Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-670 (控制流实现总是不正确) — Vulnerability Class 69

69 vulnerabilities classified as CWE-670 (控制流实现总是不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-25622 H2O ignores headers configuration directives — h2o 3.1 Low2024-10-11
CVE-2024-47168 The `enable_monitoring` flag set to `False` does not disable monitoring in Gradio — gradio 7.5AIHighAI2024-10-10
CVE-2024-47763 Wasmtime runtime crash when combining tail calls with trapping imports — wasmtime 5.5 Medium2024-10-09
CVE-2024-45807 oghttp2 crash on OnBeginHeadersForStream in envoy — envoy 7.5 High2024-09-19
CVE-2024-45298 Disabled user can bypass lockout by requesting password reset in wiki.js — wiki 4.3 Medium2024-09-18
CVE-2024-45311 Denial of service in quinn-proto when using `Endpoint::retry()` — quinn 7.5 High2024-09-02
CVE-2024-45304 OwnableTwoStep allows a pending owner to accept ownership after the original owner has renounced ownership in cairo-contracts — cairo-contracts 5.3 Medium2024-08-30
CVE-2024-5659 Rockwell Automation Multicast Request Causes major nonrecoverable fault on Select Controllers — ControlLogix® 5580 6.5AIMediumAI2024-06-14
CVE-2024-37153 Evmos's contract balance not updating correctly after interchain transaction — evmos 7.5 High2024-06-06
CVE-2024-35195 Requests `Session` object does not verify requests after making first request with verify=False — requests 5.6 Medium2024-05-20
CVE-2024-32971 Defect in query plan cache may cause incorrect operations to be executed in Apollo Router — router 9.1 Critical2024-05-02
CVE-2024-0313 Skyhigh Client Proxy 安全漏洞 — Skyhigh Client Proxy 5.5 Medium2024-03-14
CVE-2023-49798 Duplicated execution of subcalls in OpenZeppelin Contracts — openzeppelin-contracts 5.9 Medium2023-12-08
CVE-2023-41338 Vulnerability in Ctx.IsFromLocal() in gofiber — fiber 5.3 Medium2023-09-08
CVE-2023-23623 Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled in Electron — electron 7.5 High2023-09-06
CVE-2023-41058 Trigger `beforeFind` not invoked in internal query pipeline in parse-server — parse-server 7.5 High2023-09-04
CVE-2023-40015 Vyper: reversed order of side effects for some operations — vyper 3.7 Low2023-09-04
CVE-2023-41052 Vyper: incorrect order of evaluation of side effects for some builtins — vyper 3.7 Low2023-09-04
CVE-2023-32675 Nonpayable default functions are sometimes payable in vyper — vyper 3.7 Low2023-05-19
CVE-2023-30629 Vyper's raw_call with outsize=0 and revert_on_failure=False returns incorrect success value — vyper 7.5 High2023-04-24
CVE-2021-43819 Stargate-Bukkit improperly handles vehicles causing data duplication. — Stargate-Bukkit 7.5 High2023-04-19
CVE-2023-1668 Open vSwitch 安全漏洞 — openvswitch 8.2 -2023-04-10
CVE-2022-25745 Always Incorrect Control Flow Implementation in MODEM — Snapdragon 9.8 Critical2023-04-04
CVE-2023-0400 Trellix Data Loss Prevention 代码问题漏洞 — Data Loss Prevention (DLP) 5.9 Medium2023-02-01
CVE-2022-41884 Seg fault in `ndarray_tensor_bridge` due to zero and large inputs in Tensorflow — tensorflow 4.8 Medium2022-11-18
CVE-2022-39354 evm has incorrect is_static parameter for custom stateful precompiles — evm 5.9 Medium2022-10-25
CVE-2022-35917 Weakness in Transfer Validation Logic in @solana/pay — solana-pay 5.3 Medium2022-08-01
CVE-2022-31111 Discrepency in transfer value and actual value due to incorrect truncation in Frontier — frontier 5.3 Medium2022-07-06
CVE-2022-31116 Incorrect handling of invalid surrogate pair characters in ujson — ultrajson 7.5 High2022-07-05
CVE-2022-29255 Multiple evaluation of contract address in call in vyper — vyper 8.2 High2022-06-06

Vulnerabilities classified as CWE-670 (控制流实现总是不正确) represent 69 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.