Filtered by vendor Malwarebytes
Subscribe
Total
19 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-25150 | 1 Malwarebytes | 1 Binisoft Windows Firewall Control | 2022-02-23 | 4.6 MEDIUM | 7.8 HIGH |
In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges. | |||||
CVE-2020-25533 | 1 Malwarebytes | 1 Malwarebytes | 2021-01-26 | 6.9 MEDIUM | 7.0 HIGH |
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn. | |||||
CVE-2020-28641 | 1 Malwarebytes | 2 Endpoint Protection, Malwarebytes | 2020-12-23 | 6.6 MEDIUM | 7.1 HIGH |
In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system. | |||||
CVE-2019-6739 | 1 Malwarebytes | 1 Antimalware | 2020-10-06 | 6.8 MEDIUM | 8.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handles URIs within certain schemes. The product does not warn the user that a dangerous navigation is about to take place. Because special characters in the URI are not sanitized, this could lead to the execution of arbitrary commands. An attacker can leverage this vulnerability to execute code in the context of the current user at medium integrity. Was ZDI-CAN-7162. | |||||
CVE-2020-11507 | 1 Malwarebytes | 1 Adwcleaner | 2020-04-06 | 6.9 MEDIUM | 7.8 HIGH |
An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded. | |||||
CVE-2019-19929 | 1 Malwarebytes | 1 Adwcleaner | 2020-01-03 | 6.9 MEDIUM | 7.8 HIGH |
An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product. | |||||
CVE-2018-5270 | 1 Malwarebytes | 1 Malwarebytes | 2019-03-13 | 6.1 MEDIUM | 7.8 HIGH |
** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)." | |||||
CVE-2018-5271 | 1 Malwarebytes | 1 Malwarebytes | 2019-03-13 | 6.1 MEDIUM | 7.8 HIGH |
** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)." | |||||
CVE-2018-5272 | 1 Malwarebytes | 1 Malwarebytes | 2019-03-13 | 6.1 MEDIUM | 7.8 HIGH |
** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)." | |||||
CVE-2018-5275 | 1 Malwarebytes | 1 Malwarebytes | 2019-03-13 | 6.1 MEDIUM | 7.8 HIGH |
** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)." | |||||
CVE-2018-5273 | 1 Malwarebytes | 1 Malwarebytes | 2019-03-13 | 6.1 MEDIUM | 7.8 HIGH |
** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e014. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)." | |||||
CVE-2018-5274 | 1 Malwarebytes | 1 Malwarebytes | 2019-03-13 | 6.1 MEDIUM | 7.8 HIGH |
** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)." | |||||
CVE-2018-5276 | 1 Malwarebytes | 1 Malwarebytes | 2019-03-13 | 6.1 MEDIUM | 7.8 HIGH |
** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)." | |||||
CVE-2018-5278 | 1 Malwarebytes | 1 Malwarebytes | 2019-03-05 | 6.1 MEDIUM | 7.8 HIGH |
** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)." | |||||
CVE-2018-5279 | 1 Malwarebytes | 1 Malwarebytes | 2019-03-05 | 6.1 MEDIUM | 7.8 HIGH |
** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)." | |||||
CVE-2018-5277 | 1 Malwarebytes | 1 Malwarebytes | 2019-03-05 | 6.1 MEDIUM | 7.8 HIGH |
** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)." | |||||
CVE-2016-10717 | 1 Malwarebytes | 1 Malwarebytes Anti-malware | 2018-04-18 | 4.6 MEDIUM | 7.8 HIGH |
A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP. | |||||
CVE-2014-4936 | 1 Malwarebytes | 2 Malwarebytes Anti-exploit, Malwarebytes Anti-malware | 2016-12-06 | 9.3 HIGH | N/A |
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable. | |||||
CVE-2014-100039 | 1 Malwarebytes | 1 Malwarebytes Anti-exploit | 2015-01-14 | 2.1 LOW | N/A |
mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information. |