CWE-774 – Allocation of File Descriptors or Handles Without Limits or Throttling
Description The software allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in...
CWE-775 – Missing Release of File Descriptor or Handle after Effective Lifetime
Description The software does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer...
CWE-776 – Improper Restriction of Recursive Entity References in DTDs (‘XML Entity Expansion’)
Description The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control...
CWE-777 – Regular Expression without Anchors
Description The software uses a regular expression to perform neutralization, but the regular expression is not anchored and may allow malicious or malformed data to...
CWE-778 – Insufficient Logging
Description When a security-critical event occurs, the software either does not record the event or omits important details about the event when logging it. When...
CWE-779 – Logging of Excessive Data
Description The software logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack. While...
CWE-78 – Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
Description The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly...
CWE-780 – Use of RSA Algorithm without OAEP
Description The software uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption. Padding schemes are often...
CWE-781 – Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
Description The software defines an IOCTL that uses METHOD_NEITHER for I/O, but it does not validate or incorrectly validates the addresses that are provided. When...
CWE-782 – Exposed IOCTL with Insufficient Access Control
Description The software implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL. Modes of...