Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Origin Security Vulnerabilities

cve
cve

CVE-2013-0196

A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.

6.5CVSS

6.3AI Score

0.001EPSS

2019-12-30 10:15 PM
59
cve
cve

CVE-2014-0023

OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution

7.8CVSS

7.9AI Score

0.0004EPSS

2019-11-15 03:15 PM
23
cve
cve

CVE-2014-0163

Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.

8.8CVSS

8.9AI Score

0.001EPSS

2019-12-11 04:15 PM
28
cve
cve

CVE-2014-3592

OpenShift Origin: Improperly validated team names could allow stored XSS attacks

6.1CVSS

5.9AI Score

0.001EPSS

2019-11-13 04:15 PM
20
cve
cve

CVE-2015-3207

In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.

5.3CVSS

5.2AI Score

0.001EPSS

2022-07-07 01:15 PM
33
4
cve
cve

CVE-2015-8945

openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal.

5.1CVSS

4.9AI Score

0.001EPSS

2016-08-05 03:59 PM
19
cve
cve

CVE-2019-11354

The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices...

7.8CVSS

8.2AI Score

0.492EPSS

2019-04-19 10:29 PM
95
cve
cve

CVE-2019-12828

An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the...

8.8CVSS

8.2AI Score

0.293EPSS

2019-06-14 08:29 PM
628
cve
cve

CVE-2019-19247

Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2).

7.8CVSS

7.7AI Score

0.0004EPSS

2019-12-12 02:15 PM
19
cve
cve

CVE-2019-19248

Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2).

7.8CVSS

7.7AI Score

0.0004EPSS

2019-12-12 02:15 PM
29
cve
cve

CVE-2019-19741

Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's execu...

7.8CVSS

7.8AI Score

0.0004EPSS

2020-02-20 04:15 PM
38
cve
cve

CVE-2020-27708

A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may be able to take control of the system and perform actions otherwise reserved for high privileged use...

7.8CVSS

7.4AI Score

0.001EPSS

2020-11-02 09:15 PM
1510