CWE-670
Always-Incorrect Control Flow Implementation
Description
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.
Hierarchy (View 1000)
CVEs mapped to this weakness (68)
page 4 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-29255 | 0.00 | — | 0.01 | Jun 6, 2022 | Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for… | |||
| CVE-2021-43839 | 0.00 | — | 0.01 | Dec 21, 2021 | Cronos is a commercial implementation of a blockchain. In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. This problem has been patched in Cronos… | |||
| CVE-2021-41153 | — | 0.00 | — | 0.01 | Oct 18, 2021 | The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination… | ||
| CVE-2021-32684 | 0.00 | — | 0.01 | Jun 14, 2021 | magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the… | |||
| CVE-2020-28052 | — | 0.00 | — | 0.07 | Dec 18, 2020 | An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were… | ||
| CVE-2020-1914 | — | 0.00 | — | 0.02 | Oct 8, 2020 | A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is… | ||
| CVE-2014-2686 | — | 0.00 | — | 0.01 | Jan 9, 2020 | Ansible prior to 1.5.4 mishandles the evaluation of some strings. | ||
| CVE-2019-19729 | — | 0.00 | — | 0.01 | Dec 11, 2019 | An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects… |
- CVE-2022-29255Jun 6, 2022risk 0.00cvss —epss 0.01
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for…
- CVE-2021-43839Dec 21, 2021risk 0.00cvss —epss 0.01
Cronos is a commercial implementation of a blockchain. In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. This problem has been patched in Cronos…
- CVE-2021-41153Oct 18, 2021risk 0.00cvss —epss 0.01
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination…
- CVE-2021-32684Jun 14, 2021risk 0.00cvss —epss 0.01
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the…
- CVE-2020-28052Dec 18, 2020risk 0.00cvss —epss 0.07
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were…
- CVE-2020-1914Oct 8, 2020risk 0.00cvss —epss 0.02
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is…
- CVE-2014-2686Jan 9, 2020risk 0.00cvss —epss 0.01
Ansible prior to 1.5.4 mishandles the evaluation of some strings.
- CVE-2019-19729Dec 11, 2019risk 0.00cvss —epss 0.01
An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects…