Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Malwarebytes
(Malwarebytes)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-30 | CVE-2023-29145 | The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger. | Endpoint_detection_and_response, Malwarebytes | 7.8 | ||
| 2023-06-30 | CVE-2023-29147 | In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier. | Endpoint_detection_and_response, Malwarebytes | 5.5 | ||
| 2023-03-23 | CVE-2023-26088 | In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios. | Malwarebytes | 7.8 | ||
| 2021-01-15 | CVE-2020-25533 | An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn. | Malwarebytes | 7.0 | ||
| 2020-12-22 | CVE-2020-28641 | In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system. | Endpoint_protection, Malwarebytes | 7.1 |