Vulnerabilities > Origin Validation Error

DATE CVE VULNERABILITY TITLE RISK
2019-11-25 CVE-2019-13664 Origin Validation Error vulnerability in Google Chrome
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
network
low complexity
google CWE-346
6.5
2019-11-12 CVE-2019-1447 Origin Validation Error vulnerability in Microsoft Office Online Server
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'.
network
low complexity
microsoft CWE-346
5.4
2019-11-12 CVE-2019-1445 Origin Validation Error vulnerability in Microsoft Office Online Server
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'.
network
low complexity
microsoft CWE-346
5.4
2019-11-12 CVE-2019-1442 Origin Validation Error vulnerability in Microsoft Sharepoint Server 2019
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
local
low complexity
microsoft CWE-346
5.5
2019-11-12 CVE-2019-1413 Origin Validation Error vulnerability in Microsoft Edge
A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension requests and fails to request host permission for all_urls, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.
network
low complexity
microsoft CWE-346
4.3
2019-10-09 CVE-2019-15020 Origin Validation Error vulnerability in Zingbox Inspector
A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection.
network
low complexity
zingbox CWE-346
critical
9.8
2019-10-08 CVE-2019-3980 Origin Validation Error vulnerability in Solarwinds Dameware Mini Remote Control 12.1.0.89
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host.
network
low complexity
solarwinds CWE-346
critical
9.8
2019-09-12 CVE-2019-16275 Origin Validation Error vulnerability in multiple products
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled.
low complexity
w1-fi debian canonical CWE-346
6.5
2019-09-12 CVE-2019-8069 Origin Validation Error vulnerability in Adobe Flash Player and Flash Player Desktop Runtime
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability.
network
low complexity
adobe CWE-346
critical
9.8
2019-09-11 CVE-2019-1235 Origin Validation Error vulnerability in Microsoft products
An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'.
local
low complexity
microsoft CWE-346
7.8