malwarebytes 漏洞与 CVE 列表(30)

产品(CPE): — CVE 数: 30

malwarebytes 漏洞概览

汇总 malwarebytes 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

历史漏洞主要涉及 路径处理缺陷与缓冲区溢出 等问题,部分漏洞可能导致 文件覆盖,并影响 生产负载与软件部署 相关场景。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 12030 CVE 数
«« 第一页 « 上一页 第 1 / 2 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2022-50971 Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem privileges during service startup or system reboot. [email protected] 8.5 0.17% 2026-06-19 2026-06-26
CVE-2023-29144 Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in some scenarios. This allows a bypass of detection. [email protected] 3.3 0.18% 2025-12-12 2026-06-17
CVE-2025-54569 In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the installer is vulnerable to local privilege escalation. [email protected] 4.5 0.10% 2025-07-28 2026-06-17
CVE-2024-6260 Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Malwarebytes service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage [email protected] 7.8 0.29% 2024-11-22 2026-06-17
CVE-2024-25089 Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes. [email protected] 9.8 1.80% 2024-02-04 2026-06-17
CVE-2023-29147 In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier. [email protected] 5.5 0.27% 2023-06-30 2026-06-17
CVE-2023-29145 The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger. [email protected] 7.8 0.30% 2023-06-30 2026-06-17
CVE-2023-27469 Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a '\0' character. [email protected] 7.1 0.38% 2023-06-30 2026-06-17
CVE-2023-36631 Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password." [email protected] 7.8 0.68% 2023-06-26 2026-06-17
CVE-2023-28892 Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link. [email protected] 7.8 0.49% 2023-03-29 2026-06-17
CVE-2023-26088 In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios. [email protected] 7.8 0.47% 2023-03-22 2026-06-17
CVE-2022-25150 In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges. [email protected] 7.8 0.45% 2022-02-14 2026-06-17
CVE-2020-25533 An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn. [email protected] 7.0 0.25% 2021-01-15 2026-06-16
CVE-2020-28641 In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system. [email protected] 7.1 0.76% 2020-12-22 2026-06-16
CVE-2020-11507 An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded. [email protected] 7.8 0.85% 2020-04-06 2026-06-16
CVE-2019-19929 An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product. [email protected] 7.8 0.77% 2019-12-22 2026-06-16
CVE-2019-6739 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handles URIs within certain schemes. The product does not warn the user that a dangerous navigation is about to take place. Because special characters in the URI are not sanitized, this could lead to the execu [email protected] 8.8 9.90% 2019-06-03 2026-06-16
CVE-2016-10717 A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP. [email protected] 7.8 1.06% 2018-03-21 2026-06-16
CVE-2018-5279 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit). [email protected] 7.8 0.49% 2018-01-08 2026-06-16
CVE-2018-5278 In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit). [email protected] 3.3 0.39% 2018-01-08 2026-06-16
«« 第一页 « 上一页 第 1 / 2 页 下一页 »
cvelogic Threat Intelligence