Vulnerabilities > Wowza > Streaming Engine
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-05 | CVE-2021-35491 | Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. | 5.8 |
| 2021-10-05 | CVE-2021-35492 | Allocation of Resources Without Limits or Throttling vulnerability in Wowza Streaming Engine Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. | 4.0 |
| 2021-04-23 | CVE-2021-31540 | Incorrect Permission Assignment for Critical Resource vulnerability in Wowza Streaming Engine Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. | 3.6 |
| 2021-04-23 | CVE-2021-31539 | Cleartext Storage of Sensitive Information vulnerability in Wowza Streaming Engine Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. | 2.1 |
| 2020-08-03 | CVE-2019-19455 | Incorrect Permission Assignment for Critical Resource vulnerability in Wowza Streaming Engine Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as root. | 7.2 |
| 2020-08-03 | CVE-2019-19453 | Cross-site Scripting vulnerability in Wowza Streaming Engine Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). | 5.4 |
| 2020-05-18 | CVE-2019-19456 | Cross-site Scripting vulnerability in Wowza Streaming Engine A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x. | 4.3 |
| 2020-05-18 | CVE-2019-19454 | Unspecified vulnerability in Wowza Streaming Engine An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine <= 4.x.x. | 5.0 |
| 2020-04-14 | CVE-2020-9004 | Missing Authentication for Critical Function vulnerability in Wowza Streaming Engine A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality. | 9.0 |
| 2020-01-29 | CVE-2019-7656 | Incorrect Permission Assignment for Critical Resource vulnerability in Wowza Streaming Engine A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. | 7.2 |