Categories

A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement.

The application does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

The software does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.

A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.

The software detects a specific error, but takes no actions to handle the error.

The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.

The software stores a password in a configuration file that might be accessible to actors who do not know the password.

The software does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.

The application attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.