CWE-358
AllowedImproperly Implemented Security Check for Standard
Abstraction: Base · Status: Draft
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
197 vulnerabilities reference this CWE, most recent first.
GHSA-C29M-P6XF-PPGW
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.
{
"affected": [],
"aliases": [
"CVE-2017-15091"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-23T15:29:00Z",
"severity": "HIGH"
},
"details": "An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.",
"id": "GHSA-c29m-p6xf-ppgw",
"modified": "2022-05-13T01:37:35Z",
"published": "2022-05-13T01:37:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15091"
},
{
"type": "WEB",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101982"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C37Q-9VG5-CQHJ
Vulnerability from github – Published: 2025-02-07 03:32 – Updated: 2025-02-07 03:32Microsoft Edge (Chromium-based) Spoofing Vulnerability
{
"affected": [],
"aliases": [
"CVE-2025-21267"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-06T23:15:08Z",
"severity": "MODERATE"
},
"details": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"id": "GHSA-c37q-9vg5-cqhj",
"modified": "2025-02-07T03:32:02Z",
"published": "2025-02-07T03:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21267"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21267"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C47Q-H9W3-RCWG
Vulnerability from github – Published: 2024-04-17 09:30 – Updated: 2024-07-03 18:34Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2024-3845"
],
"database_specific": {
"cwe_ids": [
"CWE-1068",
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T08:15:10Z",
"severity": "CRITICAL"
},
"details": "Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)",
"id": "GHSA-c47q-h9w3-rcwg",
"modified": "2024-07-03T18:34:44Z",
"published": "2024-04-17T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3845"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/323583084"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CC8C-62X7-QWJR
Vulnerability from github – Published: 2024-07-17 00:32 – Updated: 2024-08-01 15:32Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-6772"
],
"database_specific": {
"cwe_ids": [
"CWE-358",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-16T22:15:06Z",
"severity": "HIGH"
},
"details": "Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-cc8c-62x7-qwjr",
"modified": "2024-08-01T15:32:03Z",
"published": "2024-07-17T00:32:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6772"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/346597059"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CJW9-8435-H4Q5
Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2026-04-02 21:31The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
{
"affected": [],
"aliases": [
"CVE-2024-27842"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:13:08Z",
"severity": "HIGH"
},
"details": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.",
"id": "GHSA-cjw9-8435-h4q5",
"modified": "2026-04-02T21:31:42Z",
"published": "2024-05-14T15:32:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27842"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120903"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214106"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214106"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/May/12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CM7J-45W4-QF6V
Vulnerability from github – Published: 2025-12-08 09:30 – Updated: 2025-12-08 09:30Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect availability.
{
"affected": [],
"aliases": [
"CVE-2025-66323"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-08T08:15:53Z",
"severity": "MODERATE"
},
"details": "Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect availability.",
"id": "GHSA-cm7j-45w4-qf6v",
"modified": "2025-12-08T09:30:18Z",
"published": "2025-12-08T09:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66323"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2025/12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-CMCR-7FQV-V785
Vulnerability from github – Published: 2022-05-14 03:47 – Updated: 2022-05-14 03:47In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123.
{
"affected": [],
"aliases": [
"CVE-2017-15662"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-10T18:29:00Z",
"severity": "HIGH"
},
"details": "In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123.",
"id": "GHSA-cmcr-7fqv-v785",
"modified": "2022-05-14T03:47:20Z",
"published": "2022-05-14T03:47:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15662"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/43451"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/145764/VX-Search-Enterprise-10.1.12-Denial-Of-Service.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CMWX-9M2H-X7V4
Vulnerability from github – Published: 2018-10-10 17:23 – Updated: 2024-09-03 21:31A flaw was found in Ansible before version 2.2.0.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-8614"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:32:07Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "A flaw was found in Ansible before version 2.2.0.0. The `apt_key` module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.",
"id": "GHSA-cmwx-9m2h-x7v4",
"modified": "2024-09-03T21:31:19Z",
"published": "2018-10-10T17:23:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8614"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible-modules-core/issues/5237"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible-modules-core/pull/5353"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible-modules-core/pull/5357"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible-modules-core/commit/1182d1f0b76d56f3667e27987a10b9ec8f03357d"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible-modules-core/commit/66d47c8149d84e52f64b7c4d1f340d45dca94d9c"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8614"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-cmwx-9m2h-x7v4"
},
{
"type": "PACKAGE",
"url": "https://github.com/ansible/ansible"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-37.yaml"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200227214450/https://www.securityfocus.com/bid/94108"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Ansible apt_key module does not properly verify key fingerprint"
}
GHSA-CPQG-X3J4-HHV6
Vulnerability from github – Published: 2025-10-12 09:30 – Updated: 2025-10-12 09:30HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking.
{
"affected": [],
"aliases": [
"CVE-2025-31969"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-12T08:15:40Z",
"severity": "MODERATE"
},
"details": "HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking.",
"id": "GHSA-cpqg-x3j4-hhv6",
"modified": "2025-10-12T09:30:54Z",
"published": "2025-10-12T09:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31969"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0124417"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-CQJV-5R3C-4HMG
Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks.
{
"affected": [],
"aliases": [
"CVE-2017-6032"
],
"database_specific": {
"cwe_ids": [
"CWE-358",
"CWE-657"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-30T03:29:00Z",
"severity": "MODERATE"
},
"details": "A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks.",
"id": "GHSA-cqjv-5r3c-4hmg",
"modified": "2022-05-13T01:36:35Z",
"published": "2022-05-13T01:36:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6032"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97562"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.