CWE-657
Violation of Secure Design Principles
Description
The product violates well-established principles for secure design.
Hierarchy (View 1000)
CVEs mapped to this weakness (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39888 | Cri | 0.64 | 9.9 | 0.01 | Apr 8, 2026 | PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in a subprocess wrapped with a restricted __builtins__ dict and an AST-based blocklist. The AST blocklist… | ||
| CVE-2024-33849 | Med | 0.42 | 6.5 | 0.00 | May 28, 2024 | ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key. | ||
| CVE-2017-6032 | Med | 0.35 | 5.3 | 0.02 | Jun 30, 2017 | A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks. | ||
| CVE-2020-36467 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object. | ||
| CVE-2020-36468 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::write performs non-atomic write operations on an underlying pointer. | ||
| CVE-2021-28583 | 0.00 | — | 0.02 | Jun 28, 2021 | Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted… | |||
| CVE-2021-26956 | — | 0.00 | — | 0.02 | Feb 9, 2021 | An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value. | ||
| CVE-2021-26307 | — | 0.00 | — | 0.00 | Jan 29, 2021 | An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash. |
- risk 0.64cvss 9.9epss 0.01
PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in a subprocess wrapped with a restricted __builtins__ dict and an AST-based blocklist. The AST blocklist…
- risk 0.42cvss 6.5epss 0.00
ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key.
- risk 0.35cvss 5.3epss 0.02
A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks.
- CVE-2020-36467Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object.
- CVE-2020-36468Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::write performs non-atomic write operations on an underlying pointer.
- CVE-2021-28583Jun 28, 2021risk 0.00cvss —epss 0.02
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted…
- CVE-2021-26956Feb 9, 2021risk 0.00cvss —epss 0.02
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value.
- CVE-2021-26307Jan 29, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash.