Opswat CVE - OpenCVE

Filtered by vendor Opswat Subscribe

Total 7 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-36659	1 Opswat	1 Metadefender Kiosk	2023-12-10	N/A	9.8 CRITICAL
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication).
CVE-2023-36657	1 Opswat	1 Metadefender Kiosk	2023-12-10	N/A	9.8 CRITICAL
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.
CVE-2023-36658	1 Opswat	2 Media Validation Agent, Metadefender Kiosk	2023-12-10	N/A	7.8 HIGH
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally.
CVE-2022-40778	1 Opswat	1 Metadefender	2023-12-10	N/A	5.4 MEDIUM
A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.
CVE-2022-32273	1 Opswat	1 Metadefender	2023-12-10	4.0 MEDIUM	4.3 MEDIUM
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server.
CVE-2022-32272	1 Opswat	1 Metadefender	2023-12-10	7.5 HIGH	9.8 CRITICAL
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.
CVE-2018-16275	1 Opswat	1 Metadefender	2023-12-10	6.8 MEDIUM	7.8 HIGH
OPSWAT MetaDefender before v4.11.2 allows CSV injection.

Vulnerabilities (CVE)