CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52925
https://notcve.org/view.php?id=CVE-2024-52925
26 Feb 2025 — In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives. • https://www.opswat.com/docs/mdkiosk/release-notes/cve-2024-52925 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36657
https://notcve.org/view.php?id=CVE-2023-36657
15 Sep 2023 — An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation. Se descubrió un problema en OPSWAT MetaDefender KIOSK 4.6.1.9996. Se puede abusar de las funciones integradas de Windows (atajos de escritorio, narrador) para escalar privilegios. • https://docs.opswat.com/mdkiosk • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-36658
https://notcve.org/view.php?id=CVE-2023-36658
15 Sep 2023 — An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally. Se descubrió un problema en OPSWAT MetaDefender KIOSK 4.6.1.9996. Tiene una ruta de servicio no citada de la que se puede abusar localmente. • https://docs.opswat.com/mdkiosk • CWE-428: Unquoted Search Path or Element •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-36659
https://notcve.org/view.php?id=CVE-2023-36659
15 Sep 2023 — An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication). Se descubrió un problema en OPSWAT MetaDefender KIOSK 4.6.1.9996. Las entradas largas no se procesaron adecuadamente, lo que permite a atacantes remotos provocar una denegación de servicio (pérdida de comunicación). • https://docs.opswat.com/mdkiosk • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •