• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-77

CVE-2021-43557

February 23, 2023 by

The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains “^/internal/”, a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer’s custom plugin.

CVE-2021-43469

February 23, 2023 by

VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component.

CVE-2021-43474

February 23, 2023 by

An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function

CVE-2021-43319

February 23, 2023 by

Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.

CVE-2021-43339

February 23, 2023 by

In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created.

CVE-2021-43286

February 23, 2023 by

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL “Test Connection” feature to execute arbitrary code.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 71
  • Go to page 72
  • Go to page 73
  • Go to page 74
  • Go to page 75
  • Interim pages omitted …
  • Go to page 172
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE