CWE:
 

Topic
Date
Author
Low
Parity Browser < 1.6.10 Bypass Same Origin Policy
12.01.2018
tintinweb
Med.
Solarwinds LEM Insecure Update Process
26.09.2017
Hank Leininger


CVEMAP Search Results

CVE
Details
Description
2018-06-11
Medium
CVE-2018-5109

Vendor: Mozilla
Software: Firefox
 

 
An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58.

 
Medium
CVE-2018-5116

Vendor: Mozilla
Software: Firefox
 

 
WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox < 58.

 
2018-04-04
Medium
CVE-2017-13274

Vendor: Google
Software: Android
 

 
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761.

 
2018-01-02
Low
CVE-2017-1000455

Vendor: GNU
Software: Guixsd
 

 
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix.

 
2017-02-09
Low
CVE-2017-5591

Vendor: Sleekxmpp project
Software: Sleekxmpp
 

 
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top