Common Weakness Enumeration

CWE-670

Allowed-with-Review

Always-Incorrect Control Flow Implementation

Abstraction: Class · Status: Draft

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

203 vulnerabilities reference this CWE, most recent first.

GHSA-9WX4-H78V-VM56

Vulnerability from github – Published: 2024-05-20 20:15 – Updated: 2026-01-16 00:02
VLAI
Summary
Requests `Session` object does not verify requests after making first request with verify=False
Details

When using a requests.Session, if the first request to a given origin is made with verify=False, TLS certificate verification may remain disabled for all subsequent requests to that origin, even if verify=True is explicitly specified later.

This occurs because the underlying connection is reused from the session's connection pool, causing the initial TLS verification setting to persist for the lifetime of the pooled connection. As a result, applications may unintentionally send requests without certificate verification, leading to potential man-in-the-middle attacks and compromised confidentiality or integrity.

This behavior affects versions of requests prior to 2.32.0.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "requests"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.32.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-35195"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-20T20:15:00Z",
    "nvd_published_at": "2024-05-20T21:15:09Z",
    "severity": "MODERATE"
  },
  "details": "When using a `requests.Session`, if the first request to a given origin is made with `verify=False`, TLS certificate verification may remain disabled for all subsequent requests to that origin, even if `verify=True` is explicitly specified later.\n\nThis occurs because the underlying connection is reused from the session\u0027s connection pool, causing the initial TLS verification setting to persist for the lifetime of the pooled connection. As a result, applications may unintentionally send requests without certificate verification, leading to potential man-in-the-middle attacks and compromised confidentiality or integrity.\n\nThis behavior affects versions of `requests` prior to 2.32.0.",
  "id": "GHSA-9wx4-h78v-vm56",
  "modified": "2026-01-16T00:02:49Z",
  "published": "2024-05-20T20:15:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35195"
    },
    {
      "type": "WEB",
      "url": "https://github.com/psf/requests/pull/6655"
    },
    {
      "type": "WEB",
      "url": "https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/psf/requests"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Requests `Session` object does not verify requests after making first request with verify=False"
}

GHSA-C6H7-X3G7-8H2P

Vulnerability from github – Published: 2022-05-13 01:40 – Updated: 2022-05-13 01:40
VLAI
Details

An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-0604"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-12T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589.",
  "id": "GHSA-c6h7-x3g7-8h2p",
  "modified": "2022-05-13T01:40:19Z",
  "published": "2022-05-13T01:40:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0604"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-05-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98151"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CQGM-MQMR-PX3P

Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2024-04-04 02:50
VLAI
Details

Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-5753"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-670"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-20T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim\u0027s Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.",
  "id": "GHSA-cqgm-mqmr-px3p",
  "modified": "2024-04-04T02:50:52Z",
  "published": "2022-05-24T17:18:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5753"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2020-33"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F3Q6-69F3-VWCH

Vulnerability from github – Published: 2026-04-20 06:31 – Updated: 2026-04-23 14:29
VLAI
Summary
FastChat has a Content Moderation Bypass via Arena Side-by-Side Views
Details

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "fschat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.2.36"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-6608"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-23T14:29:57Z",
    "nvd_published_at": "2026-04-20T06:16:21Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.",
  "id": "GHSA-f3q6-69f3-vwch",
  "modified": "2026-04-23T14:29:57Z",
  "published": "2026-04-20T06:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6608"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lm-sys/FastChat/issues/3834"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/YLChen-007/e45039d23e698222d887ee09735d9d36"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/lm-sys/FastChat"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/792228"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/358243"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/358243/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "FastChat has a Content Moderation Bypass via Arena Side-by-Side Views"
}

GHSA-F6C7-FJ8H-5898

Vulnerability from github – Published: 2026-04-02 18:31 – Updated: 2026-04-02 18:31
VLAI
Details

OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-35414"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-02T18:16:34Z",
    "severity": "MODERATE"
  },
  "details": "OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.",
  "id": "GHSA-f6c7-fj8h-5898",
  "modified": "2026-04-02T18:31:39Z",
  "published": "2026-04-02T18:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35414"
    },
    {
      "type": "WEB",
      "url": "https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "https://www.openssh.org/releasenotes.html#10.3p1"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/04/02/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F6J9-3MCJ-W64V

Vulnerability from github – Published: 2022-05-06 00:00 – Updated: 2022-05-14 00:01
VLAI
Details

On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Session Awareness, and the "Use APM Username and Session ID" option is enabled, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26890"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-05T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Session Awareness, and the \"Use APM Username and Session ID\" option is enabled, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
  "id": "GHSA-f6j9-3mcj-w64v",
  "modified": "2022-05-14T00:01:37Z",
  "published": "2022-05-06T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26890"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K03442392"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F854-HPXV-CW9R

Vulnerability from github – Published: 2022-01-06 18:30 – Updated: 2022-01-06 20:21
VLAI
Summary
Drainage of FeeCollector's Block Transaction Fees in cronos
Details

Impact

In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx.

User funds and balances are safe.

Patches

This problem has been patched in Cronos v0.6.5 on the mempool level. The next network upgrade with consensus-breaking changes will patch it on the consensus level.

Workarounds

There are no tested workarounds. All validator node operators are recommended to upgrade to Cronos v0.6.5 at their earliest possible convenience.

Credits

Thank you to @zb3 for reporting this issue on Cronos Immunefi Bug Bounty Program, to @cyril-crypto for reproducing the issue and to @yihuang and @thomas-nguy for patching the issue on the CheckTx (mempool) and the DeliverTx (consensus) levels.

For more information

If you have any questions or comments about this advisory: * Open a discussion in crypto-org-chain/cronos * Email us at chain@crypto.org

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/crypto-org-chain/cronos"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/tharsis/ethermint"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.8.0"
            },
            {
              "fixed": "0.10.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/tharsis/evmos"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/tharsis/ethermint"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.7.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-43839"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-04T22:40:01Z",
    "nvd_published_at": "2021-12-21T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nIn Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK\u0027s FeeCollector for the current block by sending a custom crafted MsgEthereumTx.\n\nUser funds and balances are safe.\n\n\n### Patches\nThis problem has been patched in Cronos v0.6.5 on the mempool level.\nThe next network upgrade with consensus-breaking changes will patch it on the consensus level.\n\n### Workarounds\nThere are no tested workarounds. All validator node operators are recommended to upgrade to Cronos v0.6.5 at their earliest possible convenience.\n\n### Credits\nThank you to @zb3 for reporting this issue on [Cronos Immunefi Bug Bounty Program](https://immunefi.com/bounty/cronos/), to @cyril-crypto for reproducing the issue and to @yihuang and @thomas-nguy for patching the issue on the CheckTx (mempool) and the DeliverTx (consensus) levels.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open a discussion in [crypto-org-chain/cronos](https://github.com/crypto-org-chain/cronos/discussions/new)\n* Email us at [chain@crypto.org](mailto:chain@crypto.org)\n",
  "id": "GHSA-f854-hpxv-cw9r",
  "modified": "2022-01-06T20:21:28Z",
  "published": "2022-01-06T18:30:54Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/crypto-org-chain/cronos/security/advisories/GHSA-f854-hpxv-cw9r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43839"
    },
    {
      "type": "WEB",
      "url": "https://github.com/crypto-org-chain/cronos/pull/270"
    },
    {
      "type": "WEB",
      "url": "https://github.com/crypto-org-chain/cronos/commit/150ef237b37ac28c8136e1c0f494932860b9ebe8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/crypto-org-chain/cronos"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Drainage of FeeCollector\u0027s Block Transaction Fees in cronos"
}

GHSA-FCV6-FG5R-JM9Q

Vulnerability from github – Published: 2023-09-04 22:40 – Updated: 2023-09-04 22:40
VLAI
Summary
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer
Details

Impact

A Parse Pointer can be used to access internal Parse Server classes. It can also be used to circumvent the beforeFind query trigger which can be an additional vulnerability for deployments where the beforeFind trigger is used as a security layer to modify an incoming query.

Patches

The vulnerability was fixed by implementing a patch in the internal query pipeline to prevent a Parse Pointer to be used to access internal Parse Server classes or circumvent the beforeFind trigger.

Workarounds

There is no known workaround to prevent a Parse Pointer to be used to access internal Parse Server classes. A workaround if a beforeFind trigger is used as a security layer is to instead use the Parse Server provided security layers to manage access levels with Class-Level Permissions and Object-Level Access Control.

References

  • GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q
  • Patched in Parse Server 6.x: https://github.com/parse-community/parse-server/releases/tag/6.2.2
  • Patched in Parse Server 5.x (LTS): https://github.com/parse-community/parse-server/releases/tag/5.5.5
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "5.5.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-41058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-04T22:40:41Z",
    "nvd_published_at": "2023-09-04T23:15:47Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA Parse Pointer can be used to access internal Parse Server classes. It can also be used to circumvent the `beforeFind` query trigger which can be an additional vulnerability for deployments where the `beforeFind` trigger is used as a security layer to modify an incoming query.\n\n### Patches\n\nThe vulnerability was fixed by implementing a patch in the internal query pipeline to prevent a Parse Pointer to be used to access internal Parse Server classes or circumvent the `beforeFind` trigger.\n\n### Workarounds\n\nThere is no known workaround to prevent a Parse Pointer to be used to access internal Parse Server classes. A workaround if a `beforeFind` trigger is used as a security layer is to instead use the Parse Server provided [security layers](https://docs.parseplatform.org/parse-server/guide/#security) to manage access levels with Class-Level Permissions and Object-Level Access Control.\n\n### References\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q\n- Patched in Parse Server 6.x: https://github.com/parse-community/parse-server/releases/tag/6.2.2\n- Patched in Parse Server 5.x (LTS): https://github.com/parse-community/parse-server/releases/tag/5.5.5",
  "id": "GHSA-fcv6-fg5r-jm9q",
  "modified": "2023-09-04T22:40:41Z",
  "published": "2023-09-04T22:40:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41058"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/commit/be4c7e23c63a2fb690685665cebed0de26be05c5"
    },
    {
      "type": "WEB",
      "url": "https://docs.parseplatform.org/parse-server/guide/#security"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/parse-community/parse-server"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/releases/tag/5.5.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/releases/tag/6.2.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer"
}

GHSA-FM7H-C3R4-XQH6

Vulnerability from github – Published: 2025-10-02 21:31 – Updated: 2025-10-02 21:31
VLAI
Details

SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-32942"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-02T19:15:30Z",
    "severity": "HIGH"
  },
  "details": "SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user\u0027s session traffic.",
  "id": "GHSA-fm7h-c3r4-xqh6",
  "modified": "2025-10-02T21:31:19Z",
  "published": "2025-10-02T21:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32942"
    },
    {
      "type": "WEB",
      "url": "https://info.ssh.com/tectia-vulnerability-cve-2025-32942"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FV86-4V9Q-H758

Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32
VLAI
Details

WinZip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of archive files. When opening an archive that bears the Mark-of-the-Web, WinZip removes the Mark-of-the-Web from the archive file. Following extraction, the extracted files also lack the Mark-of-the-Web. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23983.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8811"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670",
      "CWE-693"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-22T21:15:19Z",
    "severity": "HIGH"
  },
  "details": "WinZip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of archive files. When opening an archive that bears the Mark-of-the-Web, WinZip removes the Mark-of-the-Web from the archive file. Following extraction, the extracted files also lack the Mark-of-the-Web. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23983.",
  "id": "GHSA-fv86-4v9q-h758",
  "modified": "2024-11-22T21:32:19Z",
  "published": "2024-11-22T21:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8811"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1234"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.