CWE:
 

Topic
Date
Author
Med.
Magento WooCommerce CardGate Payment Gateway 2.0.30 Payment Process Bypass
25.02.2020
GeekHack
Low
Parity Browser < 1.6.10 Bypass Same Origin Policy
12.01.2018
tintinweb
Med.
Solarwinds LEM Insecure Update Process
26.09.2017
Hank Leininger


CVEMAP Search Results

CVE
Details
Description
2020-03-24
Medium
CVE-2020-8984

Vendor: ZEND
Software: Zendto
 

 
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header.

 
2020-01-23
Medium
CVE-2019-16517

Vendor: Connectwise
Software: Control
 

 
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim's knowledge.

 
2020-01-08
Medium
CVE-2019-11762

Vendor: Mozilla
Software: Firefox
 

 
If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

 
2019-12-05
Medium
CVE-2019-19545

Vendor: Norton
Software: Password manager
 

 
Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

 
Medium
CVE-2019-18381

Vendor: Norton
Software: Password manager
 

 
Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

 
2019-09-27
Medium
CVE-2019-8075

Vendor: Adobe
Software: Flash player
 

 
Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

 
2019-09-12
High
CVE-2019-8069

Vendor: Adobe
Software: Flash player
 

 
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.

 
2019-07-23
Medium
CVE-2019-9817

Vendor: Mozilla
Software: Firefox
 

 
Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

 
2019-05-08
High
CVE-2018-5409

Vendor: Printerlogic
Software: Print management
 

 
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.

 
2019-04-26
Medium
CVE-2019-9797

Vendor: Mozilla
Software: Firefox
 

 
Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top