CWE-691 - Insufficient Control Flow Management

Home/CWEs/CWE info/

CWE-691

Abstraction:
Pillar

Structure:
Simple

Status:
Draft

Weakness Name: Insufficient Control Flow Management

Description: The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.

Common Consequences: Scope: Other
Impact: Alter Execution Logic

Release Date:
2008-04-11

Latest Modification Date:
2024-02-29

Latest Security News

North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS

A Hacker's Guide to Password Cracking

5 Most Common Malware Techniques in 2024

SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims

China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418)

Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers

Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems

Common Alerts

HighPath Traversal

MediumBypassing 403

HighServer Side Code Injection - PHP Code Injection

HighGeneric Padding Oracle

MediumExponential Entity Expansion (Billion Laughs Attack)

InformationalInformation Disclosure - Information in Browser sessionStorage

MediumSource Code Disclosure - PHP

MediumMultiple X-Frame-Options Header Entries

LowTimestamp Disclosure - Unix

LowInsufficient Site Isolation Against Spectre Vulnerability

Top CVE List

CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability

CVE-2022-3075 Google Chromium Mojo Insufficient Data Validation Vulnerability

CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability

CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability

CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

CVE-2020-3452 Cisco ASA and FTD Read-Only Path Traversal Vulnerability

CVE-2020-3837 Apple Multiple Products Memory Corruption Vulnerability

CVE-2021-34486 Microsoft Windows Event Tracing Privilege Escalation Vulnerability

CVE-2022-22948 VMware vCenter Server Incorrect Default File Permissions Vulnerability

Common CWEs

CWE-185 Incorrect Regular Expression

CWE-1251 Mirrored Regions with Different Values

MediumCWE-190 Integer Overflow or Wraparound

CWE-842 Placement of User into Incorrect Group

CWE-1291 Public Key Re-Use for Signing both Debug and Production Code

CWE-535 Exposure of Information Through Shell Error Message

CWE-24 Path Traversal: '../filedir'

CWE-15 External Control of System or Configuration Setting

CWE-104 Struts: Form Bean Does Not Extend Validation Class

CWE-1224 Improper Restriction of Write-Once Bit Fields

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-691 - Insufficient Control Flow Management

The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.