Vulnerabilities > Malwarebytes

DATE CVE VULNERABILITY TITLE RISK
2024-02-04 CVE-2024-25089 Unspecified vulnerability in Malwarebytes Binisoft Windows Firewall Control
Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes.
network
low complexity
malwarebytes
critical
9.8
2023-06-30 CVE-2023-29147 Unspecified vulnerability in Malwarebytes Endpoint Detection and Response and Malwarebytes
In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier.
local
low complexity
malwarebytes
5.5
2023-06-30 CVE-2023-27469 Unspecified vulnerability in Malwarebytes Anti-Exploit
Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a '\0' character.
local
low complexity
malwarebytes
7.1
2023-06-30 CVE-2023-29145 Unspecified vulnerability in Malwarebytes Endpoint Detection and Response and Malwarebytes
The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution.
local
low complexity
malwarebytes
7.8
2023-06-26 CVE-2023-36631 Unspecified vulnerability in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0
Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab.
local
low complexity
malwarebytes
7.8
2023-03-29 CVE-2023-28892 Link Following vulnerability in Malwarebytes Adwcleaner
Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link.
local
low complexity
malwarebytes CWE-59
7.8
2023-03-23 CVE-2023-26088 Link Following vulnerability in Malwarebytes
In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system.
local
low complexity
malwarebytes CWE-59
7.8
2022-02-14 CVE-2022-25150 Improper Privilege Management vulnerability in Malwarebytes Binisoft Windows Firewall Control
In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges.
local
low complexity
malwarebytes CWE-269
7.8
2021-01-15 CVE-2020-25533 Race Condition vulnerability in Malwarebytes
An issue was discovered in Malwarebytes before 4.0 on macOS.
local
high complexity
malwarebytes CWE-362
7.0
2020-12-22 CVE-2020-28641 Link Following vulnerability in Malwarebytes Endpoint Protection and Malwarebytes
In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system.
local
low complexity
malwarebytes CWE-59
7.1