CWE-792 – Incomplete Filtering of One or More Instances of Special Elements
Description The software receives data from an upstream component, but does not completely filter one or more instances of special elements before sending it to...
CWE-791 – Incomplete Filtering of Special Elements
Description The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component. Modes of...
CWE-790 – Improper Filtering of Special Elements
Description The software receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component....
CWE-79 – Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that...
CWE-789 – Memory Allocation with Excessive Size Value
Description The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing...
CWE-788 – Access of Memory Location After End of Buffer
Description The software reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer....
CWE-787 – Out-of-bounds Write
Description The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a...
CWE-786 – Access of Memory Location Before Start of Buffer
Description The software reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the...
CWE-785 – Use of Path Manipulation Function without Maximum-sized Buffer
Description The software invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible...
CWE-784 – Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Description The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the...
