Common Weakness Enumeration

CWE-358

Allowed

Improperly Implemented Security Check for Standard

Abstraction: Base · Status: Draft

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

197 vulnerabilities reference this CWE, most recent first.

GHSA-76F9-42QX-MFMX

Vulnerability from github – Published: 2025-11-28 06:32 – Updated: 2025-11-28 06:32
VLAI
Details

Vulnerability of improper criterion security check in the call module. Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-58308"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-28T04:16:00Z",
    "severity": "HIGH"
  },
  "details": "Vulnerability of improper criterion security check in the call module.\nImpact: Successful exploitation of this vulnerability may cause features to perform abnormally.",
  "id": "GHSA-76f9-42qx-mfmx",
  "modified": "2025-11-28T06:32:06Z",
  "published": "2025-11-28T06:32:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58308"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2025/11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77X9-RF64-92GV

Vulnerability from github – Published: 2026-05-07 01:53 – Updated: 2026-06-08 23:46
VLAI
Summary
Free5GC AMF Bypasses UE Security Capabilities on NGAP PathSwitchRequest
Details

Summary

The AMF in Free5GC v4.2.1 does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious gNB can overwrite the AMF's stored UE security capabilities with arbitrary values, which are then propagated in PathSwitchRequest Acknowledge messages and subsequent Handover Request messages. This leads to persistent handover denial-of-service for affected UEs.

Details

Affected File: amf/internal/ngap/handler.gohandlePathSwitchRequestMain function

Root Cause:

When the AMF receives a PathSwitchRequest during an Xn-handover, it processes the UESecurityCapabilities IE by directly overwriting the stored values without comparing them to the previously stored capabilities:

if uESecurityCapabilities != nil {
    amfUe.UESecurityCapability.SetEA1_128_5G(uESecurityCapabilities.NRencryptionAlgorithms.Value.Bytes[0] & 0x80)
    amfUe.UESecurityCapability.SetEA2_128_5G(uESecurityCapabilities.NRencryptionAlgorithms.Value.Bytes[0] & 0x40)
    amfUe.UESecurityCapability.SetEA3_128_5G(uESecurityCapabilities.NRencryptionAlgorithms.Value.Bytes[0] & 0x20)
    amfUe.UESecurityCapability.SetIA1_128_5G(uESecurityCapabilities.NRintegrityProtectionAlgorithms.Value.Bytes[0] & 0x80)
    amfUe.UESecurityCapability.SetIA2_128_5G(uESecurityCapabilities.NRintegrityProtectionAlgorithms.Value.Bytes[0] & 0x40)
    amfUe.UESecurityCapability.SetIA3_128_5G(uESecurityCapabilities.NRintegrityProtectionAlgorithms.Value.Bytes[0] & 0x20)
}

3GPP TS 33.501 §6.7.3.1 requires three actions, none of which are implemented:

  1. Verification (SHALL): "The AMF shall verify that the UE's 5G security capabilities received from the target gNB/ng-eNB are the same as the UE's 5G security capabilities that the AMF has locally stored." → Not implemented. The AMF unconditionally overwrites stored values.

  2. Correction (SHALL): "If there is a mismatch, the AMF shall send its locally stored 5G security capabilities of the UE to the target gNB/ng-eNB in the Path-Switch Acknowledge message." → Not implemented. The PathSwitchRequestAcknowledge contains the corrupted values.

  3. Logging (SHALL): "The AMF shall support logging capabilities for this event and may take additional measures, such as raising an alarm." → Not implemented. No mismatch detection or logging exists.

Propagation:

The corrupted values are propagated in: - PathSwitchRequestAcknowledge: Contains corrupted UESecurityCapabilities (demonstrated in pcap) - Subsequent HandoverRequest messages: AMF sends corrupted capabilities to target gNBs

Per TS 38.413 §8.4.2.4, if the supported algorithms in the UE Security Capabilities do not match any allowed algorithms configured in the target gNB, the target gNB is required to reject the procedure using a HANDOVER FAILURE message.

PoC

Environment: - Free5GC v4.2.1 AMF (Docker container) with full NF stack (NRF, AUSF, UDM, UDR, NSSF, PCF, SMF, UPF) - UERANSIM v3.2.7 gNB with custom inspection-tool extension - tshark for packet capture

Reproduction Steps:

  1. Start Free5GC full stack and register a UE through a gNB (NG Setup → Registration → PDU Session Setup).

  2. Send a normal HandoverRequired from the gNB. Capture the resulting HandoverRequest from the AMF and confirm nRintegrityProtectionAlgorithms = 0xe000 (NIA1, NIA2, NIA3 all supported). This is the baseline.

  3. Send a PathSwitchRequest with nRintegrityProtectionAlgorithms = 0x0000 (all integrity algorithms set to not supported). The AMF responds with PathSwitchRequestAcknowledge.

  4. Observe that the PathSwitchRequestAcknowledge contains nRintegrityProtectionAlgorithms = 0x0000 — the corrupted values are propagated back.

Observed Result (from pcap capture):

Packet Message nRintegrityProtectionAlgorithms
#20 HandoverRequest (AMF→gNB) 0xe000 (NIA1 ✓ NIA2 ✓ NIA3 ✓) — baseline
#30 PathSwitchRequest (gNB→AMF) 0x0000poison
#47 PathSwitchRequestAcknowledge (AMF→gNB) 0x0000 (NIA1 ✗ NIA2 ✗ NIA3 ✗) — corrupted

Impact

Availability (HIGH): A malicious gNB can send a single PathSwitchRequest message to corrupt the AMF's stored UE security capabilities for any UE. All subsequent inter-gNB handovers for the affected UE are expected to fail (per TS 38.413 §8.4.2.4), resulting in denial-of-service that persists until the UE performs a new registration.

Integrity (LOW): The AMF's internal UE security context is corrupted with attacker-controlled values. These corrupted values are propagated to other network elements via PathSwitchRequestAcknowledge and HandoverRequest messages.

Who is impacted: Any deployment using Free5GC as the AMF where a gNB could be compromised or where untrusted gNBs exist (e.g., O-RAN multi-vendor deployments).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/free5gc/amf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42081"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-07T01:53:47Z",
    "nvd_published_at": "2026-05-27T17:16:34Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nThe AMF in Free5GC v4.2.1 does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 \u00a76.7.3.1. A malicious gNB can overwrite the AMF\u0027s stored UE security capabilities with arbitrary values, which are then propagated in PathSwitchRequest Acknowledge messages and subsequent Handover Request messages. This leads to persistent handover denial-of-service for affected UEs.\n\n### Details\n**Affected File:** `amf/internal/ngap/handler.go` \u2014 `handlePathSwitchRequestMain` function\n\n**Root Cause:**\n\nWhen the AMF receives a PathSwitchRequest during an Xn-handover, it processes the UESecurityCapabilities IE by directly overwriting the stored values without comparing them to the previously stored capabilities:\n\n```go\nif uESecurityCapabilities != nil {\n    amfUe.UESecurityCapability.SetEA1_128_5G(uESecurityCapabilities.NRencryptionAlgorithms.Value.Bytes[0] \u0026 0x80)\n    amfUe.UESecurityCapability.SetEA2_128_5G(uESecurityCapabilities.NRencryptionAlgorithms.Value.Bytes[0] \u0026 0x40)\n    amfUe.UESecurityCapability.SetEA3_128_5G(uESecurityCapabilities.NRencryptionAlgorithms.Value.Bytes[0] \u0026 0x20)\n    amfUe.UESecurityCapability.SetIA1_128_5G(uESecurityCapabilities.NRintegrityProtectionAlgorithms.Value.Bytes[0] \u0026 0x80)\n    amfUe.UESecurityCapability.SetIA2_128_5G(uESecurityCapabilities.NRintegrityProtectionAlgorithms.Value.Bytes[0] \u0026 0x40)\n    amfUe.UESecurityCapability.SetIA3_128_5G(uESecurityCapabilities.NRintegrityProtectionAlgorithms.Value.Bytes[0] \u0026 0x20)\n}\n```\n\n**3GPP TS 33.501 \u00a76.7.3.1 requires three actions, none of which are implemented:**\n\n1. **Verification (SHALL):** \"The AMF shall verify that the UE\u0027s 5G security capabilities received from the target gNB/ng-eNB are the same as the UE\u0027s 5G security capabilities that the AMF has locally stored.\"\n   \u2192 Not implemented. The AMF unconditionally overwrites stored values.\n\n2. **Correction (SHALL):** \"If there is a mismatch, the AMF shall send its locally stored 5G security capabilities of the UE to the target gNB/ng-eNB in the Path-Switch Acknowledge message.\"\n   \u2192 Not implemented. The PathSwitchRequestAcknowledge contains the corrupted values.\n\n3. **Logging (SHALL):** \"The AMF shall support logging capabilities for this event and may take additional measures, such as raising an alarm.\"\n   \u2192 Not implemented. No mismatch detection or logging exists.\n\n**Propagation:**\n\nThe corrupted values are propagated in:\n- **PathSwitchRequestAcknowledge:** Contains corrupted UESecurityCapabilities (demonstrated in pcap)\n- **Subsequent HandoverRequest messages:** AMF sends corrupted capabilities to target gNBs\n\nPer TS 38.413 \u00a78.4.2.4, if the supported algorithms in the UE Security Capabilities do not match any allowed algorithms configured in the target gNB, the target gNB is required to reject the procedure using a HANDOVER FAILURE message.\n\n### PoC\n**Environment:**\n- Free5GC v4.2.1 AMF (Docker container) with full NF stack (NRF, AUSF, UDM, UDR, NSSF, PCF, SMF, UPF)\n- UERANSIM v3.2.7 gNB with custom inspection-tool extension\n- tshark for packet capture\n\n**Reproduction Steps:**\n\n1. Start Free5GC full stack and register a UE through a gNB (NG Setup \u2192 Registration \u2192 PDU Session Setup).\n\n2. Send a normal HandoverRequired from the gNB. Capture the resulting HandoverRequest from the AMF and confirm `nRintegrityProtectionAlgorithms = 0xe000` (NIA1, NIA2, NIA3 all supported). This is the baseline.\n\n3. Send a PathSwitchRequest with `nRintegrityProtectionAlgorithms = 0x0000` (all integrity algorithms set to not supported). The AMF responds with PathSwitchRequestAcknowledge.\n\n4. Observe that the PathSwitchRequestAcknowledge contains `nRintegrityProtectionAlgorithms = 0x0000` \u2014 the corrupted values are propagated back.\n\n**Observed Result (from pcap capture):**\n\n| Packet | Message | nRintegrityProtectionAlgorithms |\n|--------|---------|-------------------------------|\n| #20 | HandoverRequest (AMF\u2192gNB) | `0xe000` (NIA1 \u2713 NIA2 \u2713 NIA3 \u2713) \u2014 **baseline** |\n| #30 | PathSwitchRequest (gNB\u2192AMF) | `0x0000` \u2014 **poison** |\n| #47 | PathSwitchRequestAcknowledge (AMF\u2192gNB) | `0x0000` (NIA1 \u2717 NIA2 \u2717 NIA3 \u2717) \u2014 **corrupted** |\n\n### Impact\n**Availability (HIGH):** A malicious gNB can send a single PathSwitchRequest message to corrupt the AMF\u0027s stored UE security capabilities for any UE. All subsequent inter-gNB handovers for the affected UE are expected to fail (per TS 38.413 \u00a78.4.2.4), resulting in denial-of-service that persists until the UE performs a new registration.\n\n**Integrity (LOW):** The AMF\u0027s internal UE security context is corrupted with attacker-controlled values. These corrupted values are propagated to other network elements via PathSwitchRequestAcknowledge and HandoverRequest messages.\n\n**Who is impacted:** Any deployment using Free5GC as the AMF where a gNB could be compromised or where untrusted gNBs exist (e.g., O-RAN multi-vendor deployments).",
  "id": "GHSA-77x9-rf64-92gv",
  "modified": "2026-06-08T23:46:37Z",
  "published": "2026-05-07T01:53:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-77x9-rf64-92gv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42081"
    },
    {
      "type": "WEB",
      "url": "https://github.com/free5gc/amf/blame/v1.4.3/internal/ngap/handler.go"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/free5gc/free5gc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Free5GC AMF Bypasses UE Security Capabilities on NGAP PathSwitchRequest"
}

GHSA-7FMX-WHJ8-2PCW

Vulnerability from github – Published: 2026-07-01 09:30 – Updated: 2026-07-01 09:30
VLAI
Details

DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-12577"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-01T08:16:21Z",
    "severity": "HIGH"
  },
  "details": "DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability.",
  "id": "GHSA-7fmx-whj8-2pcw",
  "modified": "2026-07-01T09:30:25Z",
  "published": "2026-07-01T09:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12577"
    },
    {
      "type": "WEB",
      "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00009_DVP80ES3%20Multiple%20Vulnerabilities_v1%20(CVE-2026-12575,%2012576,%2012577).pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7GJ8-545R-5295

Vulnerability from github – Published: 2024-07-17 00:32 – Updated: 2024-08-01 15:32
VLAI
Details

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6773"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-16T22:15:06Z",
    "severity": "HIGH"
  },
  "details": "Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-7gj8-545r-5295",
  "modified": "2024-08-01T15:32:03Z",
  "published": "2024-07-17T00:32:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6773"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/347724915"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7JR6-FVM5-H86M

Vulnerability from github – Published: 2024-07-17 00:32 – Updated: 2024-07-18 15:31
VLAI
Details

Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5500"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-16T23:15:24Z",
    "severity": "MODERATE"
  },
  "details": "Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)",
  "id": "GHSA-7jr6-fvm5-h86m",
  "modified": "2024-07-18T15:31:19Z",
  "published": "2024-07-17T00:32:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5500"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/40069622"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7JW6-8F8G-469V

Vulnerability from github – Published: 2024-04-17 09:30 – Updated: 2024-07-03 18:34
VLAI
Details

Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-3844"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T08:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)",
  "id": "GHSA-7jw6-8f8g-469v",
  "modified": "2024-07-03T18:34:44Z",
  "published": "2024-04-17T09:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3844"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/40058873"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-853F-85Q7-7X23

Vulnerability from github – Published: 2022-05-14 03:47 – Updated: 2022-05-14 03:47
VLAI
Details

In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15663"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-10T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120.",
  "id": "GHSA-853f-85q7-7x23",
  "modified": "2022-05-14T03:47:20Z",
  "published": "2022-05-14T03:47:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15663"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/43452"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/43589"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/145763/Disk-Pulse-Enterprise-10.1.18-Denial-Of-Service.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8582-9V9F-8XJX

Vulnerability from github – Published: 2026-02-09 06:30 – Updated: 2026-02-09 06:30
VLAI
Details

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.

This product lacks HSTS (HTTP Strict Transport Security) configuration. When an attacker performs a Man in the middle (MITM) attack, communications with the web server could be sniffed.

The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-66600"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-09T04:15:49Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product lacks\nHSTS (HTTP Strict Transport Security) configuration. When an attacker performs\na Man in the middle (MITM) attack, communications with the web server could be\nsniffed.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04",
  "id": "GHSA-8582-9v9f-8xjx",
  "modified": "2026-02-09T06:30:27Z",
  "published": "2026-02-09T06:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66600"
    },
    {
      "type": "WEB",
      "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-898M-PH5Q-GGVF

Vulnerability from github – Published: 2024-04-12 15:37 – Updated: 2024-08-01 15:31
VLAI
Details

An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-25545"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-12T13:15:15Z",
    "severity": "HIGH"
  },
  "details": "An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component.",
  "id": "GHSA-898m-ph5q-ggvf",
  "modified": "2024-08-01T15:31:38Z",
  "published": "2024-04-12T15:37:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25545"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/khronokernel/b68709335aa097752423f5d6844c3aa3"
    },
    {
      "type": "WEB",
      "url": "https://www.weavehelp.com/hc/en-us/articles/360060696152-Download-the-Weave-Desktop-App"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8C7F-4QVQ-QQ68

Vulnerability from github – Published: 2022-05-17 00:16 – Updated: 2022-05-17 00:16
VLAI
Details

Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory settings.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8152"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-22T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory settings.",
  "id": "GHSA-8c7f-4qvq-qq68",
  "modified": "2022-05-17T00:16:43Z",
  "published": "2022-05-17T00:16:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8152"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-02-smartphone-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.