• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-427

CVE-2021-29949

February 23, 2023 by

When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn’t distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search path for executable libraries, then Thunderbird will load the incorrect library. This vulnerability affects Thunderbird < 78.9.1.

CVE-2021-28954

February 23, 2023 by

In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository.

CVE-2021-28955

February 23, 2023 by

git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).

CVE-2021-28820

February 23, 2023 by

The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.’s TIBCO FTL – Community Edition, TIBCO FTL – Developer Edition, and TIBCO FTL – Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.’s TIBCO FTL – Community Edition: versions 6.5.0 and below, TIBCO FTL – Developer Edition: versions 6.5.0 and below, and TIBCO FTL – Enterprise Edition: versions 6.5.0 and below.

CVE-2021-28822

February 23, 2023 by

The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.’s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service – Community Edition, and TIBCO Enterprise Message Service – Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.’s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service – Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service – Developer Edition: versions 8.5.1 and below.

CVE-2021-28636

February 23, 2023 by

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker with access to the victim’s C:/ folder could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 44
  • Go to page 45
  • Go to page 46
  • Go to page 47
  • Go to page 48
  • Interim pages omitted …
  • Go to page 72
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE