VYPR

Malwarebytes

by Malwarebytes

CVEs (20)

  • CVE-2024-6260HigNov 22, 2024
    risk 0.51cvss 7.8epss 0.00

    Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on…

  • CVE-2023-26088HigMar 23, 2023
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios.

  • CVE-2016-10717HigMar 21, 2018
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of…

  • CVE-2018-5277HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5276HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5272HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5271HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5270HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they "have not been able…

  • CVE-2023-43688HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). There is a Heap buffer overflow in various buffer encryption utilities.

  • CVE-2023-43692HigAug 14, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). Out-of-bound reads in strings detection utilities lead to system crashes.

  • CVE-2020-25533HigJan 15, 2021
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An…

  • CVE-2020-28641HigDec 22, 2020
    risk 0.46cvss 7.1epss 0.01

    In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system.

  • CVE-2023-43687MedAug 14, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). There is a Race condition that leads to code execution because of a lack of locks between file verification and execution.

  • CVE-2023-43683MedAug 14, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). A Stack buffer out-of-bounds access exists because of an integer underflow when handling newline characters.

  • CVE-2023-43686MedJun 9, 2026
    risk 0.40cvss 6.2epss 0.00

    An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service.

  • CVE-2021-43768MedOct 24, 2025
    risk 0.34cvss 5.3epss 0.00

    In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe.

  • CVE-2023-43694MedAug 14, 2025
    risk 0.34cvss 5.2epss 0.00

    An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later). An Out of bounds read in several disassembling utilities causes stability issues and denial of service.

  • CVE-2018-5278LowJan 8, 2018
    risk 0.21cvss 3.3epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able…

  • CVE-2022-50971Jun 19, 2026
    risk 0.00cvss epss 0.00

    Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute…

  • CVE-2023-29144Dec 12, 2025
    risk 0.00cvss epss 0.00

    Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in some scenarios. This allows a bypass of detection.