CWE-358
AllowedImproperly Implemented Security Check for Standard
Abstraction: Base · Status: Draft
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
197 vulnerabilities reference this CWE, most recent first.
GHSA-8GMM-VHF5-739X
Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:29cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).
{
"affected": [],
"aliases": [
"CVE-2018-20934"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-01T16:15:00Z",
"severity": "MODERATE"
},
"details": "cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).",
"id": "GHSA-8gmm-vhf5-739x",
"modified": "2024-04-04T01:29:19Z",
"published": "2022-05-24T16:52:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20934"
},
{
"type": "WEB",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-8RV2-8C5X-G54V
Vulnerability from github – Published: 2024-04-30 15:30 – Updated: 2024-04-30 15:30A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned firmware.
{
"affected": [],
"aliases": [
"CVE-2024-2617"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-30T13:15:47Z",
"severity": "HIGH"
},
"details": "\nA vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update. If a\nmalicious actor successfully exploits this vulnerability, they\ncould use it to update the RTU500 with unsigned firmware.\n\n",
"id": "GHSA-8rv2-8c5x-g54v",
"modified": "2024-04-30T15:30:37Z",
"published": "2024-04-30T15:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2617"
},
{
"type": "WEB",
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000199\u0026languageCode=en\u0026Preview=true"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-928V-HP47-95M3
Vulnerability from github – Published: 2023-08-14 06:30 – Updated: 2024-04-04 06:54A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully.
{
"affected": [],
"aliases": [
"CVE-2023-3266"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-14T05:15:10Z",
"severity": "CRITICAL"
},
"details": "A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully.",
"id": "GHSA-928v-hp47-95m3",
"modified": "2024-04-04T06:54:39Z",
"published": "2023-08-14T06:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3266"
},
{
"type": "WEB",
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9C3J-XM6V-J7J3
Vulnerability from github – Published: 2026-05-11 19:34 – Updated: 2026-06-08 23:20Given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that, when accessed via the file_download.php link, will be downloaded with a valid JavaScript MIME type resulting in script execution.
The uploaded payload must be sniffed as a valid JavaScript MIME type by PHP finfo (see file_create_finfo() API function). Non-JavaScript MIME types will not get imported in a <script> tag by the browser, due to response header X-Content-Type-Options being set to nosniff, which requires all imported JavaScript files to be a valid JavaScript MIME type.
Impact
Cross-site scripting
Patches
- 9e3bee2e7b909f4e3596985892b8bc8bee9e0bfe
Workarounds
None
Credits
Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.28.1"
},
"package": {
"ecosystem": "Packagist",
"name": "mantisbt/mantisbt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.28.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-40597"
],
"database_specific": {
"cwe_ids": [
"CWE-358",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-11T19:34:48Z",
"nvd_published_at": "2026-05-22T20:16:34Z",
"severity": "HIGH"
},
"details": "Given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy\u0027s _script-src_ directive by uploading a crafted attachment to any issue that, when accessed via the _file_download.php_ link, will be downloaded with a valid JavaScript MIME type resulting in script execution.\n\nThe uploaded payload must be sniffed as a valid JavaScript MIME type by PHP finfo (see file_create_finfo() API function). Non-JavaScript MIME types will not get imported in a `\u003cscript\u003e` tag by the browser, due to response header X-Content-Type-Options being set to _nosniff_, which requires all imported JavaScript files to be a valid JavaScript MIME type.\n\n### Impact\nCross-site scripting\n\n### Patches\n- 9e3bee2e7b909f4e3596985892b8bc8bee9e0bfe\n\n### Workarounds\nNone\n\n### Credits\nThanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.",
"id": "GHSA-9c3j-xm6v-j7j3",
"modified": "2026-06-08T23:20:21Z",
"published": "2026-05-11T19:34:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40597"
},
{
"type": "WEB",
"url": "https://github.com/mantisbt/mantisbt/commit/9e3bee2e7b909f4e3596985892b8bc8bee9e0bfe"
},
{
"type": "PACKAGE",
"url": "https://github.com/mantisbt/mantisbt"
},
{
"type": "WEB",
"url": "https://mantisbt.org/bugs/view.php?id=37016"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "MantisBT has a Content Security Policy bypass via attachments"
}
GHSA-9GHH-RH79-4VMR
Vulnerability from github – Published: 2026-04-16 06:31 – Updated: 2026-04-22 21:31A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.
{
"affected": [],
"aliases": [
"CVE-2026-22618"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-16T06:16:10Z",
"severity": "MODERATE"
},
"details": "A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web\u2011based attacks.\u00a0This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.",
"id": "GHSA-9ghh-rh79-4vmr",
"modified": "2026-04-22T21:31:49Z",
"published": "2026-04-16T06:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22618"
},
{
"type": "WEB",
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9GMW-9QG6-35HM
Vulnerability from github – Published: 2024-11-12 21:30 – Updated: 2024-11-12 21:30An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests.
{
"affected": [],
"aliases": [
"CVE-2024-33510"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T19:15:09Z",
"severity": "MODERATE"
},
"details": "An\u00a0improper neutralization of special elements in output used by a downstream component (\u0027Injection\u0027) vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests.",
"id": "GHSA-9gmw-9qg6-35hm",
"modified": "2024-11-12T21:30:52Z",
"published": "2024-11-12T21:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33510"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-033"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9GXF-8QJ8-9G4F
Vulnerability from github – Published: 2022-05-14 01:53 – Updated: 2022-05-14 01:53Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.
{
"affected": [],
"aliases": [
"CVE-2017-7177"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-18T20:59:00Z",
"severity": "HIGH"
},
"details": "Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.",
"id": "GHSA-9gxf-8qj8-9g4f",
"modified": "2022-05-14T01:53:10Z",
"published": "2022-05-14T01:53:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7177"
},
{
"type": "WEB",
"url": "https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00000.html"
},
{
"type": "WEB",
"url": "https://redmine.openinfosecfoundation.org/issues/2019"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97047"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9GXQ-WFG7-72X4
Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2025-11-04 21:30A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
{
"affected": [],
"aliases": [
"CVE-2020-25685"
],
"database_specific": {
"cwe_ids": [
"CWE-326",
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-20T16:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.",
"id": "GHSA-9gxq-wfg7-72x4",
"modified": "2025-11-04T21:30:24Z",
"published": "2022-05-24T17:39:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25685"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889688"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202101-17"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4844"
},
{
"type": "WEB",
"url": "https://www.jsof-tech.com/disclosures/dnspooq"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/434904"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9Q2P-FJ49-VPXJ
Vulnerability from github – Published: 2018-10-10 16:10 – Updated: 2024-09-24 20:09In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the "only" option, and there is a user role that produces an empty value for "only").
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "marshmallow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.15.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "marshmallow"
},
"ranges": [
{
"events": [
{
"introduced": "3.0a0"
},
{
"fixed": "3.0.0b9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-17175"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:29:19Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema \"only\" option treats an empty list as implying no \"only\" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the \"only\" option, and there is a user role that produces an empty value for \"only\").",
"id": "GHSA-9q2p-fj49-vpxj",
"modified": "2024-09-24T20:09:28Z",
"published": "2018-10-10T16:10:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17175"
},
{
"type": "WEB",
"url": "https://github.com/marshmallow-code/marshmallow/issues/772"
},
{
"type": "WEB",
"url": "https://github.com/marshmallow-code/marshmallow/pull/777"
},
{
"type": "WEB",
"url": "https://github.com/marshmallow-code/marshmallow/pull/782"
},
{
"type": "PACKAGE",
"url": "https://github.com/marshmallow-code"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/marshmallow/PYSEC-2018-67.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "In marshmallow library the schema \"only\" option treats an empty list as implying no \"only\" option"
}
GHSA-9XP3-MP9C-47RF
Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2025-11-04 21:30A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
{
"affected": [],
"aliases": [
"CVE-2020-25686"
],
"database_specific": {
"cwe_ids": [
"CWE-290",
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-20T17:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the \"Birthday Attacks\" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.",
"id": "GHSA-9xp3-mp9c-47rf",
"modified": "2025-11-04T21:30:25Z",
"published": "2022-05-24T17:39:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25686"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890125"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202101-17"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4844"
},
{
"type": "WEB",
"url": "https://www.jsof-tech.com/disclosures/dnspooq"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/434904"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.