Security News > 2023 > June > It's 2023 and memory overwrite bugs are not just a thing, they're still number one

It's 2023 and memory overwrite bugs are not just a thing, they're still number one
2023-06-29 20:24

Number two on MITRE's list is the less complex but still annoying cross-site scripting bug, which was key in four CVEs in the known exploited vulnerabilities catalog maintained by Uncle Sam's CISA. This bug type is a fancy form of a failure to sanitize user input.

Number three - SQL injection flaws - account for four known exploited bugs in the CISA catalog.

MITRE compiles the annual CWE Top 25 list by analyzing public vulnerability data in America's National Vulnerability Database.

The top three most dangerous software weaknesses for 2023 were also the most dangerous, and in the same order, in the 2022 list.

Some of the other biggest movers up the list, according to MITRE, include CWE-862, which covers missing authorization bugs.

CWE-269 moved up seven places to 22 on the list, and CWE-863 went from rose four ranks to number 24.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/06/29/cwe_top_25_2023/