CWE-666 – Operation on Resource in Wrong Phase of Lifetime
Description The software performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpected behaviors. When a...
CWE-667 – Improper Locking
Description The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. Modes of Introduction:...
CWE-668 – Exposure of Resource to Wrong Sphere
Description The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. Modes of Introduction: - Architecture...
CWE-621 – Variable Extraction Error
Description The product uses external input to determine the names of variables into which information is extracted, without verifying that the names of the specified...
CWE-622 – Improper Validation of Function Hook Arguments
Description The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities. Such hooks...
CWE-623 – Unsafe ActiveX Control Marked Safe For Scripting
Description An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting. This might allow attackers to use dangerous functionality via...
CWE-624 – Executable Regular Expression Error
Description The product uses a regular expression that either (1) contains an executable component with user-controlled inputs, or (2) allows a user to enable execution...
CWE-625 – Permissive Regular Expression
Description The product uses a regular expression that does not sufficiently restrict the set of allowed values. Modes of Introduction: - Implementation Related...
CWE-626 – Null Byte Interaction Error (Poison Null Byte)
Description The product does not properly handle null bytes or NUL characters when passing data between different representations or components. Modes of Introduction: - Implementation...
CWE-627 – Dynamic Variable Evaluation
Description In a language where the user can influence the name of a variable at runtime, if the variable names are not controlled, an attacker...