CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.

**SUMMARY:**

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD\_LIBRARY\_PATH, set LD\_PRELOAD, or run an executable file in a debugger.

**AFFECTED VERSIONS**

*   EDR for Linux <= 1.0.11
*   Malwarebytes for Linux <= 1.0.14

**PATCHED VERSIONS**

*   EDR for Linux: 1.0.56

**MITIGATION ADVICE**

**We recommend upgrading the affected endpoints to the patched versions.**

**DETAILS**

**CWE**

**CVS 3.x**

**Vector**

CWE-114: Process Control

8.2 High

Local

**RECOGNITION**

X41-Dsec

**REFERENCES**

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29145

Headline

CVE-2023-29145: CVE-2023-29145 - Malwarebytes EDR for Linux - Arbitrary code execution

CVE: Latest News