CWE-691 - Insufficient Control Flow Management

Home/CWEs/CWE info/

CWE-691

Abstraction:
Pillar

Structure:
Simple

Status:
Draft

Weakness Name: Insufficient Control Flow Management

Description: The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.

Common Consequences: Scope: Other
Impact: Alter Execution Logic

Release Date:
2008-04-11

Latest Modification Date:
2024-02-29

Latest Security News

5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

CWE top 25 most dangerous software weaknesses

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

Top Alert List

InformationalModern Web Application

MediumDirectory Browsing

MediumAbsence of Anti-CSRF Tokens

Content Security Policy (CSP) Header Not Set

CSP

LowCross-Domain JavaScript Source File Inclusion

LowStrict-Transport-Security Multiple Header Entries (Non-compliant with Spec)

Top CVE List

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2019-15949 Nagios XI Remote Code Execution Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

Top CWE List

CWE-1245 Improper Finite State Machines (FSMs) in Hardware Logic

HighCWE-805 Buffer Access with Incorrect Length Value

CWE-1072 Data Resource Access without Use of Connection Pooling

CWE-1091 Use of Object without Invoking Destructor Method

CWE-1174 ASP.NET Misconfiguration: Improper Model Validation

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1191 On-Chip Debug and Test Interface With Improper Access Control

MediumCWE-190 Integer Overflow or Wraparound

LowCWE-262 Not Using Password Aging

CWE-36 Absolute Path Traversal

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-691 - Insufficient Control Flow Management

The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.