CWE-776 – Improper Restriction of Recursive Entity References in DTDs (‘XML Entity Expansion’)
Description The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control...
CWE-775 – Missing Release of File Descriptor or Handle after Effective Lifetime
Description The software does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer...
CWE-774 – Allocation of File Descriptors or Handles Without Limits or Throttling
Description The software allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in...
CWE-773 – Missing Reference to Active File Descriptor or Handle
Description The software does not properly maintain references to a file descriptor or handle, which prevents that file descriptor/handle from being reclaimed. This can cause...
CWE-772 – Missing Release of Resource after Effective Lifetime
Description The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. When a resource...
CWE-771 – Missing Reference to Active Allocated Resource
Description The software does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed. This does...
CWE-770 – Allocation of Resources Without Limits or Throttling
Description The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number...
CWE-77 – Improper Neutralization of Special Elements used in a Command (‘Command Injection’)
Description The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes...
CWE-769 – DEPRECATED: Uncontrolled File Descriptor Consumption
Description This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774. Modes of Introduction: Likelihood of...
CWE-768 – Incorrect Short Circuit Evaluation
Description The software contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead...
