Categories

The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.

The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.

The software uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.

The software uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count.

The software does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resource that is associated with that certificate.

The software uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor.

The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

The software stores sensitive information in a file system or device that does not have built-in access control.

The software does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.