Categories

The product allocates memory based on an untrusted size value, but it does not validate or incorrectly validates the size, allowing arbitrary amounts of memory to be allocated.

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.

Storing a password in plaintext may result in a system compromise.

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

The software does not properly encode or decode the data, resulting in unexpected values.

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.

The software reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.

An exception is thrown from a function, but it is not caught.