Categories

The product requires a true random number but uses an algorithm that is predictable and generates a pseudo-random number.

Certain conditions, such as network failure, will cause a server error message to be displayed.

The application stores sensitive information in cleartext in memory.

Quotes injected into an application can be used to compromise a system. As data are parsed, an injected/absent/duplicate/malformed use of quotes may cause the process to take unexpected actions.

Weaknesses in this category occur with improper enforcement of sandbox environments, or the improper handling, assignment, or management of privileges.Weaknesses in this category occur with improper enforcement of sandbox environments, or the improper handling, assignment, or management of privileges.

The software performs a data query with a large number of joins and sub-queries on a large data table.

The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.

The software makes resources available to untrusted parties when those resources are only intended to be accessed by the software.

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.

The software requires that an actor should only be able to perform an action once, or to have only one unique action, but the software does not enforce or improperly enforces this restriction.