Vulnerabilities > Use of Incorrectly-Resolved Name or Reference
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-18 | CVE-2022-30621 | Use of Incorrectly-Resolved Name or Reference vulnerability in Cellinx NVT - IP PTZ Camera Firmware 3.2.0/3.2.1 Allows a remote user to read files on the camera's OS "GetFileContent.cgi". | 6.5 |
| 2022-06-27 | CVE-2022-31089 | Use of Incorrectly-Resolved Name or Reference vulnerability in Parseplatform Parse-Server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. | 7.5 |
| 2022-06-02 | CVE-2022-27778 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. | 8.1 |
| 2022-05-20 | CVE-2022-29448 | Use of Incorrectly-Resolved Name or Reference vulnerability in Wow-Estore Herd Effects Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Herd Effects plugin <= 5.2 at WordPress. | 4.9 |
| 2022-05-18 | CVE-2022-29445 | Use of Incorrectly-Resolved Name or Reference vulnerability in Wow-Estore Popup BOX Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress. | 7.2 |
| 2022-03-04 | CVE-2022-0855 | Use of Incorrectly-Resolved Name or Reference vulnerability in Microweber Whmcs 0.0.1/0.0.2/0.0.3 Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4. | 6.1 |
| 2021-12-13 | CVE-2021-40856 | Use of Incorrectly-Resolved Name or Reference vulnerability in Auerswald products Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring. | 7.5 |
| 2021-09-07 | CVE-2021-40539 | Use of Incorrectly-Resolved Name or Reference vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. | 9.8 |
| 2021-08-24 | CVE-2021-39156 | Use of Incorrectly-Resolved Name or Reference vulnerability in Istio Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. | 7.5 |
| 2021-08-05 | CVE-2021-22924 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. | 3.7 |