Vulnerabilities > Origin Validation Error

DATE CVE VULNERABILITY TITLE RISK
2019-04-26 CVE-2019-9797 Origin Validation Error vulnerability in Mozilla Firefox
Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element.
network
low complexity
mozilla CWE-346
5.3
2019-04-03 CVE-2018-4319 Origin Validation Error vulnerability in Apple products
A cross-origin issue existed with "iframe" elements.
network
low complexity
apple CWE-346
8.1
2019-03-26 CVE-2019-9764 Origin Validation Error vulnerability in Hashicorp Consul 1.4.3
HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication.
network
high complexity
hashicorp CWE-346
7.4
2019-02-28 CVE-2018-18499 Origin Validation Error vulnerability in Mozilla Firefox
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries().
network
low complexity
mozilla CWE-346
6.5
2019-02-28 CVE-2018-18494 Origin Validation Error vulnerability in multiple products
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries().
network
low complexity
mozilla debian canonical redhat CWE-346
6.5
2019-02-28 CVE-2018-12402 Origin Validation Error vulnerability in multiple products
The internal WebBrowserPersist code does not use correct origin context for a resource being saved.
network
low complexity
mozilla canonical CWE-346
6.5
2019-02-19 CVE-2019-5773 Origin Validation Error vulnerability in multiple products
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
network
low complexity
google debian redhat fedoraproject CWE-346
6.5
2019-02-17 CVE-2019-7399 Origin Validation Error vulnerability in Amazon Fire OS
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages.
network
high complexity
amazon CWE-346
7.4
2019-01-28 CVE-2018-20745 Origin Validation Error vulnerability in Yiiframework YII
Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
network
high complexity
yiiframework CWE-346
5.9
2019-01-28 CVE-2018-20744 Origin Validation Error vulnerability in GO Cors Project GO Cors
The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
network
high complexity
go-cors-project CWE-346
5.9