Categories

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

The software utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.

The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.