Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
32 vulnerabilities found for malwarebytes by malwarebytes
CVE-2023-29144 (GCVE-0-2023-29144)
Vulnerability from nvd – Published: 2025-12-12 00:00 – Updated: 2025-12-12 16:55
VLAI?
Summary
Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in some scenarios. This allows a bypass of detection.
Severity ?
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T16:55:23.313750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T16:55:25.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Malwarebytes 1.0.14 for Linux doesn\u0027t properly compute signatures in some scenarios. This allows a bypass of detection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T16:24:29.992Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://malwarebytes.com"
},
{
"url": "https://www.malwarebytes.com/secure/cves/cve-2023-29144"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29144",
"datePublished": "2025-12-12T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-12-12T16:55:25.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-29147 (GCVE-0-2023-29147)
Vulnerability from nvd – Published: 2023-06-30 00:00 – Updated: 2024-11-26 20:11
VLAI?
Summary
In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://malwarebytes.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.malwarebytes.com/secure/cves/cve-2023-29147"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29147",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T20:11:04.091018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T20:11:23.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://malwarebytes.com"
},
{
"url": "https://www.malwarebytes.com/secure/cves/cve-2023-29147"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29147",
"datePublished": "2023-06-30T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2024-11-26T20:11:23.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29145 (GCVE-0-2023-29145)
Vulnerability from nvd – Published: 2023-06-30 00:00 – Updated: 2024-11-26 20:19
VLAI?
Summary
The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://malwarebytes.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.malwarebytes.com/secure/cves/cve-2023-29145"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T20:14:15.937099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T20:19:18.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Malwarebytes EDR 1.0.11 for Linux driver doesn\u0027t properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://malwarebytes.com"
},
{
"url": "https://www.malwarebytes.com/secure/cves/cve-2023-29145"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29145",
"datePublished": "2023-06-30T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2024-11-26T20:19:18.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26088 (GCVE-0-2023-26088)
Vulnerability from nvd – Published: 2023-03-23 00:00 – Updated: 2025-02-25 15:25
VLAI?
Summary
In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.malwarebytes.com/hc/en-us/articles/14279575968659-Malwarebytes-for-Windows-4-5-23-Release-Notes"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.malwarebytes.com/secure/cves/cve-2023-26088"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T15:25:06.350241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T15:25:25.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.malwarebytes.com/hc/en-us/articles/14279575968659-Malwarebytes-for-Windows-4-5-23-Release-Notes"
},
{
"url": "https://www.malwarebytes.com/secure/cves/cve-2023-26088"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26088",
"datePublished": "2023-03-23T00:00:00.000Z",
"dateReserved": "2023-02-20T00:00:00.000Z",
"dateUpdated": "2025-02-25T15:25:25.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25533 (GCVE-0-2020-25533)
Vulnerability from nvd – Published: 2021-01-15 21:55 – Updated: 2024-08-04 15:33
VLAI?
Summary
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wojciechregula.blog/post/learn-xpc-exploitation-part-2-say-no-to-the-pid/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T21:55:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wojciechregula.blog/post/learn-xpc-exploitation-part-2-say-no-to-the-pid/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wojciechregula.blog/post/learn-xpc-exploitation-part-2-say-no-to-the-pid/",
"refsource": "MISC",
"url": "https://wojciechregula.blog/post/learn-xpc-exploitation-part-2-say-no-to-the-pid/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25533",
"datePublished": "2021-01-15T21:55:22.000Z",
"dateReserved": "2020-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:33:05.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28641 (GCVE-0-2020-28641)
Vulnerability from nvd – Published: 2020-12-22 22:07 – Updated: 2024-08-04 16:40
VLAI?
Summary
In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.malwarebytes.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.malwarebytes.com/hc/en-us/articles/360058885974-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-for-Windows"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.malwarebytes.com/hc/en-us/articles/1500000403501-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-Endpoint-Protection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-22T22:07:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.malwarebytes.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.malwarebytes.com/hc/en-us/articles/360058885974-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-for-Windows"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.malwarebytes.com/hc/en-us/articles/1500000403501-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-Endpoint-Protection"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.malwarebytes.com",
"refsource": "MISC",
"url": "https://www.malwarebytes.com"
},
{
"name": "https://support.malwarebytes.com/hc/en-us/articles/360058885974-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-for-Windows",
"refsource": "CONFIRM",
"url": "https://support.malwarebytes.com/hc/en-us/articles/360058885974-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-for-Windows"
},
{
"name": "https://support.malwarebytes.com/hc/en-us/articles/1500000403501-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-Endpoint-Protection",
"refsource": "CONFIRM",
"url": "https://support.malwarebytes.com/hc/en-us/articles/1500000403501-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-Endpoint-Protection"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28641",
"datePublished": "2020-12-22T22:07:03.000Z",
"dateReserved": "2020-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:40:59.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5279 (GCVE-0-2018-5279)
Vulnerability from nvd – Published: 2018-01-08 05:00 – Updated: 2024-08-05 05:33 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:malwarebytes:malwarebytes:3.3.1.2183:*:*:*:premium:*:*:*"
],
"defaultStatus": "unknown",
"product": "malwarebytes",
"vendor": "malwarebytes",
"versions": [
{
"status": "affected",
"version": "3.3.1.2183"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-5279",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T18:45:34.644265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T18:46:39.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e02c"
},
{
"name": "102453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e02c"
},
{
"name": "102453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102453"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e02c",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e02c"
},
{
"name": "102453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102453"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5279",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5278 (GCVE-0-2018-5278)
Vulnerability from nvd – Published: 2018-01-08 05:00 – Updated: 2024-08-05 05:33 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-5278",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T18:45:19.332118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T18:45:24.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:43.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e00c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e00c"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e00c",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e00c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5278",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:43.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5277 (GCVE-0-2018-5277)
Vulnerability from nvd – Published: 2018-01-08 05:00 – Updated: 2024-11-14 20:54 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:43.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e000"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-5277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T20:54:00.507229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T20:54:22.972Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e000"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e000",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e000"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5277",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-11-14T20:54:22.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5276 (GCVE-0-2018-5276)
Vulnerability from nvd – Published: 2018-01-08 05:00 – Updated: 2024-08-05 05:33 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-5276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T19:28:19.471808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T19:28:25.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e018"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e018",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5276",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5275 (GCVE-0-2018-5275)
Vulnerability from nvd – Published: 2018-01-08 05:00 – Updated: 2024-08-05 05:33 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E020"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E020",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5275",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5274 (GCVE-0-2018-5274)
Vulnerability from nvd – Published: 2018-01-08 05:00 – Updated: 2024-08-05 05:33 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:43.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E024"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E024",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5274",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:43.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5273 (GCVE-0-2018-5273)
Vulnerability from nvd – Published: 2018-01-08 05:00 – Updated: 2024-08-05 05:33 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e014. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:43.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e014"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e014. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e014"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e014. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e014",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e014"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5273",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:43.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5272 (GCVE-0-2018-5272)
Vulnerability from nvd – Published: 2018-01-08 05:00 – Updated: 2024-08-05 05:33 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e004"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e004",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e004"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5272",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5271 (GCVE-0-2018-5271)
Vulnerability from nvd – Published: 2018-01-08 05:00 – Updated: 2024-08-05 05:33 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102471"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "102471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102471"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e008"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102471"
},
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e008",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e008"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5271",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5270 (GCVE-0-2018-5270)
Vulnerability from nvd – Published: 2018-01-08 05:00 – Updated: 2024-08-05 05:33 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:malwarebytes:malwarebytes:3.3.1.2183:*:*:*:premium:*:*:*"
],
"defaultStatus": "unknown",
"product": "malwarebytes",
"vendor": "malwarebytes",
"versions": [
{
"status": "affected",
"version": "3.3.1.2183"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-5270",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T18:42:32.164819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T18:44:47.493Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:43.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e010"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e010",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e010"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5270",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:43.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29144 (GCVE-0-2023-29144)
Vulnerability from cvelistv5 – Published: 2025-12-12 00:00 – Updated: 2025-12-12 16:55
VLAI?
Summary
Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in some scenarios. This allows a bypass of detection.
Severity ?
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T16:55:23.313750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T16:55:25.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Malwarebytes 1.0.14 for Linux doesn\u0027t properly compute signatures in some scenarios. This allows a bypass of detection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T16:24:29.992Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://malwarebytes.com"
},
{
"url": "https://www.malwarebytes.com/secure/cves/cve-2023-29144"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29144",
"datePublished": "2025-12-12T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2025-12-12T16:55:25.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-29147 (GCVE-0-2023-29147)
Vulnerability from cvelistv5 – Published: 2023-06-30 00:00 – Updated: 2024-11-26 20:11
VLAI?
Summary
In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://malwarebytes.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.malwarebytes.com/secure/cves/cve-2023-29147"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29147",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T20:11:04.091018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T20:11:23.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://malwarebytes.com"
},
{
"url": "https://www.malwarebytes.com/secure/cves/cve-2023-29147"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29147",
"datePublished": "2023-06-30T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2024-11-26T20:11:23.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29145 (GCVE-0-2023-29145)
Vulnerability from cvelistv5 – Published: 2023-06-30 00:00 – Updated: 2024-11-26 20:19
VLAI?
Summary
The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://malwarebytes.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.malwarebytes.com/secure/cves/cve-2023-29145"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T20:14:15.937099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T20:19:18.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Malwarebytes EDR 1.0.11 for Linux driver doesn\u0027t properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://malwarebytes.com"
},
{
"url": "https://www.malwarebytes.com/secure/cves/cve-2023-29145"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29145",
"datePublished": "2023-06-30T00:00:00.000Z",
"dateReserved": "2023-03-31T00:00:00.000Z",
"dateUpdated": "2024-11-26T20:19:18.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26088 (GCVE-0-2023-26088)
Vulnerability from cvelistv5 – Published: 2023-03-23 00:00 – Updated: 2025-02-25 15:25
VLAI?
Summary
In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.malwarebytes.com/hc/en-us/articles/14279575968659-Malwarebytes-for-Windows-4-5-23-Release-Notes"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.malwarebytes.com/secure/cves/cve-2023-26088"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T15:25:06.350241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T15:25:25.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.malwarebytes.com/hc/en-us/articles/14279575968659-Malwarebytes-for-Windows-4-5-23-Release-Notes"
},
{
"url": "https://www.malwarebytes.com/secure/cves/cve-2023-26088"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26088",
"datePublished": "2023-03-23T00:00:00.000Z",
"dateReserved": "2023-02-20T00:00:00.000Z",
"dateUpdated": "2025-02-25T15:25:25.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25533 (GCVE-0-2020-25533)
Vulnerability from cvelistv5 – Published: 2021-01-15 21:55 – Updated: 2024-08-04 15:33
VLAI?
Summary
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wojciechregula.blog/post/learn-xpc-exploitation-part-2-say-no-to-the-pid/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T21:55:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wojciechregula.blog/post/learn-xpc-exploitation-part-2-say-no-to-the-pid/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wojciechregula.blog/post/learn-xpc-exploitation-part-2-say-no-to-the-pid/",
"refsource": "MISC",
"url": "https://wojciechregula.blog/post/learn-xpc-exploitation-part-2-say-no-to-the-pid/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25533",
"datePublished": "2021-01-15T21:55:22.000Z",
"dateReserved": "2020-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:33:05.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28641 (GCVE-0-2020-28641)
Vulnerability from cvelistv5 – Published: 2020-12-22 22:07 – Updated: 2024-08-04 16:40
VLAI?
Summary
In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.malwarebytes.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.malwarebytes.com/hc/en-us/articles/360058885974-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-for-Windows"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.malwarebytes.com/hc/en-us/articles/1500000403501-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-Endpoint-Protection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-22T22:07:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.malwarebytes.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.malwarebytes.com/hc/en-us/articles/360058885974-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-for-Windows"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.malwarebytes.com/hc/en-us/articles/1500000403501-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-Endpoint-Protection"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.malwarebytes.com",
"refsource": "MISC",
"url": "https://www.malwarebytes.com"
},
{
"name": "https://support.malwarebytes.com/hc/en-us/articles/360058885974-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-for-Windows",
"refsource": "CONFIRM",
"url": "https://support.malwarebytes.com/hc/en-us/articles/360058885974-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-for-Windows"
},
{
"name": "https://support.malwarebytes.com/hc/en-us/articles/1500000403501-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-Endpoint-Protection",
"refsource": "CONFIRM",
"url": "https://support.malwarebytes.com/hc/en-us/articles/1500000403501-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-Endpoint-Protection"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28641",
"datePublished": "2020-12-22T22:07:03.000Z",
"dateReserved": "2020-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:40:59.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5270 (GCVE-0-2018-5270)
Vulnerability from cvelistv5 – Published: 2018-01-08 05:00 – Updated: 2024-08-05 05:33 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:malwarebytes:malwarebytes:3.3.1.2183:*:*:*:premium:*:*:*"
],
"defaultStatus": "unknown",
"product": "malwarebytes",
"vendor": "malwarebytes",
"versions": [
{
"status": "affected",
"version": "3.3.1.2183"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-5270",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T18:42:32.164819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T18:44:47.493Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:43.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e010"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e010",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e010"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5270",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:43.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5278 (GCVE-0-2018-5278)
Vulnerability from cvelistv5 – Published: 2018-01-08 05:00 – Updated: 2024-08-05 05:33 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-5278",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T18:45:19.332118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T18:45:24.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:43.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e00c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e00c"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e00c",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e00c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5278",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:43.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5279 (GCVE-0-2018-5279)
Vulnerability from cvelistv5 – Published: 2018-01-08 05:00 – Updated: 2024-08-05 05:33 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:malwarebytes:malwarebytes:3.3.1.2183:*:*:*:premium:*:*:*"
],
"defaultStatus": "unknown",
"product": "malwarebytes",
"vendor": "malwarebytes",
"versions": [
{
"status": "affected",
"version": "3.3.1.2183"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-5279",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T18:45:34.644265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T18:46:39.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e02c"
},
{
"name": "102453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e02c"
},
{
"name": "102453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102453"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e02c",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e02c"
},
{
"name": "102453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102453"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5279",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5271 (GCVE-0-2018-5271)
Vulnerability from cvelistv5 – Published: 2018-01-08 05:00 – Updated: 2024-08-05 05:33 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102471"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "102471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102471"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e008"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102471"
},
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e008",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e008"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5271",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5274 (GCVE-0-2018-5274)
Vulnerability from cvelistv5 – Published: 2018-01-08 05:00 – Updated: 2024-08-05 05:33 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:43.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E024"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E024",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5274",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:43.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5277 (GCVE-0-2018-5277)
Vulnerability from cvelistv5 – Published: 2018-01-08 05:00 – Updated: 2024-11-14 20:54 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:43.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e000"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-5277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T20:54:00.507229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T20:54:22.972Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e000"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e000",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e000"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5277",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-11-14T20:54:22.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5275 (GCVE-0-2018-5275)
Vulnerability from cvelistv5 – Published: 2018-01-08 05:00 – Updated: 2024-08-05 05:33 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E020"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E020",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5275",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5272 (GCVE-0-2018-5272)
Vulnerability from cvelistv5 – Published: 2018-01-08 05:00 – Updated: 2024-08-05 05:33 Disputed
VLAI?
Summary
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-27T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e004"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e004",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e004"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5272",
"datePublished": "2018-01-08T05:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}