CWE-358
Improperly Implemented Security Check for Standard
BaseDraft
Description
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
Hierarchy (View 1000)
CVEs mapped to this weakness (22)
page 1 of 2| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-10229 | Cri | 0.64 | 9.8 | 0.01 | Apr 4, 2017 | udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. | |
| CVE-2025-66600 | Hig | 0.57 | — | 0.00 | Feb 9, 2026 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS (HTTP Strict Transport Security) configuration. When an attacker performs a Man in the middle (MITM) attack, communications with the web server could be sniffed. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 | |
| CVE-2024-27842 | Hig | 0.51 | 7.8 | 0.00 | May 14, 2024 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges. | |
| CVE-2026-1486 | Hig | 0.50 | 8.8 | 0.00 | Feb 9, 2026 | A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider (IdP) is enabled before issuing tokens. The issuer lookup mechanism (lookupIdentityProviderFromIssuer) retrieves the IdP configuration but does not filter for isEnabled=false. If an administrator disables an IdP (e.g., due to a compromise or offboarding), an entity possessing that IdP's signing key can still generate valid JWT assertions that Keycloak accepts, resulting in the issuance of valid access tokens. | |
| CVE-2026-2645 | Hig | 0.49 | 7.5 | 0.00 | Mar 19, 2026 | In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake. | |
| CVE-2017-7177 | Hig | 0.49 | 7.5 | 0.00 | Mar 18, 2017 | Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. | |
| CVE-2016-3017 | Hig | 0.49 | 7.5 | 0.00 | Feb 1, 2017 | IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. | |
| CVE-2025-32086 | Hig | 0.47 | 7.2 | 0.00 | Aug 12, 2025 | Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. | |
| CVE-2024-2617 | Hig | 0.47 | 7.2 | 0.00 | Apr 30, 2024 | A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned firmware. | |
| CVE-2024-23592 | Med | 0.41 | 6.3 | 0.00 | Apr 5, 2024 | An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication. | |
| CVE-2026-22618 | Med | 0.38 | 5.9 | 0.00 | Apr 16, 2026 | A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre. | |
| CVE-2026-28914 | Med | 0.36 | 5.5 | 0.00 | May 11, 2026 | A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks. | |
| CVE-2025-31970 | Med | 0.34 | 5.3 | 0.00 | May 6, 2026 | HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS) | |
| CVE-2017-12303 | Med | 0.34 | 5.3 | 0.00 | Nov 16, 2017 | A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or archived file types. The vulnerability is due to incorrect and different file hash values when AMP scans the file. An attacker could exploit this vulnerability by sending a crafted email file attachment through the targeted device. An exploit could allow the attacker to bypass a configured AMP file filter. Cisco Bug IDs: CSCvf52943. | |
| CVE-2017-6032 | Med | 0.34 | 5.3 | 0.00 | Jun 30, 2017 | A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks. | |
| CVE-2014-4843 | Med | 0.34 | 5.3 | 0.00 | Jun 8, 2017 | Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL. | |
| CVE-2017-8152 | Med | 0.30 | 4.6 | 0.00 | Nov 22, 2017 | Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory settings. | |
| CVE-2026-5894 | Med | 0.28 | 4.3 | 0.00 | Apr 8, 2026 | Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2025-31983 | Low | 0.24 | 3.7 | 0.00 | May 6, 2026 | HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information. | |
| CVE-2026-35679 | Low | 0.23 | 3.5 | 0.00 | Apr 5, 2026 | Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometimes not verifying Sprout proofs. |