Vulnerabilities > Origin Validation Error

DATE CVE VULNERABILITY TITLE RISK
2017-06-15 CVE-2017-8530 Origin Validation Error vulnerability in Microsoft Edge
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability".
network
low complexity
microsoft CWE-346
5.4
2017-06-15 CVE-2017-8523 Origin Validation Error vulnerability in Microsoft Edge
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability".
network
low complexity
microsoft CWE-346
4.3
2017-06-12 CVE-2017-7667 Origin Validation Error vulnerability in Apache Nifi
Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.
network
low complexity
apache CWE-346
7.5
2017-05-26 CVE-2017-5646 Origin Validation Error vulnerability in Apache Knox
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox.
network
high complexity
apache CWE-346
6.8
2017-05-05 CVE-2017-8793 Origin Validation Error vulnerability in Accellion File Transfer Appliance 80540/911200/911210
An issue was discovered on Accellion FTA devices before FTA_9_12_180.
network
low complexity
accellion CWE-346
8.8
2017-05-01 CVE-2017-6519 Origin Validation Error vulnerability in multiple products
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets.
network
low complexity
avahi canonical CWE-346
critical
9.1
2017-04-21 CVE-2016-5168 Origin Validation Error vulnerability in Google Chrome
Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information.
network
low complexity
google CWE-346
7.5
2017-02-13 CVE-2016-8358 Origin Validation Error vulnerability in Smiths-Medical Cadd-Solis Medication Safety Software
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1.
network
high complexity
smiths-medical CWE-346
8.5
2017-02-09 CVE-2017-5858 Origin Validation Error vulnerability in Conversejs Converse.Js
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display.
network
high complexity
conversejs CWE-346
5.9
2017-02-09 CVE-2017-5606 Origin Validation Error vulnerability in Xabber
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display.
network
high complexity
xabber CWE-346
5.9