Vulnerabilities > Use of Incorrectly-Resolved Name or Reference
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-20 | CVE-2022-29448 | Use of Incorrectly-Resolved Name or Reference vulnerability in Wow-Estore Herd Effects Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Herd Effects plugin <= 5.2 at WordPress. | 4.9 |
| 2022-05-18 | CVE-2022-29445 | Use of Incorrectly-Resolved Name or Reference vulnerability in Wow-Estore Popup BOX Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress. | 7.2 |
| 2022-03-04 | CVE-2022-0855 | Use of Incorrectly-Resolved Name or Reference vulnerability in Microweber Whmcs 0.0.1/0.0.2/0.0.3 Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4. | 6.1 |
| 2021-12-13 | CVE-2021-40856 | Use of Incorrectly-Resolved Name or Reference vulnerability in Auerswald products Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring. | 7.5 |
| 2021-09-07 | CVE-2021-40539 | Use of Incorrectly-Resolved Name or Reference vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. | 9.8 |
| 2021-08-24 | CVE-2021-39156 | Use of Incorrectly-Resolved Name or Reference vulnerability in Istio Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. | 7.5 |
| 2021-08-05 | CVE-2021-22924 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. | 3.7 |
| 2021-07-30 | CVE-2021-37144 | Use of Incorrectly-Resolved Name or Reference vulnerability in Cszcms CSZ CMS 1.2.9 CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. | 9.1 |
| 2021-05-27 | CVE-2021-31920 | Use of Incorrectly-Resolved Name or Reference vulnerability in Istio Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used. | 6.5 |
| 2021-05-14 | CVE-2021-32054 | Use of Incorrectly-Resolved Name or Reference vulnerability in Fire.Ly Spark Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser. | 6.1 |