CWE-346

Origin Validation Error

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not properly verify that the source of data or communication is valid.

556 vulnerabilities with CWE-346
CVE-2023-28191 MEDIUM
iPadOS < 16.5 - Privacy Preferences Bypass via Sensitive Information Redaction
CVSS 5.5
CVE-2023-29711 CRITICAL
Interlink PSG-5124 Firmware 1.0.4 - Remote Code Execution via Crafted GET Request
CVSS 9.8
CVE-2023-25188 MEDIUM
NOKIA Airscale ASIKA Single RAN < 21B - Unauthenticated Privilege Escalation via AaShell Diagnostic Tool
CVSS 5.1
CVE-2023-25366 CRITICAL
Siglent SDS 1104X-E Firmware SDS1xx4X-E_V6.1.37R9.ADS - Unauthenticated Web Password Disclosure via SCPI Interface
CVSS 9.8
CVE-2023-2639 MEDIUM
Rockwell FactoryTalk System Services - Local WebSocket Origin Validation Bypass
CVSS 4.1
CVE-2023-29753 MEDIUM
Facemoji Emoji Keyboard 2.9.1.2 - Denial of Service via SharedPreference Files
CVSS 5.5
CVE-2023-29751 MEDIUM
Yandex Navigator 6.60 - Denial of Service via SharedPreference Manipulation
CVSS 5.5
CVE-2023-29756 MEDIUM
Twilight 13.3 - Denial of Service via SharedPreference Manipulation
CVSS 5.5
CVE-2023-33443 CRITICAL
BES-6024PB-I50H1 VideoPlayTool <2.0.1.0 - Command Injection
CVSS 9.8
CVE-2023-2589 MEDIUM
GitLab 12.0-15.10.7, 15.11-15.11.6, 16.0-16.0.1 - IP Restriction Bypass via Repository Clone
CVSS 5.9
CVE-2023-28164 MEDIUM
Firefox < 111.0 and Firefox ESR < 102.9 - Origin Validation Error via Cross-Origin Iframe Drag
CVSS 6.5
CVE-2023-23601 MEDIUM
Firefox < 109 and Firefox ESR < 102.7 - Origin Validation Error via Cross-Origin URL Drag
CVSS 6.5
CVE-2023-27745 HIGH
TitanFTP NextGen < 2.0.1.2102 - Privilege Escalation via User Server Request
CVSS 8.8
CVE-2023-29745 HIGH
BestWeather 7.3.1 - Denial of Service via Database Manipulation
CVSS 7.1
CVE-2023-28349 HIGH
Faronics Insight 10.0.19045 - Origin Validation Error
CVSS 8.8
CVE-2023-29743 HIGH
BestWeather 7.3.1 - Denial of Service via Database Manipulation
CVSS 7.5
CVE-2023-29728 CRITICAL
Call Blocker 6.6.3 - Origin Validation Error
CVSS 9.8
CVE-2023-33740 HIGH
luowice 3.5.18 - Unauthenticated Cloud Source Code Exposure via Warning Message Verify Parameter
CVSS 7.5
CVE-2023-23561 MEDIUM
Stormshield Endpoint Security 2.3.0-2.3.2 - Authenticated Sensitive Information Exposure via Incorrect Access Control
CVSS 5.5
CVE-2023-30196 HIGH
salesbooster <= 1.10.4 - Path Traversal via Download Endpoint
CVSS 7.5
CVE-2023-2886 MEDIUM
CBOT Chatbot <4.0.3.4-4.0.3.7 - Content Spoofing
CVSS 4.3
CVE-2023-32993 MEDIUM
Jenkins SAML Single Sign On Plugin < 2.0.2 - Insufficient Verification of Data Authenticity via SAML Metadata Retrieval
CVSS 4.8
CVE-2023-23578 HIGH
SkyBridge MB-A200 Firmware <= 01.00.05 - Unauthenticated Improper Access Control via ADB Port
CVSS 7.5
CVE-2023-28318 MEDIUM
Rocket.Chat - Message Deletion Bypass via Message Hiding
CVSS 5.3
CVE-2023-27962 MEDIUM
macOS 11.0-11.7.4 - Unprotected User Data Exposure via Path Handling Issue
CVSS 5.5
Details
Vulnerabilities 556
Links
MITRE CWE Entry Search this CWE With Exploits