70 vulnerabilities classified as CWE-358 (不恰当实现的标准安全检查). AI Chinese analysis included.
CWE-358 represents a critical implementation flaw where developers fail to correctly execute security checks mandated by established standards, protocols, or algorithms. This weakness typically arises when engineers misunderstand complex specifications or attempt to optimize performance by skipping mandatory validation steps, resulting in a system that appears compliant but lacks actual security. Attackers exploit this gap by crafting inputs that bypass the incomplete checks, effectively neutralizing intended protections such as authentication mechanisms or data integrity verifications. To prevent CWE-358, developers must rigorously adhere to standardized guidelines, utilizing automated testing tools that verify compliance with specific protocol requirements. Comprehensive code reviews focusing on security-critical paths and staying updated with the latest standard revisions ensure that all mandated checks are implemented accurately, thereby closing the vulnerability window before deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2018-7685 | libzypp does not reevaluate malicious rpms once downloaded — libzypp | 9.8 | - | 2018-08-31 |
| CVE-2016-8635 | Mozilla Network Security Services 信息泄露漏洞 — nss | 5.9 | - | 2018-08-01 |
| CVE-2016-8614 | Ansible 安全漏洞 — Ansible | 5.9 | - | 2018-07-31 |
| CVE-2018-0268 | Cisco Digital Network Architecture Center 安全漏洞 — Cisco Digital Network Architecture Center | 10.0 | - | 2018-05-17 |
| CVE-2017-2604 | CloudBees Jenkins 权限许可和访问控制漏洞 — jenkins | 6.5 | - | 2018-05-15 |
| CVE-2017-2612 | CloudBees Jenkins 安全漏洞 — jenkins | 5.4 | - | 2018-05-15 |
| CVE-2017-2611 | CloudBees Jenkins 安全漏洞 — jenkins | 4.3 | - | 2018-05-08 |
| CVE-2017-15107 | Dnsmasq 安全漏洞 — dnsmasq | - | - | 2018-01-23 |
| CVE-2017-15105 | Unbound 安全漏洞 — unbound | 5.3 | - | 2018-01-23 |
| CVE-2017-12303 | Cisco Web Security Appliance Cisco AsyncOS Software 安全漏洞 — Cisco Web Security Appliance | 5.3 | - | 2017-11-16 |
Vulnerabilities classified as CWE-358 (不恰当实现的标准安全检查) represent 70 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.