CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios.

**SUMMARY:**

 In Malwarebytes before 4.5.22.236, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios.

**AFFECTED VERSIONS**

*   Malwarebytes for Windows < v4.5.22.236

**PATCHED VERSIONS**

*   Malwarebytes for Windows: v4.5.22.236.

**MITIGATION ADVICE**

**We recommend upgrading the affected endpoints to the patched versions.**

**DETAILS**

**CWE**

**CVS 3.x**

**Vector**

CWE-269: Improper Privilege Management

8.6 High

Local

**RECOGNITION**

filip\_000

**REFERENCES**

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26088

Headline

CVE-2023-26088: CVE-2023-26088 - Malwarebytes for Windows - Arbitrary file deletion and privilege escalation

CVE: Latest News