CWE-346

Origin Validation Error

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not properly verify that the source of data or communication is valid.

557 vulnerabilities with CWE-346
CVE-2019-11777 HIGH
Eclipse Paho Java client lib <1.2.0 - SSRF
CVSS 7.5
CVE-2019-5036 HIGH
Nest Cam IQ Indoor Firmware 4620002 - Denial of Service via Weave Error Reporting
CVSS 7.5
CVE-2019-9817 MEDIUM
Thunderbird <60.7 & Firefox <67 - SSRF
CVSS 5.3
CVE-2019-11723 HIGH
Firefox < 68.0 - Origin Validation Error during Add-on Installation
CVSS 7.5
CVE-2019-5834 MEDIUM
Google Chrome < 75.0.3770.80 - Domain Spoofing via Crafted HTML Page
CVSS 6.5
CVE-2019-8282 MEDIUM
Gemalto Sentinel LDK < 7.92 - Cleartext HTTP Communication with Language Pack Server
CVSS 5.3
CVE-2019-9808 MEDIUM
Firefox < 66.0 - Origin Validation Error in WebRTC Permission Request
CVSS 5.3
CVE-2019-9803 HIGH
Firefox < 66.0 - Origin Validation Error via Upgrade-Insecure-Requests Bypass
CVSS 7.4
CVE-2019-9797 MEDIUM
Firefox < 66.0 - Same-Origin Policy Bypass via createImageBitmap and Canvas Rendering
CVSS 5.3
CVE-2019-9499 HIGH
hostapd and wpa_supplicant < 2.4 - Origin Validation Error in EAP-PWD Commit
CVSS 8.1
CVE-2019-9498 HIGH
hostapd and wpa_supplicant <= 2.4 - Authentication Bypass via Invalid EAP-PWD Scalar/Element Values
CVSS 8.1
CVE-2019-9764 HIGH
HashiCorp Consul <1.4.3 - Info Disclosure
CVSS 7.4
CVE-2019-5773 MEDIUM
Google Chrome < 72.0.3626.81 - Origin Validation Error in IndexedDB
CVSS 6.5
CVE-2019-7399 HIGH
Amazon Fire OS <5.3.6.4 - Info Disclosure
CVSS 7.4
CVE-2018-5409 CRITICAL
PrinterLogic Print Management <18.3.1.96 - Code Injection
CVSS 9.8
CVE-2018-4319 HIGH
iCloud < 7.7, iTunes < 12.9, Safari < 12, iPhone OS < 12.0 - Cross-Origin Security Bypass via Iframe Origin Tracking
CVSS 8.1
CVE-2018-18499 MEDIUM
Firefox < 62.0 and Firefox ESR < 60.2 - Same-Origin Policy Violation via Meta Refresh and performance.getEntries()
CVSS 6.5
CVE-2018-18494 MEDIUM
Firefox < 64 - Same-Origin Policy Bypass via performance.getEntries()
CVSS 6.5
CVE-2018-12402 MEDIUM
WebBrowserPersist - Info Disclosure
CVSS 6.5
CVE-2018-20745 MEDIUM
Yii 2.x through 2.0.15.1 - Origin Validation Error in CORS Policy Handling
CVSS 5.9
CVE-2018-20744 MEDIUM
go_cors < 1.3.0 - Origin Validation Error via Wildcard CORS Policy
CVSS 5.9
CVE-2018-16072 MEDIUM
Chrome < 69.0.3497.81 - Origin Validation Error via HLS Manifest Handling
CVSS 6.5
CVE-2018-15723 CRITICAL
Logitech Harmony Hub < 4.15.206 - Unauthenticated Command Injection via Crafted HTTP Request
CVSS 9.8
CVE-2018-5400 CRITICAL
Auto-Maskin DCU-210E & RP-210E <3.7 - Unauthenticated Modbus Spoofing via UDP
CVSS 9.1
CVE-2018-6690 HIGH
McAfee Application and Change Control <= 8.0.0 Hotfix 4 - Authenticated Arbitrary Code Execution via File Transfer
CVSS 7.1
Details
Vulnerabilities 557
Links
MITRE CWE Entry Search this CWE With Exploits