CWE-346

Origin Validation Error

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not properly verify that the source of data or communication is valid.

557 vulnerabilities with CWE-346
CVE-2019-25211 CRITICAL
Gin-Gonic CORS middleware <1.6.0 - SSRF
CVSS 9.1
CVE-2019-8754 MEDIUM
macOS < 10.15.1 - Cross-Origin Information Disclosure via Iframe Security Origin Tracking
CVSS 6.5
CVE-2019-4640 CRITICAL
IBM Security Secret Server <10.7 - Code Injection
CVSS 9.8
CVE-2019-16517 CRITICAL
ConnectWise Control <19.3.25270.7185 - SSRF
CVSS 9.8
CVE-2019-11762 MEDIUM
Firefox <70, Thunderbird <68.2, Firefox ESR <68.2 - CSRF
CVSS 6.1
CVE-2019-20329 HIGH
OpenLambda 2019-09-10 - DNS Rebinding Attack via REST API
CVSS 8.1
CVE-2019-5062 MEDIUM
hostapd 2.6 - Denial of Service via 802.11w Security State Handling
CVSS 6.5
CVE-2019-13740 MEDIUM
Google Chrome < 79.0.3945.79 - Domain Spoofing via Sharing Security UI
CVSS 6.5
CVE-2019-19545 MEDIUM
Norton Password Manager <6.6.2.5 - CSRF
CVSS 6.3
CVE-2019-18381 MEDIUM
Norton Password Manager < 6.6.2.5 - Origin Validation Error
CVSS 6.3
CVE-2019-19019 HIGH
TitanHQ WebTitan < 5.18 - Remote Code Execution via Hotfix Download Mechanism
CVSS 7.5
CVE-2019-5227 MEDIUM
Huawei P30/P30 Pro/Mate 20 < ELLE-AL00B 9.1.0.193(C00E190R2P1) - Ve...
CVSS 5.5
CVE-2019-5226 MEDIUM
Huawei P30/P30 Pro/Mate 20 < ELLE-AL00B 9.1.0.193(C00E190R2P1) - Ve...
CVSS 5.5
CVE-2019-13664 MEDIUM
Google Chrome < 77.0.3865.75 - Content Security Policy Bypass via Crafted HTML Page
CVSS 6.5
CVE-2019-1447 MEDIUM
Office Online Server - Spoofing via Origin Validation Error
CVSS 5.4
CVE-2019-1445 MEDIUM
Office Online Server - Spoofing via Origin Validation Error
CVSS 5.4
CVE-2019-1442 MEDIUM
Microsoft SharePoint Server - Security Feature Bypass via URL Validation Error
CVSS 5.5
CVE-2019-1413 MEDIUM
Microsoft Edge - Security Feature Bypass via Extension Request Handling
CVSS 4.3
CVE-2019-15020 CRITICAL
Zingbox Inspector < 1.293 - Command Injection via Invalid Software Update Image
CVSS 9.8
CVE-2019-3980 CRITICAL
Solarwinds Dameware Mini Remote Control 12.1.0.89 - Unauthenticated Remote Code Execution via Smart Card Authentication
CVSS 9.8
CVE-2019-16275 MEDIUM
hostapd <2.10, wpa_supplicant <2.10 - DoS
CVSS 6.5
CVE-2019-8069 CRITICAL
Adobe Flash Player < 32.0.0.238 - Same Origin Method Execution
CVSS 9.8
CVE-2019-1235 HIGH
Windows Text Service Framework - Elevation of Privilege via Unvalidated Input
CVSS 7.8
CVE-2019-16237 HIGH
dino < 0.1.0 - Origin Validation Error in MAM Message Source Check
CVSS 7.5
CVE-2019-16235 HIGH
dino < 0.1.0 - Origin Validation Error in Carbons Message Handling
CVSS 7.5
Details
Vulnerabilities 557
Links
MITRE CWE Entry Search this CWE With Exploits