Vulnerabilities > Origin Validation Error
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-11 | CVE-2017-7797 | Origin Validation Error vulnerability in Mozilla Firefox Response header name interning does not have same-origin protections and these headers are stored in a global registry. | 7.5 |
2018-06-11 | CVE-2016-9902 | Origin Validation Error vulnerability in multiple products The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. | 7.5 |
2018-05-09 | CVE-2018-8112 | Origin Validation Error vulnerability in Microsoft Edge A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. | 4.3 |
2018-04-04 | CVE-2017-13274 | Origin Validation Error vulnerability in Google Android In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. | 9.8 |
2018-02-23 | CVE-2018-6764 | Origin Validation Error vulnerability in multiple products util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. | 7.8 |
2018-02-06 | CVE-2018-6654 | Origin Validation Error vulnerability in Grammarly 20180202 The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site. | 8.8 |
2018-01-11 | CVE-2017-18016 | Origin Validation Error vulnerability in Parity Browser 1.6.10 Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin). | 5.3 |
2018-01-02 | CVE-2017-1000455 | Origin Validation Error vulnerability in GNU Guixsd GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix. | 5.5 |
2017-08-31 | CVE-2017-0902 | Origin Validation Error vulnerability in multiple products RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. | 8.1 |
2017-08-08 | CVE-2017-8650 | Origin Validation Error vulnerability in Microsoft Edge Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". | 5.4 |