CWE-706

Use of Incorrectly-Resolved Name or Reference

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

107 vulnerabilities with CWE-706
CVE-2021-31933 HIGH
Chamilo <= 1.11.14 - Authenticated Remote Code Execution via File Upload Parameter
CVSS 7.2
CVE-2021-27306 HIGH
Kong Gateway <2.3.2.0 - Info Disclosure
CVSS 7.5
CVE-2021-24122 MEDIUM
Apache Tomcat 7.0.0-7.0.106, 8.5.0-8.5.59, 9.0.0.M1-9.0.39, 10.0.0-M1-10.0.0-M9 - JSP Source Code Disclosure
CVSS 5.9
CVE-2020-4719 MEDIUM
IBM Cloud APM 8.1.4 - DNS Query Injection via Webhook URL Configuration
CVSS 4.9
CVE-2020-35566 MEDIUM
MymbCONNECT24 <v2.11.2 - Info Disclosure
CVSS 5.3
CVE-2020-23448 CRITICAL
newbee-mall - Unauthenticated Privilege Escalation via AdminLoginInterceptor Bypass
CVSS 9.8
CVE-2020-35894 HIGH
obstack < 0.1.4 - Use of Incorrectly-Resolved Name or Reference
CVSS 7.5
CVE-2020-35623 HIGH
MediaWiki <1.35.1 - Privilege Escalation
CVSS 7.5
CVE-2020-26233 HIGH
Git Credential Manager Core <2.0.289 - RCE
CVSS 7.3
CVE-2020-13311 MEDIUM
GitLab < 13.1.10, 13.2.8, 13.3.4 - Denial of Service in Wiki Parser
CVSS 4.3
CVE-2020-15505 CRITICAL KEV
MobileIron MDM Hessian-Based Java Deserialization RCE
CVSS 9.8
CVE-2020-12279 CRITICAL
libgit2 < 0.28.4 and 0.9x < 0.99.0 - Remote Code Execution via NTFS Short Name Mishandling
CVSS 9.8
CVE-2020-12278 CRITICAL
libgit2 < 0.28.4 and 0.9x < 0.99.0 - Remote Code Execution via NTFS Alternate Data Stream Path Handling
CVSS 9.8
CVE-2020-10574 CRITICAL
Janus < 0.9.1 - Denial of Service via Admin API Query Logger Request
CVSS 9.8
CVE-2019-19921 HIGH
runc <1.0.0-rc9 - Privilege Escalation
CVSS 7.0
CVE-2019-1351 HIGH
Git for Visual Studio - Path Traversal
CVSS 7.5
CVE-2019-12837 MEDIUM
accesuniversitat.gencat.cat 1.7.5 - Unauthenticated Personal Information Exposure via Java API
CVSS 4.3
CVE-2019-19493 MEDIUM
Kentico Xperience 9.0-12.0.49 - Cross-Site Scripting via Inconsistent Content-Type Header
CVSS 5.4
CVE-2019-17575 HIGH
WBCE CMS <1.4.0 - Command Injection
CVSS 7.2
CVE-2019-0220 MEDIUM
Apache HTTP Server <2.4.39 - Path Traversal
CVSS 5.3
CVE-2019-9901 MEDIUM
Envoy < 1.9.0 - Path Normalization Bypass via Relative Path Traversal
CVSS 6.5
CVE-2019-0816 MEDIUM
Ubuntu Linux - Security Feature Bypass via Azure SSH Keypairs Provisioning Logic
CVSS 5.1
CVE-2019-9616 HIGH
ofcms < 1.1.3 - Remote Code Execution via Alternate Data Stream Bypass
CVSS 7.2
CVE-2019-8908 CRITICAL
WTCMS 1.0 - Remote Code Execution via Mailbox Configuration Image Upload
CVSS 9.8
CVE-2019-8395 CRITICAL
Zoho ManageEngine ServiceDesk Plus < 10.0 - Insecure Direct Object Reference via Request Attachment
CVSS 9.8
Details
Vulnerabilities 107
Links
MITRE CWE Entry Search this CWE With Exploits