84 matches found
CVE-2025-0131 GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK
An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However,...
CVE-2025-0131 GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK
An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However,...
CVE-2025-0131
The CVE-2025-0131 issue affects Palo Alto Networks GlobalProtect on Windows, stemming from an incorrect privilege management flaw in the OPSWAT MetaDefender Endpoint Security SDK. The vulnerability could allow a locally authenticated non-administrative Windows user to escalate to NT AUTHORITY\SYS...
PT-2025-21208 · Palo Alto Networks +1 · Palo Alto Networks Globalprotect +1
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks GlobalProtect affected versions not specified Description: The issue is related to an incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtec...
CVE-2024-52925
In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives...
CVE-2024-52925
In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives...
OPSWAT MetaDefender KIOSK 代码注入漏洞
OPSWAT MetaDefender KIOSK is a digital security guard from OPSWAT USA. A security vulnerability exists in OPSWAT MetaDefender KIOSK versions prior to 4.7.0. An attacker can exploit the vulnerability to execute arbitrary code...
CVE-2024-52925
In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives...
CVE-2024-52925
OPSWAT MetaDefender Kiosk prior to version 4.7.0 is affected by an arbitrary code execution vulnerability via the MD Kiosk Unlock Device feature for software-encrypted USB drives. The root cause is exploitation of the unlock device functionality, enabling an attacker to execute code on the host. ...
CVE-2024-52925
In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives...
CVE-2023-25364
Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks...
CVE-2023-25364
Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks...
CVE-2023-25364
Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks...
Opswat Metadefender Core 安全漏洞
OPSWAT MetaDefender Core OPSWAT MDCore is a multi-engine anti-malware software from OPSWAT, Inc. It prevents the upload of malicious files on web applications that bypass sandboxing and other detection-based security solutions. A security vulnerability exists in Opswat Metadefender Core versions...
CVE-2023-25364
CVE-2023-25364 : Opswat Metadefender Core versions prior to 5.2.1 are vulnerable to HTML injection and XSS attacks due to inadequate input handling. The Red Hat, NVD, CVE listings all describe the same issue. Affected product: Opswat Metadefender Core; vulnerable component/path not explicitly det...
CVE-2023-36659
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service loss of communication...
CVE-2023-36659
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service loss of communication...
CVE-2023-36659
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service loss of communication...
CVE-2023-36657
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows desktop shortcuts, narrator can be abused for privilege escalation...
CVE-2023-36657
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows desktop shortcuts, narrator can be abused for privilege escalation...