CWE-346

Origin Validation Error

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not properly verify that the source of data or communication is valid.

557 vulnerabilities with CWE-346
CVE-2018-14903 HIGH
EPSON WF-2750 Firmware JP02I2 - Unauthenticated Firmware Update Validation Bypass
CVSS 7.5
CVE-2018-3834 HIGH
Insteon Hub Firmware 1013 - Permanent Denial of Service via Unsigned Firmware Flash
CVSS 7.4
CVE-2018-8235 MEDIUM
Microsoft Edge - Origin Validation Error
CVSS 4.3
CVE-2018-5157 HIGH
Firefox <60, Firefox ESR <52.8 - SSRF
CVSS 7.5
CVE-2018-5116 CRITICAL
Firefox < 58 - Origin Validation Error via WebExtensions ActiveTab Permission
CVSS 9.8
CVE-2018-5109 MEDIUM
Firefox < 58 - Origin Validation Error in Audio Capture Request
CVSS 5.3
CVE-2018-10591 MEDIUM
Advantech WebAccess <8.2_20170817, Dashboard <2.0.15, Scada Node <8.3.1, NMS <2.0.3 - Origin Validation Error
CVSS 6.1
CVE-2018-8112 MEDIUM
Microsoft Edge - Origin Validation Error
CVSS 4.3
CVE-2018-6764 HIGH
libvirt - Arbitrary Command Execution via Crafted NSS Module
CVSS 7.8
CVE-2018-6654 HIGH
Grammarly - Unauthenticated Authentication Token Exposure via iframe.gr_-ifr Request
CVSS 8.8
CVE-2017-20146 CRITICAL
Gorilla Handlers < 1.3.0 - CORS Header Bypass
CVSS 9.8
CVE-2017-7808 MEDIUM
Firefox < 55.0 - Cross-Origin Information Leak via CSP frame-ancestors Path Comparison
CVSS 5.3
CVE-2017-7797 HIGH
Firefox < 55.0 - Origin Validation Error via Response Header Name Interning
CVSS 7.5
CVE-2017-13274 CRITICAL
Android 6.0-8.1 - Origin Validation Error in UriTest.java getHost()
CVSS 9.8
CVE-2017-18016 MEDIUM
Parity Browser <= 1.6.10 - Origin Validation Error via Web Proxy Engine
CVSS 5.3
CVE-2017-1000455 MEDIUM
GuixSD < 0.13.0 - Origin Validation Error via Incorrect POSIX Hard Link Usage
CVSS 5.5
CVE-2017-7561 HIGH
Red Hat JBoss EAP 3.0.7-3.0.25.Final - Server-Side Cache Poisoning via JAX-RS Component
CVSS 7.5
CVE-2017-0902 HIGH
RubyGems < 2.6.12 - DNS Hijacking via MITM Attack
CVSS 8.1
CVE-2017-8650 MEDIUM
Microsoft Edge - Origin Validation Error
CVSS 5.4
CVE-2017-8530 MEDIUM
Microsoft Edge - Security Feature Bypass via Same-Origin Policy Enforcement
CVSS 5.4
CVE-2017-8523 MEDIUM
Microsoft Edge - Security Feature Bypass via Same Origin Policy Misapplication
CVSS 4.3
CVE-2017-7667 HIGH
Apache NiFi <1.3.0 - Info Disclosure
CVSS 7.5
CVE-2017-5646 MEDIUM
Apache Knox 0.2.0-0.11.0 - Authenticated User Impersonation via Crafted WebHDFS URL
CVSS 6.8
CVE-2017-8793 HIGH
Accellion File Transfer Appliance < 9_12_40 - Same Origin Policy Bypass via acallow Parameter
CVSS 8.8
CVE-2017-6519 CRITICAL
Avahi < 0.6.32 - Denial of Service via IPv6 Unicast Query Response
CVSS 9.1
Details
Vulnerabilities 557
Links
MITRE CWE Entry Search this CWE With Exploits