CVEbaza.plCWE DictionaryCWE-691
Common Weakness Enumeration

CWE-691

Insufficient Control Flow Management

Category: PillarCVE: 32
Description

The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.

CVE vulnerabilities with CWE-691 (32)
8.8
CVSS
HIGH
CVE-2025-22893

Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

pub. 2025-08-12
8.8
CVSS
HIGH
CVE-2025-25273

Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

pub. 2025-08-12
8.8
CVSS
HIGH
CVE-2023-20559

Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.

pub. 2023-04-02
8.6
CVSS
HIGH
CVE-2022-20697

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

pub. 2022-04-15
8.5
CVSS
HIGH
CVE-2025-20004

Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of privilege via local access.

pub. 2025-05-13
8.3
CVSS
HIGH
CVE-2025-35963

Insufficient control flow management for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts.

pub. 2025-11-11
8.3
CVSS
HIGH
CVE-2024-21801

Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access.

pub. 2024-08-14
8.2
CVSS
HIGH
CVE-2024-33617

Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.

pub. 2024-11-13
7.8
CVSS
HIGH
CVE-2021-4106

A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0

pub. 2022-02-16
7.2
CVSS
HIGH
CVE-2021-33157

Insufficient control flow management in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.

pub. 2024-02-23
7.0
CVSS
HIGH
CVE-2025-24305

Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.

pub. 2025-08-12
6.9
CVSS
MEDIUM
CVE-2024-29079

Insufficient control flow management in some Intel(R) VROC software before version 8.6.0.3001 may allow an authenticated user to potentially enable escalation of privilege via local access.

pub. 2024-11-13
6.9
CVSS
MEDIUM
CVE-2023-24587

Insufficient control flow management in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable denial of service via local access.

pub. 2023-11-14
6.8
CVSS
MEDIUM
CVE-2024-22374

Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access.

pub. 2024-08-14
6.5
CVSS
MEDIUM
CVE-2025-49463

Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a disclosure of information via network access.

pub. 2025-07-10
6.5
CVSS
MEDIUM
CVE-2025-25774

An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a handover request at a specific time, it may cause an exception in the AMF's internal state machine, leading to an AMF crash and resulting in a Denial of Service (DoS).

pub. 2025-03-12
6.1
CVSS
MEDIUM
CVE-2024-3847

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

pub. 2024-04-17
5.8
CVSS
MEDIUM
CVE-2025-20022

Insufficient control flow management for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow a privileged user to potentially enable information disclosure via adjacent access.

pub. 2025-05-13
5.5
CVSS
MEDIUM
CVE-2026-5938

Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service.

pub. 2026-04-27
5.5
CVSS
MEDIUM
CVE-2023-28711

Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access.

pub. 2023-08-11
Showing 20 of 32 vulnerabilities
Information
ID: CWE-691
Type: Pillar
Vulnerabilities: 32
MITRE CWE ↗
← CWE Dictionary
CWE-691 — Insufficient Control Flow Management | CWE Dictionary | CVEbaza.pl