Common Weakness Enumeration

CWE-657

Discouraged

Violation of Secure Design Principles

Abstraction: Class · Status: Draft

The product violates well-established principles for secure design.

35 vulnerabilities reference this CWE, most recent first.

CVE-2021-28583 (GCVE-0-2021-28583)

Vulnerability from cvelistv5 – Published: 2021-06-28 13:47 – Updated: 2024-09-17 03:28
VLAI
Title
Magento Commerce insecure storage of sensitive documentation
Summary
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources.
CWE
  • CWE-657 - Violation of Secure Design Principles (CWE-657)
Assigner
References
Impacted products
Vendor Product Version
Adobe Magento Commerce Affected: unspecified , ≤ 2.4.2 (custom)
Affected: unspecified , ≤ 2.3.6-p1 (custom)
Affected: unspecified , ≤ 2.4.1-p1 (custom)
Affected: unspecified , ≤ None (custom)
Create a notification for this product.
Date Public
2021-05-11 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:47:32.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Magento Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.3.6-p1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.4.1-p1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "None",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-05-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-657",
              "description": "Violation of Secure Design Principles (CWE-657)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-28T13:47:40.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Magento Commerce insecure storage of sensitive documentation",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "DATE_PUBLIC": "2021-05-11T23:00:00.000Z",
          "ID": "CVE-2021-28583",
          "STATE": "PUBLIC",
          "TITLE": "Magento Commerce insecure storage of sensitive documentation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Magento Commerce",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2.4.2"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2.3.6-p1"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2.4.1-p1"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "None"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "None",
            "attackVector": "None",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "None",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Violation of Secure Design Principles (CWE-657)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb21-30.html",
              "refsource": "MISC",
              "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2021-28583",
    "datePublished": "2021-06-28T13:47:40.431Z",
    "dateReserved": "2021-03-16T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:28:26.746Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-8133 (GCVE-0-2020-8133)

Vulnerability from cvelistv5 – Published: 2020-11-09 14:25 – Updated: 2024-08-04 09:48
VLAI
Summary
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.
Severity
No CVSS data available.
CWE
  • CWE-657 - Violation of Secure Design Principles (CWE-657)
Assigner
References
Impacted products
Vendor Product Version
n/a Nextcloud Server Affected: 19.0.2
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:48:25.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/661051%2C"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-038"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Nextcloud Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "19.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-657",
              "description": "Violation of Secure Design Principles (CWE-657)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-09T14:25:24.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/661051%2C"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-038"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8133",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Nextcloud Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "19.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Violation of Secure Design Principles (CWE-657)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://hackerone.com/reports/661051,",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/661051,"
            },
            {
              "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-038",
              "refsource": "MISC",
              "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-038"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8133",
    "datePublished": "2020-11-09T14:25:24.000Z",
    "dateReserved": "2020-01-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T09:48:25.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-15611 (GCVE-0-2019-15611)

Vulnerability from cvelistv5 – Published: 2020-02-04 19:08 – Updated: 2024-08-05 00:56
VLAI
Summary
Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.
Severity
No CVSS data available.
CWE
  • CWE-657 - Violation of Secure Design Principles (CWE-657)
Assigner
References
Impacted products
Vendor Product Version
n/a Nextcloud iOS Affected: 2.23.0
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:56:20.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/672623"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-017"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Nextcloud iOS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2.23.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-657",
              "description": "Violation of Secure Design Principles (CWE-657)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-04T19:08:57.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/672623"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-017"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2019-15611",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Nextcloud iOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.23.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Violation of Secure Design Principles (CWE-657)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://hackerone.com/reports/672623",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/672623"
            },
            {
              "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-017",
              "refsource": "MISC",
              "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-017"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2019-15611",
    "datePublished": "2020-02-04T19:08:57.000Z",
    "dateReserved": "2019-08-26T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:56:20.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-5478 (GCVE-0-2019-5478)

Vulnerability from cvelistv5 – Published: 2019-09-03 19:17 – Updated: 2024-08-04 19:54
VLAI
Summary
A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.
Severity
No CVSS data available.
CWE
  • CWE-657 - Violation of Secure Design Principles (CWE-657)
Assigner
References
Impacted products
Vendor Product Version
n/a Zynq UltraScale+ SoC Affected: Not Fixed
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:54:53.489Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.xilinx.com/support/answers/72588.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Zynq UltraScale+ SoC",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Not Fixed"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-657",
              "description": "Violation of Secure Design Principles (CWE-657)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-03T19:17:35.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.xilinx.com/support/answers/72588.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2019-5478",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Zynq UltraScale+ SoC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Not Fixed"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Violation of Secure Design Principles (CWE-657)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.xilinx.com/support/answers/72588.html",
              "refsource": "MISC",
              "url": "https://www.xilinx.com/support/answers/72588.html"
            },
            {
              "name": "https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt",
              "refsource": "MISC",
              "url": "https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2019-5478",
    "datePublished": "2019-09-03T19:17:35.000Z",
    "dateReserved": "2019-01-04T00:00:00.000Z",
    "dateUpdated": "2024-08-04T19:54:53.489Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-0061 (GCVE-0-2019-0061)

Vulnerability from cvelistv5 – Published: 2019-10-09 19:26 – Updated: 2024-09-17 03:13
VLAI
Title
Junos OS: Insecure management daemon (MGD) configuration may allow local privilege escalation
Summary
The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the internal socket, a local, authenticated user may be able to exploit this vulnerability to gain administrative privileges. This issue only affects Linux-based platforms. FreeBSD-based platforms are unaffected by this vulnerability. Exploitation of this vulnerability requires Junos shell access. This issue cannot be exploited from the Junos CLI. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.
CWE
  • CWE-657 - Violation of Secure Design Principles
Assigner
References
URL Tags
https://kb.juniper.net/JSA10960 x_refsource_MISC
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 15.1X49 , < 15.1X49-D171, 15.1X49-D180 (custom)
Affected: 15.1X53 , < 15.1X53-D496, 15.1X53-D69 (custom)
Affected: 16.1 , < 16.1R7-S4 (custom)
Affected: 16.2 , < 16.2R2-S9 (custom)
Affected: 17.1 , < 17.1R3 (custom)
Affected: 17.2 , < 17.2R1-S8, 17.2R2-S7, 17.2R3-S1 (custom)
Affected: 17.3 , < 17.3R3-S4 (custom)
Affected: 17.4 , < 17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3 (custom)
Affected: 18.1 , < 18.1R2-S4, 18.1R3-S4 (custom)
Affected: 18.2 , < 18.2R1-S5, 18.2R2-S2, 18.2R3 (custom)
Affected: 18.3 , < 18.3R1-S3, 18.3R2 (custom)
Affected: 18.4 , < 18.4R1-S2, 18.4R2 (custom)
Create a notification for this product.
Date Public
2019-10-09 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:37:07.214Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10960"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "15.1X49-D171, 15.1X49-D180",
              "status": "affected",
              "version": "15.1X49",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1X53-D496, 15.1X53-D69",
              "status": "affected",
              "version": "15.1X53",
              "versionType": "custom"
            },
            {
              "lessThan": "16.1R7-S4",
              "status": "affected",
              "version": "16.1",
              "versionType": "custom"
            },
            {
              "lessThan": "16.2R2-S9",
              "status": "affected",
              "version": "16.2",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1R3",
              "status": "affected",
              "version": "17.1",
              "versionType": "custom"
            },
            {
              "lessThan": "17.2R1-S8, 17.2R2-S7, 17.2R3-S1",
              "status": "affected",
              "version": "17.2",
              "versionType": "custom"
            },
            {
              "lessThan": "17.3R3-S4",
              "status": "affected",
              "version": "17.3",
              "versionType": "custom"
            },
            {
              "lessThan": "17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3",
              "status": "affected",
              "version": "17.4",
              "versionType": "custom"
            },
            {
              "lessThan": "18.1R2-S4, 18.1R3-S4",
              "status": "affected",
              "version": "18.1",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2R1-S5, 18.2R2-S2, 18.2R3",
              "status": "affected",
              "version": "18.2",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R1-S3, 18.3R2",
              "status": "affected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R1-S2, 18.4R2",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-10-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the internal socket, a local, authenticated user may be able to exploit this vulnerability to gain administrative privileges. This issue only affects Linux-based platforms. FreeBSD-based platforms are unaffected by this vulnerability. Exploitation of this vulnerability requires Junos shell access. This issue cannot be exploited from the Junos CLI. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-657",
              "description": "CWE-657 Violation of Secure Design Principles",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-09T19:26:17.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.juniper.net/JSA10960"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 15.1X49-D171, 15.1X49-D180, 15.1X53-D496, 15.1X53-D69, 16.1R7-S4, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R2-S7, 17.2R3-S1, 17.3R3-S4, 17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3, 18.1R2-S4, 18.1R3-S4, 18.2R1-S5, 18.2R2-S2, 18.2R3, 18.3R1-S3, 18.3R2, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA10960",
        "defect": [
          "1406219"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Junos OS: Insecure management daemon (MGD) configuration may allow local privilege escalation",
      "workarounds": [
        {
          "lang": "en",
          "value": "Limit access to the Junos shell to only trusted administrators."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.8"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2019-10-09T16:00:00.000Z",
          "ID": "CVE-2019-0061",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: Insecure management daemon (MGD) configuration may allow local privilege escalation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "15.1X49",
                            "version_value": "15.1X49-D171, 15.1X49-D180"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "15.1X53",
                            "version_value": "15.1X53-D496, 15.1X53-D69"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.1",
                            "version_value": "16.1R7-S4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.2",
                            "version_value": "16.2R2-S9"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.1",
                            "version_value": "17.1R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.2",
                            "version_value": "17.2R1-S8, 17.2R2-S7, 17.2R3-S1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.3",
                            "version_value": "17.3R3-S4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.4",
                            "version_value": "17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R2-S4, 18.1R3-S4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.2",
                            "version_value": "18.2R1-S5, 18.2R2-S2, 18.2R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R1-S3, 18.3R2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R1-S2, 18.4R2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the internal socket, a local, authenticated user may be able to exploit this vulnerability to gain administrative privileges. This issue only affects Linux-based platforms. FreeBSD-based platforms are unaffected by this vulnerability. Exploitation of this vulnerability requires Junos shell access. This issue cannot be exploited from the Junos CLI. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.8"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-657 Violation of Secure Design Principles"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10960",
              "refsource": "MISC",
              "url": "https://kb.juniper.net/JSA10960"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 15.1X49-D171, 15.1X49-D180, 15.1X53-D496, 15.1X53-D69, 16.1R7-S4, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R2-S7, 17.2R3-S1, 17.3R3-S4, 17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3, 18.1R2-S4, 18.1R3-S4, 18.2R1-S5, 18.2R2-S2, 18.2R3, 18.3R1-S3, 18.3R2, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA10960",
          "defect": [
            "1406219"
          ],
          "discovery": "INTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Limit access to the Junos shell to only trusted administrators."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2019-0061",
    "datePublished": "2019-10-09T19:26:17.617Z",
    "dateReserved": "2018-10-11T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:13:39.961Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-6032 (GCVE-0-2017-6032)

Vulnerability from cvelistv5 – Published: 2017-06-30 02:35 – Updated: 2024-08-05 15:18
VLAI
Summary
A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a Schneider Electric Modicon Modbus Protocol Affected: Schneider Electric Modicon Modbus Protocol
Date Public
2017-06-29 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:18:49.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01"
          },
          {
            "name": "97562",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97562"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Schneider Electric Modicon Modbus Protocol",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Schneider Electric Modicon Modbus Protocol"
            }
          ]
        }
      ],
      "datePublic": "2017-06-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-657",
              "description": "CWE-657",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-30T09:57:01.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01"
        },
        {
          "name": "97562",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97562"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-6032",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Schneider Electric Modicon Modbus Protocol",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Schneider Electric Modicon Modbus Protocol"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-657"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01"
            },
            {
              "name": "97562",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97562"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2017-6032",
    "datePublished": "2017-06-30T02:35:00.000Z",
    "dateReserved": "2017-02-16T00:00:00.000Z",
    "dateUpdated": "2024-08-05T15:18:49.406Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-39G5-2Q66-34FM

Vulnerability from github – Published: 2026-03-05 18:31 – Updated: 2026-03-25 18:31
VLAI
Details

A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files src/hbbs_http/sync.Rs, hbb_common/src/config.Rs and program routines Strategy merge loop in sync.Rs, Config::set_options().

This issue affects RustDesk Client: through 1.4.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-30792"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345",
      "CWE-657"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-05T16:16:19Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files src/hbbs_http/sync.Rs, hbb_common/src/config.Rs and program routines Strategy merge loop in sync.Rs, Config::set_options().\n\nThis issue affects RustDesk Client: through 1.4.5.",
  "id": "GHSA-39g5-2q66-34fm",
  "modified": "2026-03-25T18:31:36Z",
  "published": "2026-03-05T18:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30792"
    },
    {
      "type": "WEB",
      "url": "https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub"
    },
    {
      "type": "WEB",
      "url": "https://rustdesk.com/docs/en/self-host/client-configuration/advanced-settings"
    },
    {
      "type": "WEB",
      "url": "https://www.vulsec.org"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-6655-7W5J-5H7J

Vulnerability from github – Published: 2022-09-17 00:00 – Updated: 2022-09-21 00:00
VLAI
Details

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30683"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-657"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-16T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM.",
  "id": "GHSA-6655-7w5j-5h7j",
  "modified": "2022-09-21T00:00:38Z",
  "published": "2022-09-17T00:00:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30683"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7GH6-F4JH-3CRQ

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2025-02-10 21:00
VLAI
Summary
Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats
Details

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2-p1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/project-community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-28583"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-657"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-11T19:48:36Z",
    "nvd_published_at": "2021-06-28T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources.",
  "id": "GHSA-7gh6-f4jh-3crq",
  "modified": "2025-02-10T21:00:54Z",
  "published": "2022-05-24T19:06:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28583"
    },
    {
      "type": "WEB",
      "url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/magento/magento2"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats"
}

GHSA-8XW8-MMQV-FRQQ

Vulnerability from github – Published: 2021-08-25 20:55 – Updated: 2021-08-18 21:41
VLAI
Summary
fake-static allows converting any reference into a `'static` reference
Details

fake-static allows converting a reference with any lifetime into a reference with 'static lifetime without the unsafe keyword.

Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "fake-static"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-657"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-18T21:41:18Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "fake-static allows converting a reference with any lifetime into\na reference with `\u0027static` lifetime without the `unsafe` keyword.\n\nInternally, this crate does not use unsafe code, it instead\nexploits a soundness bug in rustc\n\n\n",
  "id": "GHSA-8xw8-mmqv-frqq",
  "modified": "2021-08-18T21:41:18Z",
  "published": "2021-08-25T20:55:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rust-lang/rust/issues/25860"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/NieDzejkob/fake-static"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0013.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "fake-static allows converting any reference into a `\u0027static` reference"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.