CWE-708 Incorrect Ownership Assignment
The software assigns an owner to a resource, but the owner is outside of the intended control sphere.
1 0 0 0 1
CWE-791 Incomplete Filtering of Special Elements
The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
0 0 0 1 1
CWE-1287 Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
0 1 0 0 1
CWE-391 Unchecked Error Condition
[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.
1 0 0 0 1
CWE-825 Expired Pointer Dereference
The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.
0 1 0 0 1
CWE-451 User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
0 1 0 0 1
CWE-324 Use of a Key Past its Expiration Date
The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
0 1 0 0 1
CWE-648 Incorrect Use of Privileged APIs
The application does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.
0 1 0 0 1
CWE-911 Improper Update of Reference Count
The software uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count.
0 0 1 0 1
CWE-241 Improper Handling of Unexpected Data Type
The software does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).
0 1 0 0 1