This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
Daily Archives: May 27, 2022
ZDI-22-803: Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
ZDI-22-804: KeySight N6841A RF Sensor Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability.
ZDI-22-805: KeySight N6841A RF Sensor UserFirmwareRequestHandler Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability.
Ransomware Roundup – 2022/05/26
FortiGuard Labs became aware of a number of new Ransomware strains for the week of May 23rd, 2022. It is imperative to raise awareness about new ransomware as infections can cause severe damage to the affected machines and organizations. This Threat Signal covers Yashma ransomware, GoodWill ransomware and Horsemagyar ransomware along with Fortinet protections against them.What is Yashma Ransomware?Yashma ransomware is a new and is generated through Yashma ransomware builder. It is claimed as the sixth version of Chaos ransomware builder. Reportedly, compared to the fifth version, Yashma ransomware builder now supports the “forbidden country” option which attackers can choose not to run the generated ransomware based on the victim’s location. The new builder also enables the ransomware to stop a wide variety of services running on the compromised machine such as anti-malware solutions, and Remote Desktop and Backup services. Additionally, it is important to note that from the fifth version of Chaos ransomware builder, the crafted ransomware can successfully encrypt files larger than 2,117,152 bytes and no longer corrupts them.A known sample of Yashma ransomware has the following ransom note:All of your files have been encrypted with Yashma ransomwareYour computer was infected with a ransomware. Your files have been encrypted and you won’tbe able to decrypt them without our help.What can I do to get my files back?You can buy our specialdecryption software, this software will allow you to recover all of your data and remove theransomware from your computer.The price for the software is $1,500. Payment can be made in Bitcoin only.How do I pay, where do I get Bitcoin?Purchasing Bitcoin varies from country to country, you are best advised to do a quick google searchyourself to find out how to buy Bitcoin.Many of our customers have reported these sites to be fast and reliable:Coinmama – hxxps://www[.]coinmama[.]com Bitpanda – hxxps://www[.]bitpanda[.]comPayment informationAmount: 0.1473766 BTCBitcoin Address: [removed] At the time of this writing, the attacker’s bitcoin wallet has no transactions.FortiGuard Labs previously released several blogs on Chaos ransomware. See the Appendix for links to “Chaos Ransomware Variant Sides with Russia” and “Chaos Ransomware Variant in Fake Minecraft Alt List Brings Destruction to Japanese Gamers”.What is the Status of Coverage for Yashma ransomware?FortiGuard Labs provides the following AV coverage against a known sample of Yashma ransomware:MSIL/Filecoder.APU!tr.ransomWhat is GoodWill Ransomware?GoodWill ransomware was recently discovered, however it appears to have been first observed in March 2022. The ransomware encrypts files on the compromised machine and adds a “.gdwill” file extension to the affected files.Unlike other ransomware that demands ransom to recover the encrypted files, GoodWill asks the victim to do three good deeds. Firstly, the victim must provide clothes and blankets to needy people on the street. Secondly, the victim must feed dinner to five children at a pizza or fried chicken joint. Lastly, the victim must visit a local hospital and provide financial assistance to those in need. After finishing each deed, proof must be provided to the attacker, and a decryption tool and video instruction will be provided to the victim after completing all the deeds.What is the Status of Coverage for GoodWill ransomware?FortiGuard Labs provides the following AV coverage against GoodWill ransomware:MSIL/Filecoder.AGR!tr.ransomWhat is Horsemagyar Ransomware?Horsemagyar ransomware is a new variant of Sojusz ransomware that was recently discovered. It encrypts files on the compromised machine and adds “.[10 digit ID number].spanielearslook.likeoldboobs” file extension to the encrypted files. The ransomware leaves a ransom note as Horse.txt. The first sighting of Sojusz ransomware goes back to February, 2022 and it added a “.[10 digit ID number].[attacker’s email address].bec” extension to the files it encrypted.Example of ransom note left behind by Horsemagyar ransomware is below:::: Hello my dear friend :::Unfortunately for you, a major IT security weakness left you open to attack, your files have been encryptedIf you want to restore them,write to our skype – [removed] DECRYPTIONAlso you can write ICQ live chat which works 24/7 @[removed]Install ICQ software on your PC https://icq[.]com/windows/ or on your mobile phone search in Appstore / Google market ICQWrite to our ICQ @HORSEMAGYAR https://icq[.]im/[removed]If we not reply in 6 hours you can write to our mail but use it only if previous methods not working – [removed]@onionmail.orgAttention!* Do not rename encrypted files.* Do not try to decrypt your data using third party software, it may cause permanent data loss.* We are always ready to cooperate and find the best way to solve your problem.* The faster you write, the more favorable the conditions will be for you.* Our company values its reputation. We give all guarantees of your files decryption,such as test decryption some of themWe respect your time and waiting for respond from your sidetell your MachineID: MAHINE_ID and LaunchID: LAUNCH__IDSensitive data on your system was DOWNLOADED.If you DON’T WANT your sensitive data to be PUBLISHED you have to act quickly.Data includes:- Employees personal data, CVs, DL, SSN.- Complete network map including credentials for local and remote services.- Private financial information including: clients data, bills, budgets, annual reports, bank statements.- Manufacturing documents including: datagrams, schemas, drawings in solidworks format- And more…What is the Status of Coverage against Horsemagyar Ransomware?FortiGuard Labs provides the following AV coverage against Horsemagyar ransomware:W32/Filecoder.NSF!tr.ransomAnything Else to Note?Victims of ransomware are cautioned against paying ransoms by such organizations as CISA, NCSC, the FBI, and HHS. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities which could potentially be illegal according to a U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) advisory.
CWE
CWE (Common Weakness Enumeration) is a list of common types of hardware and software defects that have security implications. The CWE list can be used as a framework to describe and communicate such vulnerabilities in terms of CWEs.
The goal is to support all those methods (including automatic ones) to control and prevent software errors. It can be used at the development stage, during the Code Review activity, and later on during the penetration test activity to classify and communicate the vulnerability type to developers. The system is at version 4.7 and contains over 600 categories of weaknesses and vulnerabilities
The CWE Top 25 Most Dangerous Software Weakness List is a list of the most common programming errors that can lead to software vulnerabilities. Vulnerabilities present in the CWE Top 25 are usually easy to detect and exploit. For example, the CWE-79 is related to Cross-Site Scripting while the CWE-89 to SQL Injection. A similar project is Top Ten Owasp (Open Web Application Security Project). Compared to the CWE Top 25, the Top Ten OWASP focuses solely on vulnerabilities of web applications.
The CWE Most Important Hardware Weakness List serves the same purpose, but it focuses on hardware defects.
Please check our post about Vulnerability Analysis to learn more about CWE usage.
Please find a list of all the CWE below or use the search box above to find a specific CWE.
-
CWE-1046 – Creation of Immutable Text Using String Concatenation
Description The software creates an immutable text string using string concatenation operations. Modes of Introduction: Related Weaknesses CWE-1176 Consequences Other: Reduce Performance Potential Mitigations CVE References
-
CWE-1047 – Modules with Circular Dependencies
Description The software contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies. Modes of Introduction: Related Weaknesses CWE-1120 Consequences Other: Reduce Reliability Potential Mitigations CVE References
-
CWE-94 – Improper Control of Generation of Code (‘Code Injection’)
Description The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Medium Related Weaknesses CWE-74…
-
CWE-940 – Improper Verification of Source of a Communication Channel
Description The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. When an attacker can successfully establish a communication channel from an untrusted origin, the attacker may be able to gain privileges…
-
CWE-941 – Incorrectly Specified Destination in a Communication Channel
Description The software creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Related Weaknesses CWE-923 CWE-406 Consequences Potential Mitigations CVE References CVE-2013-5211 composite: NTP feature generates…
-
CWE-942 – Permissive Cross-domain Policy with Untrusted Domains
Description The software uses a cross-domain policy file that includes domains that should not be trusted. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses CWE-284 CWE-183 CWE-668 Consequences Confidentiality, Integrity, Availability, Access Control: Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Read Application Data, Varies by Context An attacker may be…
-
CWE-943 – Improper Neutralization of Special Elements in Data Query Logic
Description The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses CWE-74 Consequences Confidentiality, Integrity,…
-
CWE-95 – Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. “eval”). This may allow an attacker to execute arbitrary code, or at least modify what code can be executed. Modes of Introduction: – Architecture and Design…
-
CWE-96 – Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’)
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Related Weaknesses CWE-94 Consequences Confidentiality: Read Files or…
-
CWE-97 – Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
Description The software generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Related Weaknesses CWE-96 Consequences Confidentiality, Integrity, Availability: Execute Unauthorized Code or Commands Potential Mitigations CVE References…
-
CWE-98 – Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
Description The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in “require,” “include,” or similar functions. In certain versions and configurations of PHP, this can allow an attacker to specify a URL to a remote location from which the software will obtain…
-
CWE-99 – Improper Control of Resource Identifiers (‘Resource Injection’)
Description The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High Related Weaknesses CWE-74 CWE-706 CWE-73…
-
CWE-910 – Use of Expired File Descriptor
Description The software uses or accesses a file descriptor after it has been closed. After a file descriptor for a particular file or device has been released, it can be reused. The code might not write to the original file, since the reused file descriptor might reference a different file or device. Modes of Introduction:…
-
CWE-911 – Improper Update of Reference Count
Description The software uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count. Reference counts can be used when tracking how many objects contain a reference to a particular resource, such as in memory management or garbage collection. When the reference count reaches zero, the resource…
-
CWE-912 – Hidden Functionality
Description The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software’s users or administrators. Hidden functionality can take many forms, such as intentionally malicious code, “Easter Eggs” that contain extraneous functionality such as games, developer-friendly shortcuts that…
-
CWE-913 – Improper Control of Dynamically-Managed Code Resources
Description The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements. Many languages offer powerful features that allow the programmer to dynamically create or modify existing code, or resources used by code such as variables and objects. While these…
-
CWE-914 – Improper Control of Dynamically-Identified Variables
Description The software does not properly restrict reading from or writing to dynamically-identified variables. Many languages offer powerful features that allow the programmer to access arbitrary variables that are specified by an input string. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can modify unintended…
-
CWE-915 – Improperly Controlled Modification of Dynamically-Determined Object Attributes
Description The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Related Weaknesses CWE-913 CWE-502 Consequences Integrity:…
-
CWE-916 – Use of Password Hash With Insufficient Computational Effort
Description The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Related Weaknesses CWE-327 CWE-327 Consequences Access Control: Bypass Protection Mechanism,…
-
CWE-917 – Improper Neutralization of Special Elements used in an Expression Language Statement (‘Expression Language Injection’)
Description The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. Modes of Introduction: – Architecture and Design Likelihood…
-
CWE-918 – Server-Side Request Forgery (SSRF)
Description The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending…
-
CWE-92 – DEPRECATED: Improper Sanitization of Custom Special Characters
Description This entry has been deprecated. It originally came from PLOVER, which sometimes defined “other” and “miscellaneous” categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping. Modes of Introduction: Likelihood of Exploit:…
-
CWE-920 – Improper Restriction of Power Consumption
Description The software operates in an environment in which power is a limited resource that cannot be automatically replenished, but the software does not properly restrict the amount of power that its operation consumes. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Related Weaknesses CWE-400 CWE-400 Consequences Availability: DoS: Resource Consumption…
-
CWE-921 – Storage of Sensitive Data in a Mechanism without Access Control
Description The software stores sensitive information in a file system or device that does not have built-in access control. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Related Weaknesses CWE-922 Consequences Confidentiality: Read Application Data, Read Files or Directories Attackers can read sensitive information by accessing the unrestricted storage mechanism. Integrity:…
-
CWE-922 – Insecure Storage of Sensitive Information
Description The software stores sensitive information without properly limiting read or write access by unauthorized actors. If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.…
-
CWE-923 – Improper Restriction of Communication Channel to Intended Endpoints
Description The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Related Weaknesses CWE-284 Consequences Integrity, Confidentiality: Gain Privileges or Assume Identity If…
-
CWE-925 – Improper Verification of Intent by Broadcast Receiver
Description The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source. Certain types of Intents, identified by action string, can only be broadcast by the operating system itself, not by third-party applications. However, when an application registers to receive these implicit…
-
CWE-926 – Improper Export of Android Application Components
Description The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Related Weaknesses CWE-285 Consequences Availability, Integrity: Unexpected State, DoS: Crash, Exit, or Restart, DoS:…
-
CWE-927 – Use of Implicit Intent for Sensitive Communication
Description The Android application uses an implicit intent for transmitting sensitive data to other applications. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Related Weaknesses CWE-285 CWE-668 Consequences Confidentiality: Read Application Data Other applications, possibly untrusted, can read the data that is offered through the Intent. Integrity: Varies by Context The…
-
CWE-93 – Improper Neutralization of CRLF Sequences (‘CRLF Injection’)
Description The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Related Weaknesses CWE-74 CWE-117 Consequences Integrity: Modify Application Data Potential Mitigations…
-
CWE-836 – Use of Password Hash Instead of Password for Authentication
Description The software records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses CWE-287 CWE-602 Consequences Access Control: Bypass Protection Mechanism, Gain Privileges or…
-
CWE-837 – Improper Enforcement of a Single, Unique Action
Description The software requires that an actor should only be able to perform an action once, or to have only one unique action, but the software does not enforce or improperly enforces this restriction. In various applications, a user is only expected to perform a certain action once, such as voting, requesting a refund, or…
-
CWE-838 – Inappropriate Encoding for Output Context
Description The software uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component. Modes of Introduction: Likelihood of Exploit: Related Weaknesses CWE-116 CWE-116 Consequences Integrity, Confidentiality, Availability: Modify Application Data, Execute Unauthorized Code…
-
CWE-839 – Numeric Range Comparison Without Minimum Check
Description The program checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum. Modes of Introduction: Likelihood of Exploit: Related Weaknesses CWE-1023 CWE-195 CWE-682 CWE-119 CWE-124 Consequences Integrity, Confidentiality, Availability: Modify…
-
CWE-84 – Improper Neutralization of Encoded URI Schemes in a Web Page
Description The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Related Weaknesses CWE-79 Consequences Integrity: Unexpected State Potential Mitigations Phase: Implementation Effectiveness: Description: Resolve all URIs to absolute or canonical representations before processing. Phase: Implementation Effectiveness: Description: …
-
CWE-841 – Improper Enforcement of Behavioral Workflow
Description The software supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses CWE-691 Consequences Other: Alter Execution Logic An attacker could…
-
CWE-842 – Placement of User into Incorrect Group
Description The software or the administrator places a user into an incorrect group. If the incorrect group has more access or privileges than the intended group, the user might be able to bypass intended security policy to access unexpected resources or perform unexpected actions. The access-control system might not be able to detect malicious usage…
-
CWE-843 – Access of Resource Using Incompatible Type (‘Type Confusion’)
Description The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses CWE-704 CWE-704 CWE-119 Consequences Availability, Integrity, Confidentiality: Read Memory,…
-
CWE-85 – Doubled Character XSS Manipulations
Description The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses CWE-79 CWE-675 Consequences Confidentiality, Integrity, Availability: Read Application Data, Execute Unauthorized Code or Commands Potential Mitigations Phase: Implementation Effectiveness: Description: Resolve all filtered…
-
CWE-86 – Improper Neutralization of Invalid Characters in Identifiers in Web Pages
Description The software does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers. Some web browsers may remove these sequences, resulting in output that may have unintended control implications. For example, the software may attempt to remove a “javascript:” URI scheme, but a…
-
CWE-87 – Improper Neutralization of Alternate XSS Syntax
Description The software does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses CWE-79 Consequences Confidentiality, Integrity, Availability: Read Application Data, Execute Unauthorized Code or Commands Potential Mitigations Phase: Implementation Effectiveness: Description: Resolve all input to absolute or canonical representations…
-
CWE-88 – Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)
Description The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Related Weaknesses CWE-77 CWE-74 CWE-77 CWE-77 Consequences Confidentiality,…
-
CWE-89 – Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
Description The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High …
-
CWE-90 – Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’)
Description The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Related…
-
CWE-908 – Use of Uninitialized Resource
Description The software uses or accesses a resource that has not been initialized. When a resource has not been properly initialized, the software may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the software. Modes…
-
CWE-909 – Missing Initialization of Resource
Description The software does not initialize a critical resource. Many resources require initialization before they can be properly used. If a resource is not initialized, it could contain unpredictable or expired data, or it could be initialized to defaults that are invalid. This can have security implications when the resource is expected to have certain…
-
CWE-91 – XML Injection (aka Blind XPath Injection)
Description The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. Within XML, special elements could include reserved words or characters such as ““, “””, and “&”, which could then be used…
-
CWE-807 – Reliance on Untrusted Inputs in a Security Decision
Description The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High Related Weaknesses CWE-693 Consequences Confidentiality, Access Control,…
-
CWE-820 – Missing Synchronization
Description The software utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource. If access to a shared resource is not synchronized, then the resource may not be in a state that is expected by the software. This might lead to unexpected or insecure behaviors, especially if…
-
CWE-821 – Incorrect Synchronization
Description The software utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource. If access to a shared resource is not correctly synchronized, then the resource may not be in a state that is expected by the software. This might lead to unexpected or insecure behaviors, especially…
-
CWE-822 – Untrusted Pointer Dereference
Description The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer. Modes of Introduction: Likelihood of Exploit: Related Weaknesses CWE-119 CWE-119 CWE-119 CWE-125 CWE-787 Consequences Confidentiality: Read Memory If the untrusted pointer is used in a read operation, an attacker might be able…
-
CWE-823 – Use of Out-of-range Pointer Offset
Description The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer. Modes of Introduction: Likelihood of Exploit: Related Weaknesses CWE-119 CWE-119 CWE-119 CWE-125 CWE-787 Consequences Confidentiality: Read Memory If the untrusted pointer is…
-
CWE-824 – Access of Uninitialized Pointer
Description The program accesses or uses a pointer that has not been initialized. Modes of Introduction: Likelihood of Exploit: Related Weaknesses CWE-119 CWE-119 CWE-119 CWE-119 CWE-125 CWE-787 Consequences Confidentiality: Read Memory If the uninitialized pointer is used in a read operation, an attacker might be able to read sensitive portions of memory. Availability:…
-
CWE-825 – Expired Pointer Dereference
Description The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid. When a program releases memory, but it maintains a pointer to that memory, then the memory might be re-allocated at a later time. If the original pointer is accessed to read or write data,…
-
CWE-826 – Premature Release of Resource During Expected Lifetime
Description The program releases a resource that is still intended to be used by the program itself or another actor. Modes of Introduction: Likelihood of Exploit: Related Weaknesses CWE-666 CWE-672 Consequences Confidentiality: Read Application Data, Read Memory If the released resource is subsequently reused or reallocated, then a read operation on the original…
-
CWE-827 – Improper Control of Document Type Definition
Description The software does not restrict a reference to a Document Type Definition (DTD) to the intended control sphere. This might allow attackers to reference arbitrary DTDs, possibly causing the software to expose files, consume excessive system resources, or execute arbitrary http requests on behalf of the attacker. Modes of Introduction: – Implementation Likelihood of…
-
CWE-828 – Signal Handler with Functionality that is not Asynchronous-Safe
Description The software defines a signal handler that contains code sequences that are not asynchronous-safe, i.e., the functionality is not reentrant, or it can be interrupted. Modes of Introduction: Likelihood of Exploit: Related Weaknesses CWE-364 Consequences Integrity, Confidentiality, Availability: DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands The most common consequence…
-
CWE-829 – Inclusion of Functionality from Untrusted Control Sphere
Description The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses CWE-669 CWE-669 Consequences Confidentiality, Integrity, Availability: Execute Unauthorized Code or Commands An attacker could insert malicious functionality into the…
-
CWE-83 – Improper Neutralization of Script in Attributes in a Web Page
Description The software does not neutralize or incorrectly neutralizes “javascript:” or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses CWE-79 Consequences Confidentiality, Integrity, Availability: Read Application Data, Execute Unauthorized Code or Commands Potential Mitigations Phase: Implementation…
-
CWE-830 – Inclusion of Web Functionality from an Untrusted Source
Description The software includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the software, potentially granting total access and control of the software to the untrusted source. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses CWE-829 Consequences Confidentiality, Integrity, Availability:…
-
CWE-831 – Signal Handler Function Associated with Multiple Signals
Description The software defines a function that is used as a handler for more than one signal. Modes of Introduction: Likelihood of Exploit: Related Weaknesses CWE-364 Consequences Availability, Integrity, Confidentiality, Access Control, Other: DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands, Read Application Data, Gain Privileges or Assume Identity, Bypass Protection…
-
CWE-832 – Unlock of a Resource that is not Locked
Description The software attempts to unlock a resource that is not locked. Depending on the locking functionality, an unlock of a non-locked resource might cause memory corruption or other modification to the resource (or its associated metadata that is used for tracking locks). Modes of Introduction: Likelihood of Exploit: Related Weaknesses CWE-667 Consequences…
-
CWE-833 – Deadlock
Description The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock. Modes of Introduction: Likelihood of Exploit: Related Weaknesses CWE-667 CWE-662 Consequences Availability: DoS: Resource Consumption (CPU), DoS: Resource Consumption (Other), DoS: Crash, Exit, or Restart Each thread of execution will…
-
CWE-834 – Excessive Iteration
Description The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed. If the iteration can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. In many cases, a loop does not need to be infinite in…
-
CWE-835 – Loop with Unreachable Exit Condition (‘Infinite Loop’)
Description The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. Modes of Introduction: Likelihood of Exploit: Related Weaknesses CWE-834 CWE-834 …
-
CWE-786 – Access of Memory Location Before Start of Buffer
Description The software reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the…
-
CWE-787 – Out-of-bounds Write
Description The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent…
-
CWE-788 – Access of Memory Location After End of Buffer
Description The software reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer. This typically occurs when a pointer or its index is incremented to a position after the buffer; or when pointer arithmetic results in a position after the buffer. Modes of…
-
CWE-789 – Memory Allocation with Excessive Size Value
Description The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses CWE-770 CWE-1284 CWE-476 Consequences Availability: DoS: Resource Consumption (Memory) Not controlling…
-
CWE-79 – Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High Related Weaknesses CWE-74 CWE-74 CWE-494 CWE-352 Consequences Access Control, Confidentiality: Bypass Protection…
-
CWE-790 – Improper Filtering of Special Elements
Description The software receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses CWE-138 Consequences Integrity: Unexpected State Potential Mitigations CVE References
-
CWE-791 – Incomplete Filtering of Special Elements
Description The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses CWE-790 Consequences Integrity: Unexpected State Potential Mitigations CVE References
-
CWE-792 – Incomplete Filtering of One or More Instances of Special Elements
Description The software receives data from an upstream component, but does not completely filter one or more instances of special elements before sending it to a downstream component. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses CWE-791 Consequences Integrity: Unexpected State Potential Mitigations CVE References
-
CWE-793 – Only Filtering One Instance of a Special Element
Description The software receives data from an upstream component, but only filters a single instance of a special element before sending it to a downstream component. Incomplete filtering of this nature may be location-dependent, as in only the first or last element is filtered. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses…
-
CWE-794 – Incomplete Filtering of Multiple Instances of Special Elements
Description The software receives data from an upstream component, but does not filter all instances of a special element before sending it to a downstream component. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses CWE-792 Consequences Integrity: Unexpected State Potential Mitigations CVE References
-
CWE-795 – Only Filtering Special Elements at a Specified Location
Description The software receives data from an upstream component, but only accounts for special elements at a specified location, thereby missing remaining special elements that may exist before sending it to a downstream component. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses CWE-791 Consequences Integrity: Unexpected State Potential Mitigations CVE…
-
CWE-796 – Only Filtering Special Elements Relative to a Marker
Description The software receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. “at the beginning/end of a string; the second argument”), thereby missing remaining special elements that may exist before sending it to a downstream component. Modes of Introduction: – Implementation Likelihood of Exploit: Related…
-
CWE-797 – Only Filtering Special Elements at an Absolute Position
Description The software receives data from an upstream component, but only accounts for special elements at an absolute position (e.g. “byte number 10”), thereby missing remaining special elements that may exist before sending it to a downstream component. Modes of Introduction: – Implementation Likelihood of Exploit: Related Weaknesses CWE-795 Consequences Integrity: Unexpected State…
-
CWE-798 – Use of Hard-coded Credentials
Description The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High Related Weaknesses CWE-287 CWE-287 CWE-344 CWE-671 CWE-257 Consequences Access Control: Bypass…
-
CWE-799 – Improper Control of Interaction Frequency
Description The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. This can allow the actor to perform actions more frequently than expected. The actor could be a human or an automated process such as a virus or bot. This…
-
CWE-8 – J2EE Misconfiguration: Entity Bean Declared Remote
Description When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean’s data. These methods could be leveraged to read sensitive information, or to change data in ways that violate the application’s expectations, potentially leading to other vulnerabilities. Modes of Introduction: – Architecture and…
-
CWE-804 – Guessable CAPTCHA
Description The software uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Related Weaknesses CWE-863 CWE-287 CWE-330 Consequences Access Control, Other: Bypass Protection Mechanism, Other When authorization, authentication, or another protection mechanism relies on CAPTCHA…
-
CWE-805 – Buffer Access with Incorrect Length Value
Description The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. When the length value exceeds the size of the destination, a buffer overflow could occur. Modes of Introduction: – Implementation…
-
CWE-806 – Buffer Access Using Size of Source Buffer
Description The software uses the size of a source buffer when reading from or writing to a destination buffer, which may cause it to access memory that is outside of the bounds of the buffer. When the size of the destination is smaller than the size of the source, a buffer overflow could occur. Modes…
-
CWE-768 – Incorrect Short Circuit Evaluation
Description The software contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead to an unexpected state in the program after the execution of the conditional, because short-circuiting logic may prevent the side effects from occurring. Modes of Introduction: – Implementation Likelihood of…
-
CWE-769 – DEPRECATED: Uncontrolled File Descriptor Consumption
Description This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774. Modes of Introduction: Likelihood of Exploit: Related Weaknesses Consequences Potential Mitigations CVE References
-
CWE-77 – Improper Neutralization of Special Elements used in a Command (‘Command Injection’)
Description The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High Related Weaknesses…
-
CWE-770 – Allocation of Resources Without Limits or Throttling
Description The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High Related Weaknesses…
-
CWE-771 – Missing Reference to Active Allocated Resource
Description The software does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed. This does not necessarily apply in languages or frameworks that automatically perform garbage collection, since the removal of all references may act as a signal that the resource is ready to be…
-
CWE-772 – Missing Release of Resource after Effective Lifetime
Description The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. When a resource is not released after use, it can allow attackers to cause a denial of service by causing the allocation of resources without triggering their release. Frequently-affected resources include memory, CPU,…
-
CWE-773 – Missing Reference to Active File Descriptor or Handle
Description The software does not properly maintain references to a file descriptor or handle, which prevents that file descriptor/handle from being reclaimed. This can cause the software to consume all available file descriptors or handles, which can prevent other processes from performing critical file processing operations. Modes of Introduction: – Architecture and Design Likelihood of…
-
CWE-774 – Allocation of File Descriptors or Handles Without Limits or Throttling
Description The software allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for that actor. This can cause the software to consume all available file descriptors or handles, which can prevent other processes from performing critical…
USN-5450-1: Subversion vulnerabilities
Evgeny Kotkov discovered that subversion servers did not properly follow
path-based authorization rules in certain cases. An attacker could
potentially use this issue to retrieve information about private paths.
(CVE-2021-28544)
Thomas Weißschuh discovered that subversion servers did not properly handle
memory in certain configurations. A remote attacker could potentially use
this issue to cause a denial of service or other unspecified impact.
(CVE-2022-24070)