threat
engine
.sh
Back
·
··:··
Home
/
Product
/
wowza streaming engine
Product
wowza streaming engine
26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2016-20036
all versions
Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where
6.1
MEDIUM
CVE-2016-20035
all versions
Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative a
5.3
MEDIUM
CVE-2016-20034
all versions
Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate pr
8.8
HIGH
CVE-2016-20033
all versions
Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privi
7.8
HIGH
CVE-2024-52056
>= 4.3.0 and < 4.9.1
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to delete any directory
6.5
MEDIUM
CVE-2024-52055
>= 4.3.0 and < 4.9.1
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the
4.9
MEDIUM
CVE-2024-52054
>= 4.3.0 and < 4.9.1
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML defin
2.7
LOW
CVE-2024-52053
>= 4.3.0 and < 4.9.1
Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to i
9.6
CRITICAL
CVE-2024-52052
>= 4.3.0 and < 4.9.1
Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application
7.2
HIGH
CVE-2021-35492
<= 4.8.11
Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /eng
6.5
MEDIUM
CVE-2021-35491
< 4.8.14
A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a
8.1
HIGH
CVE-2021-31540
<= 4.8.5
Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf
7.1
HIGH
CVE-2021-31539
< 4.8.8.01
Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file.
5.5
MEDIUM
CVE-2019-19455
< 4.8.5
Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / lo
7.8
HIGH
CVE-2019-19453
< 4.8.5
Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to the proxy license editing is
5.4
MEDIUM
CVE-2019-19456
>= 4.0.0 and <= 4.8.0
A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming
6.1
MEDIUM
CVE-2019-19454
>= 4.0.0 and <= 4.8.0
An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine <= 4.x.x. This issue was resolv
7.5
HIGH
CVE-2020-9004
<= 4.8.0
A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to
8.8
HIGH
CVE-2019-7656
<= 4.8.0
A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate pr
7.8
HIGH
CVE-2019-7655
<= 4.8.0
Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field
5.4
MEDIUM
CVE-2019-7654
<= 4.8.0
Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a
6.5
MEDIUM
CVE-2018-19365
all versions
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote,
9.1
CRITICAL
CVE-2017-16922
< 4.7.1
In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structu
5.3
MEDIUM
CVE-2018-7049
< 4.7.1
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms
6.1
MEDIUM
CVE-2018-7048
< 4.7.1
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HT
7.5
HIGH
CVE-2018-7047
< 4.7.1
An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to vi
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin