Categories

The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

The software performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ../ sequences that can resolve to a location that is outside of that directory.

The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.

The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.

Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.

The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.

The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as parameter or argument delimiters when they are sent to a downstream component.

The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings.