CWE-910 – Use of Expired File Descriptor
Description The software uses or accesses a file descriptor after it has been closed. After a file descriptor for a particular file or device has...
CWE-91 – XML Injection (aka Blind XPath Injection)
Description The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the...
CWE-909 – Missing Initialization of Resource
Description The software does not initialize a critical resource. Many resources require initialization before they can be properly used. If a resource is not initialized,...
CWE-908 – Use of Uninitialized Resource
Description The software uses or accesses a resource that has not been initialized. When a resource has not been properly initialized, the software may behave...
CWE-90 – Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’)
Description The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly...
CWE-9 – J2EE Misconfiguration: Weak Access Permissions for EJB Methods
Description If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the software system. If...
CWE-89 – Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
Description The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly...
CWE-88 – Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)
Description The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit...
CWE-87 – Improper Neutralization of Alternate XSS Syntax
Description The software does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax. Modes of Introduction: - Implementation Likelihood of Exploit: Related...
CWE-863 – Incorrect Authorization
Description The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform...