• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-863

CVE-2021-28825

February 23, 2023 by

The Windows Installation component of TIBCO Software Inc.’s TIBCO Messaging – Eclipse Mosquitto Distribution – Core – Community Edition and TIBCO Messaging – Eclipse Mosquitto Distribution – Core – Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO Messaging – Eclipse Mosquitto Distribution – Core – Community Edition: versions 1.3.0 and below and TIBCO Messaging – Eclipse Mosquitto Distribution – Core – Enterprise Edition: versions 1.3.0 and below.

CVE-2021-28826

February 23, 2023 by

The Windows Installation component of TIBCO Software Inc.’s TIBCO Messaging – Eclipse Mosquitto Distribution – Bridge – Community Edition and TIBCO Messaging – Eclipse Mosquitto Distribution – Bridge – Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO Messaging – Eclipse Mosquitto Distribution – Bridge – Community Edition: versions 1.3.0 and below and TIBCO Messaging – Eclipse Mosquitto Distribution – Bridge – Enterprise Edition: versions 1.3.0 and below.

CVE-2021-28696

February 23, 2023 by

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn’t have access to anymore (CVE-2021-28696).

CVE-2021-28791

February 23, 2023 by

The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the workspace.

CVE-2021-28793

February 23, 2023 by

vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.

CVE-2021-28661

February 23, 2023 by

Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 89
  • Go to page 90
  • Go to page 91
  • Go to page 92
  • Go to page 93
  • Interim pages omitted …
  • Go to page 192
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE