Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory.
local
low complexity
wowza CWE-732
7.1
7.1
2020-08-03 CVE-2019-19455 Incorrect Permission Assignment for Critical Resource vulnerability in Wowza Streaming Engine
Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as root.
local
low complexity
wowza CWE-732
7.8
7.8
2020-05-18 CVE-2019-19454 Unspecified vulnerability in Wowza Streaming Engine
An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine <= 4.x.x.
network
low complexity
wowza
7.5
7.5
2020-04-14 CVE-2020-9004 Missing Authentication for Critical Function vulnerability in Wowza Streaming Engine
A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality.
network
low complexity
wowza CWE-306
8.8
8.8
2020-01-29 CVE-2019-7656 Incorrect Permission Assignment for Critical Resource vulnerability in Wowza Streaming Engine
A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root.
local
low complexity
wowza CWE-732
7.8
7.8
2018-03-01 CVE-2018-7048 Resource Exhaustion vulnerability in Wowza Streaming Engine
An issue was discovered in Wowza Streaming Engine before 4.7.1.
network
low complexity
wowza CWE-400
7.5
7.5