Common Weakness Enumeration

CWE-358

Allowed

Improperly Implemented Security Check for Standard

Abstraction: Base · Status: Draft

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

197 vulnerabilities reference this CWE, most recent first.

GHSA-MRQC-H6P9-G3PJ

Vulnerability from github – Published: 2025-07-26 18:30 – Updated: 2025-07-26 18:30
VLAI
Details

A vulnerability classified as problematic was found in Comodo Dragon up to 134.0.6998.179. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to security check for standard. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8204"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-26T16:15:25Z",
    "severity": "LOW"
  },
  "details": "A vulnerability classified as problematic was found in Comodo Dragon up to 134.0.6998.179. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to security check for standard. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-mrqc-h6p9-g3pj",
  "modified": "2025-07-26T18:30:22Z",
  "published": "2025-07-26T18:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8204"
    },
    {
      "type": "WEB",
      "url": "https://news.fmisec.com/comodo-dragon-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.317773"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.317773"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.615647"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-P5HG-3XM3-GCJG

Vulnerability from github – Published: 2018-10-17 20:05 – Updated: 2025-01-31 18:51
VLAI
Summary
Spring Framework allows applications to expose STOMP over WebSocket endpoints
Details

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework:spring-messaging"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0.RELEASE"
            },
            {
              "fixed": "5.0.5.RELEASE"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework:spring-messaging"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.3.16.RELEASE"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1270"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358",
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:47:59Z",
    "nvd_published_at": "2018-04-06T13:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.",
  "id": "GHSA-p5hg-3xm3-gcjg",
  "modified": "2025-01-31T18:51:12Z",
  "published": "2018-10-17T20:05:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1270"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/0009806debb578e884f6dc98bd1f2dc668020021"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/e0de9126ed8cf25cf141d3e66420da94e350708a"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44796"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200227125035/https://www.securityfocus.com/bid/103696"
    },
    {
      "type": "WEB",
      "url": "https://pivotal.io/security/cve-2018-1270"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spring-projects/spring-framework"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2939"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Spring Framework allows applications to expose STOMP over WebSocket endpoints"
}

GHSA-P7MF-J4FJ-4RQ3

Vulnerability from github – Published: 2025-03-24 18:31 – Updated: 2025-03-24 18:31
VLAI
Details

A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-26105"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-24T16:15:16Z",
    "severity": "MODERATE"
  },
  "details": "A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests.",
  "id": "GHSA-p7mf-j4fj-4rq3",
  "modified": "2025-03-24T18:31:02Z",
  "published": "2025-03-24T18:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26105"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-20-234"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PC5P-G2CG-MR66

Vulnerability from github – Published: 2026-02-09 06:30 – Updated: 2026-03-05 15:30
VLAI
Details

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.

This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed.

The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-66601"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-09T04:15:49Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product does not\nspecify MIME types. When an attacker performs a content sniffing attack,\nmalicious scripts could be executed.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04",
  "id": "GHSA-pc5p-g2cg-mr66",
  "modified": "2026-03-05T15:30:33Z",
  "published": "2026-02-09T06:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66601"
    },
    {
      "type": "WEB",
      "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-PWFH-MQP3-PQWJ

Vulnerability from github – Published: 2026-05-11 15:29 – Updated: 2026-06-08 23:48
VLAI
Summary
Ella Core has a UE Security Capability bypass on NGAP PathSwitchRequest
Details

Summary

Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities for any UE with arbitrary values by sending a single crafted PathSwitchRequest.

Impact

A gNB can corrupt Ella Core's stored UE security capabilities for a target UE.

Fix

The PathSwitchRequest handler now compares the received UE Security Capabilities against Ella Core's locally stored values, preserves the stored values on mismatch, returns them in the PathSwitchRequestAcknowledge, and logs the event.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/ellanetworks/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.10.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44475"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-11T15:29:37Z",
    "nvd_published_at": "2026-05-27T17:16:39Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nElla Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core\u0027s stored UE security capabilities for any UE with arbitrary values by sending a single crafted PathSwitchRequest.\n\n## Impact\n\nA gNB can corrupt Ella Core\u0027s stored UE security capabilities for a target UE.\n\n## Fix\n\nThe PathSwitchRequest handler now compares the received UE Security Capabilities against Ella Core\u0027s locally stored values, preserves the stored values on mismatch, returns them in the PathSwitchRequestAcknowledge, and logs the event.",
  "id": "GHSA-pwfh-mqp3-pqwj",
  "modified": "2026-06-08T23:48:59Z",
  "published": "2026-05-11T15:29:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-pwfh-mqp3-pqwj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44475"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ellanetworks/core"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Ella Core has a UE Security Capability bypass on NGAP PathSwitchRequest"
}

GHSA-PX93-J66Q-3GQM

Vulnerability from github – Published: 2022-07-30 00:00 – Updated: 2022-08-09 00:00
VLAI
Details

Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2324"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-290",
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-29T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions",
  "id": "GHSA-px93-j66q-3gqm",
  "modified": "2022-08-09T00:00:22Z",
  "published": "2022-07-30T00:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2324"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0014"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q863-2F3F-CF77

Vulnerability from github – Published: 2025-12-18 21:31 – Updated: 2026-01-15 21:31
VLAI
Details

BullWall Ransomware Containment relies on the number of file modifications to trigger detection. An authenticated attacker could encrypt a single large file without triggering a detection alert. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before and after may also be affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-62002"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-18T21:15:54Z",
    "severity": "MODERATE"
  },
  "details": "BullWall Ransomware Containment relies on the number of file modifications to trigger detection. An authenticated attacker could encrypt a single large file without triggering a detection alert. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before and after may also be affected.",
  "id": "GHSA-q863-2f3f-cf77",
  "modified": "2026-01-15T21:31:42Z",
  "published": "2025-12-18T21:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62002"
    },
    {
      "type": "WEB",
      "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/VA-25-352-01.json"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-QFXW-V8QX-VJ3V

Vulnerability from github – Published: 2026-05-11 15:18 – Updated: 2026-06-08 23:48
VLAI
Summary
Ella Core Vulnerable to UE Downlink Redirection via Forged PDUSessionResourceSetupResponse
Details

Summary

A radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's logical NG-connection, then creates a GTP tunnel towards that radio.

Impact

Downlink user-plane traffic for the targeted UE is redirected to the attacker's radio.

Fix

UE context lookups are now scoped to the sending radio's SCTP association.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/ellanetworks/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.10.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44473"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-11T15:18:47Z",
    "nvd_published_at": "2026-05-27T17:16:39Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\nA radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE\u0027s AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE\u0027s logical NG-connection, then creates a GTP tunnel towards that radio.\n\n## Impact\n\nDownlink user-plane traffic for the targeted UE is redirected to the attacker\u0027s radio.\n\n## Fix\n\nUE context lookups are now scoped to the sending radio\u0027s SCTP association.",
  "id": "GHSA-qfxw-v8qx-vj3v",
  "modified": "2026-06-08T23:48:51Z",
  "published": "2026-05-11T15:18:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-qfxw-v8qx-vj3v"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44473"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ellanetworks/core"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Ella Core Vulnerable to UE Downlink Redirection via Forged PDUSessionResourceSetupResponse"
}

GHSA-QHGJ-R7G7-WHQW

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34
VLAI
Details

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16857"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-28T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation\u0027s password policies apply as expected may not have been re-done after the upgrade.",
  "id": "GHSA-qhgj-r7g7-whqw",
  "modified": "2022-05-13T01:34:04Z",
  "published": "2022-05-13T01:34:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16857"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16857"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-52"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20181127-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.samba.org/samba/security/CVE-2018-16857.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106024"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QHQ7-RM64-QH84

Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-10-27 19:00
VLAI
Details

Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34791"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-27T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming.",
  "id": "GHSA-qhq7-rm64-qh84",
  "modified": "2022-10-27T19:00:30Z",
  "published": "2022-05-24T19:18:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34791"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-natalg-bypass-cpKGqkng"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.