CWE-787 – Out-of-bounds Write
Description The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a...
CWE-786 – Access of Memory Location Before Start of Buffer
Description The software reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the...
CWE-785 – Use of Path Manipulation Function without Maximum-sized Buffer
Description The software invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible...
CWE-784 – Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Description The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the...
CWE-783 – Operator Precedence Logic Error
Description The program uses an expression in which operator precedence causes incorrect logic to be used. While often just a bug, operator precedence logic errors...
CWE-782 – Exposed IOCTL with Insufficient Access Control
Description The software implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL. Modes of...
CWE-781 – Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
Description The software defines an IOCTL that uses METHOD_NEITHER for I/O, but it does not validate or incorrectly validates the addresses that are provided. When...
CWE-780 – Use of RSA Algorithm without OAEP
Description The software uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption. Padding schemes are often...
CWE-78 – Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
Description The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly...
CWE-779 – Logging of Excessive Data
Description The software logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack. While...
