Vulnerabilities > Origin Validation Error

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7797 Origin Validation Error vulnerability in Mozilla Firefox
Response header name interning does not have same-origin protections and these headers are stored in a global registry.
network
low complexity
mozilla CWE-346
7.5
2018-06-11 CVE-2016-9902 Origin Validation Error vulnerability in multiple products
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events.
network
low complexity
redhat mozilla CWE-346
7.5
2018-05-09 CVE-2018-8112 Origin Validation Error vulnerability in Microsoft Edge
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
network
low complexity
microsoft CWE-346
4.3
2018-04-04 CVE-2017-13274 Origin Validation Error vulnerability in Google Android
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination.
network
low complexity
google CWE-346
critical
9.8
2018-02-23 CVE-2018-6764 Origin Validation Error vulnerability in multiple products
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
local
low complexity
redhat debian canonical CWE-346
7.8
2018-02-06 CVE-2018-6654 Origin Validation Error vulnerability in Grammarly 20180202
The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site.
network
low complexity
grammarly CWE-346
8.8
2018-01-11 CVE-2017-18016 Origin Validation Error vulnerability in Parity Browser 1.6.10
Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).
network
low complexity
parity CWE-346
5.3
2018-01-02 CVE-2017-1000455 Origin Validation Error vulnerability in GNU Guixsd
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix.
local
low complexity
gnu CWE-346
5.5
2017-08-31 CVE-2017-0902 Origin Validation Error vulnerability in multiple products
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
network
high complexity
rubygems debian canonical redhat CWE-346
8.1
2017-08-08 CVE-2017-8650 Origin Validation Error vulnerability in Microsoft Edge
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability".
network
low complexity
microsoft CWE-346
5.4