CWE-670
Allowed-with-ReviewAlways-Incorrect Control Flow Implementation
Abstraction: Class · Status: Draft
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.
203 vulnerabilities reference this CWE, most recent first.
GHSA-5H62-2V5Q-2MPG
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.
{
"affected": [],
"aliases": [
"CVE-2020-36277"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-11T21:15:00Z",
"severity": "HIGH"
},
"details": "Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.",
"id": "GHSA-5h62-2v5q-2mpg",
"modified": "2022-05-24T17:44:15Z",
"published": "2022-05-24T17:44:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36277"
},
{
"type": "WEB",
"url": "https://github.com/DanBloomberg/leptonica/pull/499"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21997"
},
{
"type": "WEB",
"url": "https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-53"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5MMW-P5QV-W3X5
Vulnerability from github – Published: 2023-12-12 00:30 – Updated: 2023-12-14 22:03When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mojocn/base64Captcha"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-45292"
],
"database_specific": {
"cwe_ids": [
"CWE-345",
"CWE-670"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-12T18:09:52Z",
"nvd_published_at": "2023-12-11T22:15:06Z",
"severity": "MODERATE"
},
"details": "When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct.",
"id": "GHSA-5mmw-p5qv-w3x5",
"modified": "2023-12-14T22:03:11Z",
"published": "2023-12-12T00:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45292"
},
{
"type": "WEB",
"url": "https://github.com/mojocn/base64Captcha/issues/120"
},
{
"type": "WEB",
"url": "https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7"
},
{
"type": "WEB",
"url": "https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13"
},
{
"type": "PACKAGE",
"url": "https://github.com/mojocn/base64Captcha"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2023-2386"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Always incorrect control flow in github.com/mojocn/base64Captcha"
}
GHSA-5PMQ-JGG5-3J6Q
Vulnerability from github – Published: 2026-04-12 21:30 – Updated: 2026-04-12 21:30Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_linger. A malicious client could send an HTTP/1 request, wait long enough until the session releases its worker thread (timeout_linger) and resume traffic before the session is closed (timeout_idle) sending more than one request at once to trigger a pipelining operation between requests. This vulnerability affecting Varnish Cache 9.0.0 emerged from a port of the Varnish Enterprise non-blocking architecture for HTTP/2. New code was needed to adapt to a more recent workspace API that formalizes the pipelining operation. In addition to the workspace change on the Varnish Cache side, other differences created merge conflicts, like partial support for trailers in Varnish Enterprise. The conflict resolution missed one code path configuring pipelining to perform a complete workspace rollback, losing the guarantee that prefetched data would fit inside workspace_client during the transition from one request to the next. This can result in a workspace overflow, triggering a panic and crashing the Varnish server.
{
"affected": [],
"aliases": [
"CVE-2026-40396"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-12T20:16:19Z",
"severity": "MODERATE"
},
"details": "Varnish Cache 9 before 9.0.1 allows a \"workspace overflow\" denial of service (daemon panic) after timeout_linger. A malicious client could send an HTTP/1 request, wait long enough until the session releases its worker thread (timeout_linger) and resume traffic before the session is closed (timeout_idle) sending more than one request at once to trigger a pipelining operation between requests. This vulnerability affecting Varnish Cache 9.0.0 emerged from a port of the Varnish Enterprise non-blocking architecture for HTTP/2. New code was needed to adapt to a more recent workspace API that formalizes the pipelining operation. In addition to the workspace change on the Varnish Cache side, other differences created merge conflicts, like partial support for trailers in Varnish Enterprise. The conflict resolution missed one code path configuring pipelining to perform a complete workspace rollback, losing the guarantee that prefetched data would fit inside workspace_client during the transition from one request to the next. This can result in a workspace overflow, triggering a panic and crashing the Varnish server.",
"id": "GHSA-5pmq-jgg5-3j6q",
"modified": "2026-04-12T21:30:19Z",
"published": "2026-04-12T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40396"
},
{
"type": "WEB",
"url": "https://github.com/varnish/varnish/issues/15"
},
{
"type": "WEB",
"url": "https://github.com/varnish/varnish/releases/tag/varnish-9.0.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-699G-Q6QH-Q4V8
Vulnerability from github – Published: 2023-12-12 00:49 – Updated: 2023-12-12 00:49Context
Merge conflict resolution issue when porting the v5.0.1 Multicall update to the v4.9 branch caused a duplicated line.
Impact
Versions using Multicall from @openzeppelin/contracts@4.9.4 and @openzeppelin/contracts-upgradeable@4.9.4 will execute each subcall twice. Concretely, this exposes a user to unintentionally duplicate operations like asset transfers.
Patches
The duplicated delegatecall was removed in 4.9.5. The 4.9.4 version is marked as deprecated.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@openzeppelin/contracts"
},
"ranges": [
{
"events": [
{
"introduced": "4.9.4"
},
{
"fixed": "4.9.5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.9.4"
]
},
{
"package": {
"ecosystem": "npm",
"name": "@openzeppelin/contracts-upgradeable"
},
"ranges": [
{
"events": [
{
"introduced": "4.9.4"
},
{
"fixed": "4.9.5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.9.4"
]
}
],
"aliases": [
"CVE-2023-49798"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-12T00:49:25Z",
"nvd_published_at": "2023-12-09T00:15:06Z",
"severity": "MODERATE"
},
"details": "\n### Context\nMerge conflict resolution issue when porting the v5.0.1 `Multicall` update to the v4.9 branch caused a duplicated line.\n\n### Impact\nVersions using `Multicall` from `@openzeppelin/contracts@4.9.4` and `@openzeppelin/contracts-upgradeable@4.9.4` will execute each subcall twice. Concretely, this exposes a user to unintentionally duplicate operations like asset transfers.\n\n### Patches\nThe duplicated `delegatecall` was removed in 4.9.5. The 4.9.4 version is marked as deprecated.",
"id": "GHSA-699g-q6qh-q4v8",
"modified": "2023-12-12T00:49:25Z",
"published": "2023-12-12T00:49:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-699g-q6qh-q4v8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49798"
},
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/31f9fb9d171f60b2271b2b9c6f62d43302bf9489"
},
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/88ac712e06832bce73b41e8166cded2729e25205"
},
{
"type": "PACKAGE",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4"
}
GHSA-6CMC-3J92-722G
Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition ('Infinite Loop'). To break this loop once it begins one side of the affected LT interfaces will need to be disabled. Once disabled, the condition will clear and the disabled LT interface can be reenabled. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only affects LT-LT interfaces. Any other interfaces are not affected by this issue. This issue affects the following cards: MPCE Type 3 3D MPC4E 3D 32XGE MPC4E 3D 2CGE+8XGE EX9200 32x10G SFP EX9200-2C-8XS FPC Type 5-3D FPC Type 5-LSR EX9200 4x40G QSFP An Indicator of Compromise (IoC) can be seen by examining the traffic of the LT-LT interfaces for excessive traffic using the following command: monitor interface traffic Before loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3759900268942 (1456 bps) [0] <---------- LT interface utilization is low Output bytes: 3759900344309 (1456 bps) [0] <---------- LT interface utilization is low After loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3765160313129 (2158268368 bps) [5260044187] <---------- LT interface utilization is very high Output bytes: 3765160399522 (2158266440 bps) [5260055213] <---------- LT interface utilization is very high This issue affects: Juniper Networks Junos OS on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960. Versions 15.1F6, 16.1R1, and later versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. This issue does not affect the MX10001. This issue does not affect Juniper Networks Junos OS versions prior to 15.1F6, 16.1R1. Juniper Networks Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 19.4 versions prior to 19.4R2-EVO. This issue does not affect the MX10001.
{
"affected": [],
"aliases": [
"CVE-2021-0273"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-22T20:15:00Z",
"severity": "MODERATE"
},
"details": "An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition (\u0027Infinite Loop\u0027). To break this loop once it begins one side of the affected LT interfaces will need to be disabled. Once disabled, the condition will clear and the disabled LT interface can be reenabled. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only affects LT-LT interfaces. Any other interfaces are not affected by this issue. This issue affects the following cards: MPCE Type 3 3D MPC4E 3D 32XGE MPC4E 3D 2CGE+8XGE EX9200 32x10G SFP EX9200-2C-8XS FPC Type 5-3D FPC Type 5-LSR EX9200 4x40G QSFP An Indicator of Compromise (IoC) can be seen by examining the traffic of the LT-LT interfaces for excessive traffic using the following command: monitor interface traffic Before loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3759900268942 (1456 bps) [0] \u003c---------- LT interface utilization is low Output bytes: 3759900344309 (1456 bps) [0] \u003c---------- LT interface utilization is low After loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3765160313129 (2158268368 bps) [5260044187] \u003c---------- LT interface utilization is very high Output bytes: 3765160399522 (2158266440 bps) [5260055213] \u003c---------- LT interface utilization is very high This issue affects: Juniper Networks Junos OS on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960. Versions 15.1F6, 16.1R1, and later versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. This issue does not affect the MX10001. This issue does not affect Juniper Networks Junos OS versions prior to 15.1F6, 16.1R1. Juniper Networks Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 19.4 versions prior to 19.4R2-EVO. This issue does not affect the MX10001.",
"id": "GHSA-6cmc-3j92-722g",
"modified": "2022-05-24T17:48:16Z",
"published": "2022-05-24T17:48:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0273"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA11164"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6G96-G4M6-HW69
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0.
{
"affected": [],
"aliases": [
"CVE-2019-9946"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-02T18:30:00Z",
"severity": "HIGH"
},
"details": "Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI \u0027portmap\u0027 plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0.",
"id": "GHSA-6g96-g4m6-hw69",
"modified": "2022-05-13T01:23:07Z",
"published": "2022-05-13T01:23:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9946"
},
{
"type": "WEB",
"url": "https://github.com/containernetworking/plugins/pull/269#issuecomment-477683272"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2019:0862"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCN66VYB3XS76SYH567SO7N3I254JOCT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGOOWAELGH3F7OXRBPH3HCNZELNLXYTW"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190416-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6V58-5584-RV99
Vulnerability from github – Published: 2026-04-16 03:31 – Updated: 2026-04-16 03:31Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it.
{
"affected": [],
"aliases": [
"CVE-2026-40960"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-16T01:16:11Z",
"severity": "HIGH"
},
"details": "Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it.",
"id": "GHSA-6v58-5584-rv99",
"modified": "2026-04-16T03:31:06Z",
"published": "2026-04-16T03:31:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/luanti-org/luanti/security/advisories/GHSA-22c4-238c-m5j4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40960"
},
{
"type": "WEB",
"url": "https://github.com/luanti-org/luanti/commit/0faf529bc4b89e70a275ed1162047815118f2413"
},
{
"type": "WEB",
"url": "https://github.com/luanti-org/luanti/commit/827fd4cf7f989482b2dad381fa4afd642ea73e8c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6VVR-9X9V-68J4
Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-12-02 21:30An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. This causes subsequent administration operations, (e.g., CPU offline) to livelock, resulting in a host Denial of Service. The buggy codepath has been present since Xen 4.12. Xen 4.14 and later are vulnerable to the DoS. The side effects are believed to be benign on Xen 4.12 and 4.13, but patches are provided nevertheless. The vulnerability can generally only be exploited by x86 HVM VMs, as these are generally the only type of VM that have a Qemu stubdomain. x86 PV and PVH domains, as well as ARM VMs, typically don't use a stubdomain. Only VMs using HVM stubdomains can exploit the vulnerability. VMs using PV stubdomains, or with emulators running in dom0, cannot exploit the vulnerability.
{
"affected": [],
"aliases": [
"CVE-2020-25598"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-23T22:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. This causes subsequent administration operations, (e.g., CPU offline) to livelock, resulting in a host Denial of Service. The buggy codepath has been present since Xen 4.12. Xen 4.14 and later are vulnerable to the DoS. The side effects are believed to be benign on Xen 4.12 and 4.13, but patches are provided nevertheless. The vulnerability can generally only be exploited by x86 HVM VMs, as these are generally the only type of VM that have a Qemu stubdomain. x86 PV and PVH domains, as well as ARM VMs, typically don\u0027t use a stubdomain. Only VMs using HVM stubdomains can exploit the vulnerability. VMs using PV stubdomains, or with emulators running in dom0, cannot exploit the vulnerability.",
"id": "GHSA-6vvr-9x9v-68j4",
"modified": "2022-12-02T21:30:42Z",
"published": "2022-05-24T17:29:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25598"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DA633Y3G5KX7MKRN4PFEGM3IVTJMBEOM"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJZERRBJN6E6STDCHT4JHP4MI6TKBCJE"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202011-06"
},
{
"type": "WEB",
"url": "https://xenbits.xen.org/xsa/advisory-334.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6XCH-2VXX-5PVR
Vulnerability from github – Published: 2024-05-15 21:16 – Updated: 2024-05-15 21:16The recommended Apache/Nginx virtual host configuration for eZ Platform includes a rewrite rule for blocking access to executable files in the var directory. This rule does not work when using eZ Platform Cloud (i.e. running eZ Platform on the Platform.sh cloud service).
The consequence of this is that in such a setup, those executable files may be downloadable. They will not be executable, unless you have specifically configured platform.sh to allow that (which you really should not do). The severity of the download access is limited, but it's better if the platform.sh cloud setup works the same way as regular eZ Platform does. All platform.sh setups are affected.
The fix adds a rule to the .platform.app.yaml configuration file, with the same effect as the rewrite rule already mentioned. After applying the fix, any attempt to access such files will fail with Access Denied. This security update is distributed via Composer as ezsystems/ezplatform 1.7.9.1, and 1.13.5.1, and 2.5.4. This is the commit: https://github.com/ezsystems/ezplatform/commit/773dddc0d8fe4fda34d2153a401eeaa6cc30b1ff
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "ezsystems/ezplatform"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "ezsystems/ezplatform"
},
"ranges": [
{
"events": [
{
"introduced": "1.13.0"
},
{
"fixed": "1.13.5.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "ezsystems/ezplatform"
},
"ranges": [
{
"events": [
{
"introduced": "1.7.0"
},
{
"fixed": "1.7.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-15T21:16:02Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "The recommended Apache/Nginx virtual host configuration for eZ Platform includes a rewrite rule for blocking access to executable files in the var directory. This rule does not work when using eZ Platform Cloud (i.e. running eZ Platform on the Platform.sh cloud service).\n \nThe consequence of this is that in such a setup, those executable files may be downloadable. They will not be executable, unless you have specifically configured platform.sh to allow that (which you really should not do). The severity of the download access is limited, but it\u0027s better if the platform.sh cloud setup works the same way as regular eZ Platform does. All platform.sh setups are affected.\n \nThe fix adds a rule to the .platform.app.yaml configuration file, with the same effect as the rewrite rule already mentioned. After applying the fix, any attempt to access such files will fail with Access Denied. This security update is distributed via Composer as ezsystems/ezplatform 1.7.9.1, and 1.13.5.1, and 2.5.4. This is the commit: https://github.com/ezsystems/ezplatform/commit/773dddc0d8fe4fda34d2153a401eeaa6cc30b1ff",
"id": "GHSA-6xch-2vxx-5pvr",
"modified": "2024-05-15T21:16:02Z",
"published": "2024-05-15T21:16:02Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ezsystems/ezplatform/commit/773dddc0d8fe4fda34d2153a401eeaa6cc30b1ff"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezplatform/2019-09-03-1.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/ezsystems/ezplatform"
},
{
"type": "WEB",
"url": "https://share.ez.no/community-project/security-advisories/ezsa-2019-006-rules-to-disable-executable-access-are-ignored-on-platform.sh-ez-cloud"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "eZ Platform Rules to disable executable access are ignored on Platform.sh (eZ Cloud)"
}
GHSA-73XV-W5GP-FRXH
Vulnerability from github – Published: 2021-04-30 16:14 – Updated: 2022-02-08 22:01An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-jdk15to18"
},
"ranges": [
{
"events": [
{
"introduced": "1.65"
},
{
"fixed": "1.67"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-jdk15"
},
"ranges": [
{
"events": [
{
"introduced": "1.65"
},
{
"fixed": "1.67"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-jdk15on"
},
"ranges": [
{
"events": [
{
"introduced": "1.65"
},
{
"fixed": "1.67"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-ext-jdk15on"
},
"ranges": [
{
"events": [
{
"introduced": "1.65"
},
{
"fixed": "1.67"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-jdk14"
},
"ranges": [
{
"events": [
{
"introduced": "1.65"
},
{
"fixed": "1.67"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-jdk16"
},
"ranges": [
{
"events": [
{
"introduced": "1.65"
},
{
"fixed": "1.67"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-ext-jdk16"
},
"ranges": [
{
"events": [
{
"introduced": "1.65"
},
{
"fixed": "1.67"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-28052"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-19T00:15:55Z",
"nvd_published_at": "2020-12-18T01:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.",
"id": "GHSA-73xv-w5gp-frxh",
"modified": "2022-02-08T22:01:10Z",
"published": "2021-04-30T16:14:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052"
},
{
"type": "WEB",
"url": "https://github.com/bcgit/bc-java/commit/97578f9b7ed277e6ecb58834e85e3d18385a4219"
},
{
"type": "WEB",
"url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://www.bouncycastle.org/releasenotes.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E"
},
{
"type": "WEB",
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2020-28052"
},
{
"type": "PACKAGE",
"url": "https://github.com/bcgit/bc-java"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Logic error in Legion of the Bouncy Castle BC Java"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.