Categories

Secrets stored in hardware can be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as scanning electron microscopy.

A software system that accepts path input in the form of trailing dot ('filedir.') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

One or more system settings or configuration elements can be externally controlled by a user.

The software implements an authentication technique, but it skips a step that weakens the technique.

The program calls a function that can never be guaranteed to work safely.

The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.

The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.

[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.

The software does not initialize critical variables, which causes the execution environment to use unexpected values.

The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.