Common Weakness Enumeration

CWE-358

Allowed

Improperly Implemented Security Check for Standard

Abstraction: Base · Status: Draft

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

197 vulnerabilities reference this CWE, most recent first.

GHSA-J5FF-WP9G-XPH9

Vulnerability from github – Published: 2025-07-08 15:32 – Updated: 2026-06-09 12:31
VLAI
Details

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all versions, 6.4 all versions and FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions may allow a remote unauthenticated user to bypass the DNS filter via Apple devices.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-55599"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T15:15:23Z",
    "severity": "MODERATE"
  },
  "details": "An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all versions, 6.4 all versions and FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions may allow a remote unauthenticated user to bypass the DNS filter via Apple devices.",
  "id": "GHSA-j5ff-wp9g-xph9",
  "modified": "2026-06-09T12:31:58Z",
  "published": "2025-07-08T15:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55599"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-053"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J6RC-C6GR-MF89

Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38
VLAI
Details

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-8635"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-01T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.",
  "id": "GHSA-j6rc-c6gr-mf89",
  "modified": "2022-05-13T01:38:38Z",
  "published": "2022-05-13T01:38:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8635"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-46"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94346"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JM3Q-4P3V-CV8W

Vulnerability from github – Published: 2024-08-13 09:30 – Updated: 2024-08-13 09:30
VLAI
Details

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41907"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-13T08:15:13Z",
    "severity": "LOW"
  },
  "details": "A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions \u003c V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack.",
  "id": "GHSA-jm3q-4p3v-cv8w",
  "modified": "2024-08-13T09:30:52Z",
  "published": "2024-08-13T09:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41907"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-716317.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JM7G-JGQ2-CXF3

Vulnerability from github – Published: 2026-02-18 00:30 – Updated: 2026-02-18 00:30
VLAI
Details

IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13333"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-17T23:16:18Z",
    "severity": "MODERATE"
  },
  "details": "IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.",
  "id": "GHSA-jm7g-jgq2-cxf3",
  "modified": "2026-02-18T00:30:16Z",
  "published": "2026-02-18T00:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13333"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7260217"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JXRP-HX95-X2CH

Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2022-05-13 01:35
VLAI
Details

A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container management subsystem within DNA Center. An attacker who has the ability to access the Kubernetes service port could execute commands with elevated privileges within provisioned containers. A successful exploit could result in a complete compromise of affected containers. This vulnerability affects Cisco DNA Center Software Releases 1.1.3 and prior. Cisco Bug IDs: CSCvi47253.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-0268"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-17T03:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container management subsystem within DNA Center. An attacker who has the ability to access the Kubernetes service port could execute commands with elevated privileges within provisioned containers. A successful exploit could result in a complete compromise of affected containers. This vulnerability affects Cisco DNA Center Software Releases 1.1.3 and prior. Cisco Bug IDs: CSCvi47253.",
  "id": "GHSA-jxrp-hx95-x2ch",
  "modified": "2022-05-13T01:35:29Z",
  "published": "2022-05-13T01:35:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0268"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104192"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MC29-HMX6-856Q

Vulnerability from github – Published: 2026-05-11 15:29 – Updated: 2026-06-08 23:48
VLAI
Summary
Ella Core has handover failures during concurrent Security Mode Command
Details

Summary

Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending (and vice versa).

Impact

Concurrent Security Mode Command and N2 handover produce a KgNB mismatch between the UE and target gNB, causing the handover to fail. Requires a stalled gNB + re-registration race to trigger.

Fix

Ella Core now enforces both rules from §6.9.5.1, blocking concurrent Security Mode Command and N2 handover procedures.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/ellanetworks/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.10.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44474"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-11T15:29:41Z",
    "nvd_published_at": "2026-05-27T17:16:39Z",
    "severity": "LOW"
  },
  "details": "## Summary\n\nElla Core didn\u0027t enforce security rules on concurrent running of security procedures defined in TS 33.501 \u00a76.9.5.1 \u2014 it could send a NAS Security Mode Command while an N2 handover was still pending (and vice versa).\n\n## Impact\n\nConcurrent Security Mode Command and N2 handover produce a KgNB mismatch between the UE and target gNB, causing the handover to fail. Requires a stalled gNB + re-registration race to trigger.\n\n## Fix\n\nElla Core now enforces both rules from \u00a76.9.5.1, blocking concurrent Security Mode Command and N2 handover procedures.",
  "id": "GHSA-mc29-hmx6-856q",
  "modified": "2026-06-08T23:48:56Z",
  "published": "2026-05-11T15:29:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-mc29-hmx6-856q"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44474"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ellanetworks/core"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Ella Core has handover failures during concurrent Security Mode Command"
}

GHSA-MC9V-RQ2Q-H4R4

Vulnerability from github – Published: 2024-12-04 15:31 – Updated: 2024-12-04 15:31
VLAI
Details

The Client secret is not checked when using the OAuth Password grant type.

By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requires valid credentials and does not permit the attacker to bypass user privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12056"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-04T15:15:09Z",
    "severity": "LOW"
  },
  "details": "The Client secret is not checked when using the OAuth Password grant type.\n\nBy exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment.\nExploitation requires valid credentials and does not permit the attacker to bypass user privileges.",
  "id": "GHSA-mc9v-rq2q-h4r4",
  "modified": "2024-12-04T15:31:52Z",
  "published": "2024-12-04T15:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12056"
    },
    {
      "type": "WEB",
      "url": "https://www.pcvue.com/security/security/#SB2024-4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:X/RE:M/U:Green",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-MF6M-3QV8-QP4Q

Vulnerability from github – Published: 2025-03-17 15:31 – Updated: 2025-03-17 15:31
VLAI
Details

FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately detect certain types of malformed or non-standard RAR archives, potentially containing malicious files. Based on the samples provided, FortiClient will detect the malicious files upon trying extraction by real-time scanning and FortiGate will detect the malicious archive if Virus Outbreak Prevention is enabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-9295"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-17T14:15:16Z",
    "severity": "MODERATE"
  },
  "details": "FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately detect certain types of malformed or non-standard RAR archives, potentially containing malicious files. Based on the samples provided, FortiClient will detect the malicious files upon trying extraction by real-time scanning and FortiGate will detect the malicious archive if Virus Outbreak Prevention is enabled.",
  "id": "GHSA-mf6m-3qv8-qp4q",
  "modified": "2025-03-17T15:31:48Z",
  "published": "2025-03-17T15:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9295"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/psirt/FG-IR-20-037"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MGV9-8JJ6-QQ93

Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-15 15:30
VLAI
Details

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiProxy 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0.1 through 7.0.21, and FortiOS 7.6.0 through 7.6.3 explicit web proxy may allow an authenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-25255"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T16:15:37Z",
    "severity": "MODERATE"
  },
  "details": "An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiProxy 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0.1 through 7.0.21, and FortiOS 7.6.0 through 7.6.3 explicit web proxy may allow an authenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests.",
  "id": "GHSA-mgv9-8jj6-qq93",
  "modified": "2025-10-15T15:30:27Z",
  "published": "2025-10-14T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25255"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-372"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MH64-F367-WJJW

Vulnerability from github – Published: 2026-04-06 00:30 – Updated: 2026-04-06 00:30
VLAI
Details

Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometimes not verifying Sprout proofs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-35679"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-05T22:16:01Z",
    "severity": "LOW"
  },
  "details": "Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometimes not verifying Sprout proofs.",
  "id": "GHSA-mh64-f367-wjjw",
  "modified": "2026-04-06T00:30:24Z",
  "published": "2026-04-06T00:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35679"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zcash/zcash/commit/db969c63f48f0f9fc518112ed0b7ace1af78b9d0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zcash/zcash/releases/tag/v6.12.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.