Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7656 | 1 Wowza | 1 Streaming Engine | 2022-05-03 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/* core program files. By injecting a payload into one of those files, it will run with the same privileges as the Wowza server, root. For example, /usr/local/WowzaStreamingEngine/bin/tune.sh could be replaced with a Trojan horse. This issue was resolved in Wowza Streaming Engine 4.8.5. | |||||
| CVE-2020-9004 | 1 Wowza | 1 Streaming Engine | 2022-05-03 | 9.0 HIGH | 8.8 HIGH |
| A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port in unauthenticated mode and execute OS commands under root privileges. This issue was resolved in Wowza Streaming Engine 4.8.5. | |||||
| CVE-2019-19455 | 1 Wowza | 1 Streaming Engine | 2022-04-28 | 7.2 HIGH | 7.8 HIGH |
| Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as root. This issue was resolved in Wowza Streaming Engine 4.8.5. | |||||
| CVE-2021-31540 | 1 Wowza | 1 Streaming Engine | 2021-12-03 | 3.6 LOW | 7.1 HIGH |
| Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration. | |||||
| CVE-2021-35491 | 1 Wowza | 1 Streaming Engine | 2021-11-06 | 5.8 MEDIUM | 8.1 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolved in Wowza Streaming Engine release 4.8.14. | |||||
| CVE-2019-19454 | 1 Wowza | 1 Streaming Engine | 2020-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine <= 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0. | |||||
| CVE-2018-7048 | 1 Wowza | 1 Streaming Engine | 2020-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request. | |||||
| CVE-2018-19365 | 1 Wowza | 1 Streaming Engine | 2020-09-18 | 5.0 MEDIUM | 7.5 HIGH |
| The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request. | |||||