CVE-2023-29147
https://notcve.org/view.php?id=CVE-2023-29147
In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier. • https://malwarebytes.com https://www.malwarebytes.com/secure/cves/cve-2023-29147 •
CVE-2023-29145
https://notcve.org/view.php?id=CVE-2023-29145
The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger. • https://malwarebytes.com https://www.malwarebytes.com/secure/cves/cve-2023-29145 •
CVE-2023-26088
https://notcve.org/view.php?id=CVE-2023-26088
In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios. • https://support.malwarebytes.com/hc/en-us/articles/14279575968659-Malwarebytes-for-Windows-4-5-23-Release-Notes https://www.malwarebytes.com/secure/cves/cve-2023-26088 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2020-25533
https://notcve.org/view.php?id=CVE-2020-25533
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn. Se detectó un problema en Malwarebytes versiones anteriores a 4.0 en macOS. • https://wojciechregula.blog/post/learn-xpc-exploitation-part-2-say-no-to-the-pid • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2020-28641
https://notcve.org/view.php?id=CVE-2020-28641
In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system. En Malwarebytes Free versión 4.1.0.56, se puede utilizar un enlace simbólico para eliminar un archivo arbitrario en el sistema explotando el sistema de cuarentena local • https://support.malwarebytes.com/hc/en-us/articles/1500000403501-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-Endpoint-Protection https://support.malwarebytes.com/hc/en-us/articles/360058885974-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-for-Windows https://www.malwarebytes.com • CWE-59: Improper Link Resolution Before File Access ('Link Following') •