CWE-358
AllowedImproperly Implemented Security Check for Standard
Abstraction: Base · Status: Draft
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
197 vulnerabilities reference this CWE, most recent first.
GHSA-W92Q-Q263-3P4V
Vulnerability from github – Published: 2026-04-09 00:32 – Updated: 2026-04-14 15:30Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2026-5894"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-08T22:16:29Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)",
"id": "GHSA-w92q-q263-3p4v",
"modified": "2026-04-14T15:30:29Z",
"published": "2026-04-09T00:32:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5894"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/481882038"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WMQW-XG54-CH38
Vulnerability from github – Published: 2023-10-25 21:30 – Updated: 2023-11-02 15:30The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock.
{
"affected": [],
"aliases": [
"CVE-2023-40445"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-25T19:15:09Z",
"severity": "HIGH"
},
"details": "The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock.",
"id": "GHSA-wmqw-xg54-ch38",
"modified": "2023-11-02T15:30:23Z",
"published": "2023-10-25T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40445"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213982"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213982"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/19"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WWG7-35H6-45WQ
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-06 12:30HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)
{
"affected": [],
"aliases": [
"CVE-2025-31970"
],
"database_specific": {
"cwe_ids": [
"CWE-358",
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T11:16:03Z",
"severity": "MODERATE"
},
"details": "HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)",
"id": "GHSA-wwg7-35h6-45wq",
"modified": "2026-05-06T12:30:28Z",
"published": "2026-05-06T12:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31970"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0130569"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X38Q-HVMX-RWHG
Vulnerability from github – Published: 2024-08-21 21:30 – Updated: 2025-10-22 00:33Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-7965"
],
"database_specific": {
"cwe_ids": [
"CWE-358",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-21T21:15:08Z",
"severity": "HIGH"
},
"details": "Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-x38q-hvmx-rwhg",
"modified": "2025-10-22T00:33:05Z",
"published": "2024-08-21T21:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7965"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/356196918"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7965"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XHMH-CQ7J-QHJR
Vulnerability from github – Published: 2025-04-02 03:31 – Updated: 2025-04-03 15:31Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2025-3069"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-02T01:15:38Z",
"severity": "HIGH"
},
"details": "Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-xhmh-cq7j-qhjr",
"modified": "2025-04-03T15:31:12Z",
"published": "2025-04-02T03:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3069"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/40060076"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XQVC-9MC9-4FGX
Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2025-11-04 21:30A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
{
"affected": [],
"aliases": [
"CVE-2020-25684"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-20T16:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query\u0027s attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.",
"id": "GHSA-xqvc-9mc9-4fgx",
"modified": "2025-11-04T21:30:24Z",
"published": "2022-05-24T17:39:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25684"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889686"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202101-17"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4844"
},
{
"type": "WEB",
"url": "https://www.jsof-tech.com/disclosures/dnspooq"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/434904"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XWXW-C548-RMPJ
Vulnerability from github – Published: 2026-05-11 21:31 – Updated: 2026-05-13 18:30A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.
{
"affected": [],
"aliases": [
"CVE-2026-28914"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-11T21:18:53Z",
"severity": "MODERATE"
},
"details": "A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.",
"id": "GHSA-xwxw-c548-rmpj",
"modified": "2026-05-13T18:30:40Z",
"published": "2026-05-11T21:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28914"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127115"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.