46 matches found
PT-2025-21208 · Palo Alto Networks +1 · Palo Alto Networks Globalprotect +1
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks GlobalProtect affected versions not specified Description: The issue is related to an incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtec...
CVE-2024-52925
In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives...
CVE-2024-52925
In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives...
CVE-2024-52925
OPSWAT MetaDefender Kiosk prior to version 4.7.0 is affected by an arbitrary code execution vulnerability via the MD Kiosk Unlock Device feature for software-encrypted USB drives. The root cause is exploitation of the unlock device functionality, enabling an attacker to execute code on the host. ...
CVE-2024-52925
In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives...
Opswat Metadefender Core 安全漏洞
OPSWAT MetaDefender Core OPSWAT MDCore is a multi-engine anti-malware software from OPSWAT, Inc. It prevents the upload of malicious files on web applications that bypass sandboxing and other detection-based security solutions. A security vulnerability exists in Opswat Metadefender Core versions...
CVE-2023-25364
Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks...
CVE-2023-36659
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service loss of communication...
CVE-2023-36659
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service loss of communication...
CVE-2023-36657
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows desktop shortcuts, narrator can be abused for privilege escalation...
CVE-2023-36658
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally...
Design/Logic Flaw
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally...
OPSWAT MetaDefender KIOSK Code Issue Vulnerability
OPSWAT MetaDefender KIOSK is a digital security guard from OPSWAT USA. A security vulnerability exists in OPSWAT MetaDefender KIOSK version 4.6.1.9996, which stems from the presence of a service path disclosure issue. An attacker can exploit the vulnerability to elevate privileges...
OPSWAT MetaDefender KIOSK Security Vulnerability
OPSWAT MetaDefender KIOSK is a digital security guard from OPSWAT USA. A security vulnerability exists in OPSWAT MetaDefender KIOSK version 4.6.1.9996, which stems from the fact that some of the built-in features of Windows can be abused for elevation of privilege...
CVE-2023-36658
Affected software: OPSWAT MetaDefender KIOSK 4.6.1.9996. Vulnerability type / root cause: unquoted service path that can be abused locally, enabling potential local privilege escalation. Impact (as documented): high confidentiality, integrity, and availability impact; CVSS 3.1 base score 7.8 (LOC...
CVE-2023-36659
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service loss of communication...
CVE-2022-40778
A stored Cross-Site Scripting XSS vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response...
CVE-2022-40778
A stored Cross-Site Scripting XSS vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response...
CVE-2022-40778
CVE-2022-40778 affects OPSWAT MetaDefender ICAP Server prior to 4.13.0. The vulnerability is a stored XSS caused by the blocked page response, allowing an attacker to execute arbitrary JavaScript or HTML. Connected sources confirm the affected product/version and the XSS impact. The entry does no...
CVE-2022-40778
A stored Cross-Site Scripting XSS vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response...