Categories

The software does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.

The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.

The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

The software does not properly distinguish between different types of elements in a way that leads to insecure behavior.

An exception is thrown from a function, but it is not caught.

The program releases a resource that is still intended to be used by the program itself or another actor.

The software makes resources available to untrusted parties when those resources are only intended to be accessed by the software.

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize /../ sequences that can resolve to a location that is outside of that directory.

The product creates a search index of private or sensitive documents, but it does not properly limit index access to actors who are authorized to see the original information.

The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.