CWE-584 - Return Inside Finally Block

Description The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere,...

rocco

May 26, 2022

CWE-67 – Improper Handling of Windows Device Names

Description The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a...

rocco

May 26, 2022May 26, 2022

CWE-670 – Always-Incorrect Control Flow Implementation

Description The code contains a control flow path that does not reflect the algorithm that the path is intended to...

rocco

May 26, 2022May 26, 2022

CWE-671 – Lack of Administrator Control over Security

Description The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect...

rocco

May 26, 2022May 26, 2022

Friday Squid Blogging: Squid Sticker

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe

Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers

LockBit Admins Tease a New Ransomware Version

Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns

CISA Urges Encrypted Messaging After Salt Typhoon Hack

Ransomware Attackers Target Industries with Low Downtime Tolerance

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

US Organizations Still Using Kaspersky Products Despite Ban

CWE-584 – Return Inside Finally Block

Description

Related Weaknesses

Consequences

Potential Mitigations

CVE References

The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them

ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows

CWE-669 – Incorrect Resource Transfer Between Spheres

CWE-67 – Improper Handling of Windows Device Names

CWE-670 – Always-Incorrect Control Flow Implementation

CWE-671 – Lack of Administrator Control over Security