Vulnerabilities > Origin Validation Error

DATE CVE VULNERABILITY TITLE RISK
2020-07-14 CVE-2020-15104 Origin Validation Error vulnerability in Envoyproxy Envoy
In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains.
network
low complexity
envoyproxy CWE-346
5.4
2020-06-19 CVE-2020-14456 Origin Validation Error vulnerability in Mattermost Desktop
An issue was discovered in Mattermost Desktop App before 4.4.0.
network
low complexity
mattermost CWE-346
7.3
2020-05-22 CVE-2020-12397 Origin Validation Error vulnerability in multiple products
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays.
network
low complexity
mozilla canonical CWE-346
4.3
2020-04-17 CVE-2020-11868 Origin Validation Error vulnerability in multiple products
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
network
low complexity
ntp redhat netapp debian opensuse CWE-346
7.5
2020-03-24 CVE-2020-8984 Origin Validation Error vulnerability in Zend Zendto
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header.
network
low complexity
zend CWE-346
7.5
2020-02-25 CVE-2020-8819 Origin Validation Error vulnerability in Cardgate Payments
An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce.
network
low complexity
cardgate CWE-346
8.1
2020-02-25 CVE-2020-8818 Origin Validation Error vulnerability in multiple products
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2.
network
low complexity
cardgate adobe CWE-346
8.1
2020-02-19 CVE-2019-4640 Origin Validation Error vulnerability in IBM Security Secret Server
IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code.
network
low complexity
ibm CWE-346
critical
9.8
2020-02-11 CVE-2020-0695 Origin Validation Error vulnerability in Microsoft Office Online Server
A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'.
network
low complexity
microsoft CWE-346
5.4
2020-01-23 CVE-2019-16517 Origin Validation Error vulnerability in Connectwise Control 19.3.25270.7185
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185.
network
low complexity
connectwise CWE-346
critical
9.8