CWE-908 – Use of Uninitialized Resource
Description The software uses or accesses a resource that has not been initialized. When a resource has not been properly initialized, the software may behave...
CWE-909 – Missing Initialization of Resource
Description The software does not initialize a critical resource. Many resources require initialization before they can be properly used. If a resource is not initialized,...
CWE-91 – XML Injection (aka Blind XPath Injection)
Description The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the...
CWE-807 – Reliance on Untrusted Inputs in a Security Decision
Description The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an...
CWE-81 – Improper Neutralization of Script in an Error Message Web Page
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters that could be interpreted as web-scripting...
CWE-82 – Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
Description The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute. Attackers can...
CWE-820 – Missing Synchronization
Description The software utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource. If access to a...
CWE-821 – Incorrect Synchronization
Description The software utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource. If access to a...
CWE-822 – Untrusted Pointer Dereference
Description The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer. Modes of Introduction: Likelihood...
CWE-823 – Use of Out-of-range Pointer Offset
Description The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid...