← Back

Streaming Engine

streaming_engine

Vendor: Wowza • 26 CVEs

CVEs (26)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-7654
1Wowza
1Streaming Engine
Nov 21, 2024
Jan 29, 2020
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via e...Show more
Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component. This issue was resolved in Wowza Streaming Engine 4.8.5.Show less
CVE-2018-19365
1Wowza
1Streaming Engine
Nov 21, 2024
Mar 21, 2019
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.
CVE-2017-16922
1Wowza
1Streaming Engine
Nov 21, 2024
Mar 5, 2018
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request.
CVE-2018-7049
1Wowza
1Streaming Engine
Nov 21, 2024
Mar 1, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causin...Show more
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request.Show less
CVE-2018-7048
1Wowza
1Streaming Engine
Nov 21, 2024
Mar 1, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request.
CVE-2018-7047
1Wowza
1Streaming Engine
Nov 21, 2024
Mar 1, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well).