Vulnerabilities > Always-Incorrect Control Flow Implementation

DATE CVE VULNERABILITY TITLE RISK
2021-08-05 CVE-2021-37605 Always-Incorrect Control Flow Implementation vulnerability in Microchip Miwi 6.5
In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.
network
low complexity
microchip CWE-670
7.5
2021-06-21 CVE-2021-0517 Always-Incorrect Control Flow Implementation vulnerability in Google Android 11.0
In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code.
network
low complexity
google CWE-670
7.5
2021-03-11 CVE-2020-36277 Always-Incorrect Control Flow Implementation vulnerability in multiple products
Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.
network
low complexity
leptonica fedoraproject debian CWE-670
7.5
2021-01-13 CVE-2021-1236 Always-Incorrect Control Flow Implementation vulnerability in multiple products
Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system.
network
low complexity
cisco snort CWE-670
5.3
2021-01-07 CVE-2021-3011 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9.
high complexity
yubico nxp ftsafe google CWE-670
4.2
2020-12-18 CVE-2020-35477 Always-Incorrect Control Flow Implementation vulnerability in multiple products
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations.
network
low complexity
mediawiki debian fedoraproject CWE-670
5.3
2020-10-08 CVE-2020-1914 Always-Incorrect Control Flow Implementation vulnerability in Facebook Hermes
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript.
network
low complexity
facebook CWE-670
critical
9.8
2020-10-08 CVE-2020-3596 Always-Incorrect Control Flow Implementation vulnerability in Cisco products
A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-670
7.5
2020-09-23 CVE-2020-25603 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen fedoraproject opensuse debian CWE-670
7.8
2020-09-23 CVE-2020-25598 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An issue was discovered in Xen 4.14.x.
local
low complexity
xen fedoraproject opensuse CWE-670
5.5