| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-14141 | 6.5 |
The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
|
17-10-2019 - 20:25 | 19-09-2017 - 15:29 | |
| CVE-2017-14143 | 7.5 |
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and e
|
27-01-2018 - 02:29 | 19-09-2017 - 15:29 | |
| CVE-2017-14142 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to server/admin_console/web/tools/bigRedButton.php; the (3
|
29-09-2017 - 13:54 | 19-09-2017 - 15:29 |