CWE-474
AllowedUse of Function with Inconsistent Implementations
Abstraction: Base · Status: Draft
The code uses a function that has inconsistent implementations across operating systems and versions.
12 vulnerabilities reference this CWE, most recent first.
CVE-2026-39894 (GCVE-0-2026-39894)
Vulnerability from cvelistv5 – Published: 2026-06-24 21:55 – Updated: 2026-06-25 13:02- CWE-474 - Use of Function with Inconsistent Implementations
| URL | Tags |
|---|---|
| https://github.com/Cacti/cacti/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Cacti/cacti/issues/7011 | x_refsource_MISC |
| https://github.com/Cacti/cacti/commit/d2a69885495… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T13:02:29.458961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T13:02:42.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cacti",
"vendor": "Cacti",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtool_function_update() can corrupt RRDtool metric values. The rrdtool_function_update() function checks metric values with is_numeric() and concatenates them into the RRDtool update command via PHP string interpolation. PHP\u0027s string cast of floats is locale-sensitive: if LC_NUMERIC uses comma as decimal separator (e.g., de_DE), a value of 1.5 becomes \"1,5\". RRDtool expects . as decimal separator, causing metric data to shift into wrong columns or be silently dropped. No setlocale() reset is present in the update path. This causes a data integrity issue, but is not remotely exploitable; it requires server locale misconfiguration. The issue has been fixed in version 1.2.31."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-474",
"description": "CWE-474: Use of Function with Inconsistent Implementations",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T21:55:49.857Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Cacti/cacti/security/advisories/GHSA-23g4-vf2j-94w4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Cacti/cacti/security/advisories/GHSA-23g4-vf2j-94w4"
},
{
"name": "https://github.com/Cacti/cacti/issues/7011",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Cacti/cacti/issues/7011"
},
{
"name": "https://github.com/Cacti/cacti/commit/d2a698854956e9e4e53da9eab5b5719ae40e6893",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Cacti/cacti/commit/d2a698854956e9e4e53da9eab5b5719ae40e6893"
}
],
"source": {
"advisory": "GHSA-23g4-vf2j-94w4",
"discovery": "UNKNOWN"
},
"title": "Cacti: RRDtool metric shift via LC_NUMERIC locale comma decimal formatting"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39894",
"datePublished": "2026-06-24T21:55:49.857Z",
"dateReserved": "2026-04-07T20:32:03.011Z",
"dateUpdated": "2026-06-25T13:02:42.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24010 (GCVE-0-2026-24010)
Vulnerability from cvelistv5 – Published: 2026-01-22 02:37 – Updated: 2026-01-22 12:48| URL | Tags |
|---|---|
| https://github.com/horilla-opensource/horilla/sec… | x_refsource_CONFIRM |
| https://github.com/horilla-opensource/horilla/rel… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| horilla-opensource | horilla |
Affected:
< 1.5.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24010",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T12:47:16.513885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T12:48:02.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "\u003c 1.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). A critical File Upload vulnerability in versions prior to 1.5.0, with Social Engineering, allows authenticated users to deploy phishing attacks. By uploading a malicious HTML file disguised as a profile picture, an attacker can create a convincing login page replica that steals user credentials. When a victim visits the uploaded file URL, they see an authentic-looking \"Session Expired\" message prompting them to re-authenticate. All entered credentials are captured and sent to the attacker\u0027s server, enabling Account Takeover. Version 1.5.0 patches the issue."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-474",
"description": "CWE-474: Use of Function with Inconsistent Implementations",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T02:37:19.130Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-5jfv-gw8w-49h3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-5jfv-gw8w-49h3"
},
{
"name": "https://github.com/horilla-opensource/horilla/releases/tag/1.5.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/horilla-opensource/horilla/releases/tag/1.5.0"
}
],
"source": {
"advisory": "GHSA-5jfv-gw8w-49h3",
"discovery": "UNKNOWN"
},
"title": "Horilla has HTML Injection Issue that, with Phishing, Leads to Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24010",
"datePublished": "2026-01-22T02:37:19.130Z",
"dateReserved": "2026-01-19T18:49:20.660Z",
"dateUpdated": "2026-01-22T12:48:02.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-0294 (GCVE-0-2021-0294)
Vulnerability from cvelistv5 – Published: 2021-07-15 20:01 – Updated: 2024-09-17 03:03- CWE-474 - : Use of Function with Inconsistent Implementations
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11196 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
18.4R2-S5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11196"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QFX5000 Series, EX4600 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "18.4R2-S5"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue only affects the above devices if configured with:\n\n [ forwarding-options storm-control enhanced ]"
}
],
"datePublic": "2021-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a function is inconsistently implemented on Juniper Networks Junos QFX5000 Series and EX4600 Series, and if \"storm-control enhanced\" is configured, can lead to the enhanced storm control filter group not be installed. It will cause storm control not to work hence allowing an attacker to cause high CPU usage or packet loss issues by sending a large amount of broadcast or unknown unicast packets arriving the device. This issue affects Juniper Networks QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, EX4600, and EX4650, and QFX5100 with QFX 5e Series image installed. QFX5130 and QFX5220 are not affected from this issue. This issue affects Juniper Networks Junos OS 18.4R2-S5 on QFX5000 Series and EX4600 Series. No other product or platform is affected by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-474",
"description": "CWE-474 : Use of Function with Inconsistent Implementations",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T20:01:13.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11196"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases has been updated to resolve this specific issue: Junos OS 18.4R2-S6."
}
],
"source": {
"advisory": "JSA11196",
"defect": [
"1544160"
],
"discovery": "USER"
},
"title": "Junos OS: QFX5000 Series and EX4600 Series: Enhanced storm control might not work leading to partial Denial of Service",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
"ID": "CVE-2021-0294",
"STATE": "PUBLIC",
"TITLE": "Junos OS: QFX5000 Series and EX4600 Series: Enhanced storm control might not work leading to partial Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "QFX5000 Series, EX4600 Series",
"version_affected": "=",
"version_value": "18.4R2-S5"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue only affects the above devices if configured with:\n\n [ forwarding-options storm-control enhanced ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a function is inconsistently implemented on Juniper Networks Junos QFX5000 Series and EX4600 Series, and if \"storm-control enhanced\" is configured, can lead to the enhanced storm control filter group not be installed. It will cause storm control not to work hence allowing an attacker to cause high CPU usage or packet loss issues by sending a large amount of broadcast or unknown unicast packets arriving the device. This issue affects Juniper Networks QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, EX4600, and EX4650, and QFX5100 with QFX 5e Series image installed. QFX5130 and QFX5220 are not affected from this issue. This issue affects Juniper Networks Junos OS 18.4R2-S5 on QFX5000 Series and EX4600 Series. No other product or platform is affected by this vulnerability."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-474 : Use of Function with Inconsistent Implementations"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11196",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11196"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases has been updated to resolve this specific issue: Junos OS 18.4R2-S6."
}
],
"source": {
"advisory": "JSA11196",
"defect": [
"1544160"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0294",
"datePublished": "2021-07-15T20:01:13.621Z",
"dateReserved": "2020-10-27T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:03:15.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-7GWC-2CWP-3W9V
Vulnerability from github – Published: 2024-03-20 18:30 – Updated: 2024-04-01 15:30Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2024-2628"
],
"database_specific": {
"cwe_ids": [
"CWE-474"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-20T17:15:07Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)",
"id": "GHSA-7gwc-2cwp-3w9v",
"modified": "2024-04-01T15:30:28Z",
"published": "2024-03-20T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2628"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/41487774"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7M49-7HPQ-VMXJ
Vulnerability from github – Published: 2026-01-20 06:30 – Updated: 2026-01-20 15:33Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-0902"
],
"database_specific": {
"cwe_ids": [
"CWE-474"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-20T05:16:15Z",
"severity": "CRITICAL"
},
"details": "Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-7m49-7hpq-vmxj",
"modified": "2026-01-20T15:33:11Z",
"published": "2026-01-20T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0902"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/469143679"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F3QR-VG6C-J699
Vulnerability from github – Published: 2024-06-07 21:31 – Updated: 2024-08-01 15:31Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-1694"
],
"database_specific": {
"cwe_ids": [
"CWE-474"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-07T20:15:10Z",
"severity": "HIGH"
},
"details": "Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: High)",
"id": "GHSA-f3qr-vg6c-j699",
"modified": "2024-08-01T15:31:47Z",
"published": "2024-06-07T21:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1694"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/40946325"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G9F9-C2XM-RWMM
Vulnerability from github – Published: 2024-06-11 21:32 – Updated: 2024-06-20 15:31Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-5836"
],
"database_specific": {
"cwe_ids": [
"CWE-474"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-11T21:15:54Z",
"severity": "HIGH"
},
"details": "Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)",
"id": "GHSA-g9f9-c2xm-rwmm",
"modified": "2024-06-20T15:31:11Z",
"published": "2024-06-11T21:32:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5836"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/341875171"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M9F8-FCCV-P7VH
Vulnerability from github – Published: 2024-06-11 21:32 – Updated: 2024-06-20 15:31Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2024-5839"
],
"database_specific": {
"cwe_ids": [
"CWE-474"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-11T21:15:54Z",
"severity": "MODERATE"
},
"details": "Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-m9f8-fccv-p7vh",
"modified": "2024-06-20T15:31:12Z",
"published": "2024-06-11T21:32:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5839"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/340122160"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PQVJ-7WMM-MJVV
Vulnerability from github – Published: 2024-08-06 18:30 – Updated: 2024-08-08 00:31Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2024-7001"
],
"database_specific": {
"cwe_ids": [
"CWE-474"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-06T16:15:50Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-pqvj-7wmm-mjvv",
"modified": "2024-08-08T00:31:44Z",
"published": "2024-08-06T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7001"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/347509736"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q8F8-RHX9-2QM4
Vulnerability from github – Published: 2024-02-21 06:30 – Updated: 2024-08-01 15:31Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2024-1672"
],
"database_specific": {
"cwe_ids": [
"CWE-474"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-21T04:15:08Z",
"severity": "HIGH"
},
"details": "Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-q8f8-rhx9-2qm4",
"modified": "2024-08-01T15:31:26Z",
"published": "2024-02-21T06:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1672"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/41485789"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Do not accept inconsistent behavior from the API specifications when the deviant behavior increase the risk level.
No CAPEC attack patterns related to this CWE.