Vulnerabilities > Use of Incorrectly-Resolved Name or Reference
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-30 | CVE-2021-37144 | Use of Incorrectly-Resolved Name or Reference vulnerability in Cszcms CSZ CMS 1.2.9 CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. | 9.1 |
| 2021-05-27 | CVE-2021-31920 | Use of Incorrectly-Resolved Name or Reference vulnerability in Istio Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used. | 6.5 |
| 2021-05-14 | CVE-2021-32054 | Use of Incorrectly-Resolved Name or Reference vulnerability in Fire.Ly Spark Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser. | 6.1 |
| 2021-04-30 | CVE-2021-31933 | Use of Incorrectly-Resolved Name or Reference vulnerability in Chamilo A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). | 7.2 |
| 2021-03-18 | CVE-2021-27306 | Use of Incorrectly-Resolved Name or Reference vulnerability in Konghq Kong Gateway An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT. | 7.5 |
| 2021-03-02 | CVE-2020-4719 | Use of Incorrectly-Resolved Name or Reference vulnerability in IBM Cloud Application Performance Management 8.1.4 The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. | 4.9 |
| 2021-02-16 | CVE-2020-35566 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. | 5.3 |
| 2021-01-26 | CVE-2020-23448 | Use of Incorrectly-Resolved Name or Reference vulnerability in Newbee-Mall Project Newbee-Mall newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. | 9.8 |
| 2021-01-14 | CVE-2021-24122 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. | 5.9 |
| 2020-12-31 | CVE-2020-35894 | Use of Incorrectly-Resolved Name or Reference vulnerability in Obstack Project Obstack 0.1.0/0.1.1/0.1.2 An issue was discovered in the obstack crate before 0.1.4 for Rust. | 7.5 |