Vulnerabilities > Always-Incorrect Control Flow Implementation

DATE CVE VULNERABILITY TITLE RISK
2020-08-11 CVE-2020-17466 Always-Incorrect Control Flow Implementation vulnerability in Turcom Trcwifizone 20200810
Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by visiting manage/control.php and ignoring 302 Redirect responses.
network
low complexity
turcom CWE-670
critical
9.8
2020-05-20 CVE-2020-5753 Always-Incorrect Control Flow Implementation vulnerability in Signal
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.
network
low complexity
signal CWE-670
5.3
2020-04-01 CVE-2020-3885 Always-Incorrect Control Flow Implementation vulnerability in Apple products
A logic issue was addressed with improved restrictions.
network
low complexity
apple CWE-670
4.3
2020-03-20 CVE-2020-9425 Always-Incorrect Control Flow Implementation vulnerability in Rconfig
An issue was discovered in includes/head.inc.php in rConfig before 3.9.4.
network
low complexity
rconfig CWE-670
7.5
2020-03-20 CVE-2019-19324 Always-Incorrect Control Flow Implementation vulnerability in Xmidt Cjwt 1.0.1
Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance.
network
low complexity
xmidt CWE-670
7.5
2020-01-27 CVE-2019-20430 Always-Incorrect Control Flow Implementation vulnerability in Lustre
In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client.
network
low complexity
lustre CWE-670
7.5
2020-01-09 CVE-2014-2686 Always-Incorrect Control Flow Implementation vulnerability in Redhat Ansible
Ansible prior to 1.5.4 mishandles the evaluation of some strings.
network
low complexity
redhat CWE-670
7.5
2019-12-11 CVE-2019-19729 Always-Incorrect Control Flow Implementation vulnerability in Bson-Objectid Project Bson-Objectid 1.3.0
An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js.
network
low complexity
bson-objectid-project CWE-670
7.5
2019-10-05 CVE-2019-17192 Always-Incorrect Control Flow Implementation vulnerability in Signal Private Messenger
The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets.
network
low complexity
signal CWE-670
critical
9.8
2019-04-22 CVE-2019-11412 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An issue was discovered in Artifex MuJS 1.0.5.
network
low complexity
artifex fedoraproject CWE-670
7.5