CWE-909 – Missing Initialization of Resource
Description The software does not initialize a critical resource. Many resources require initialization before they can be properly used. If a resource is not initialized,...
CWE-91 – XML Injection (aka Blind XPath Injection)
Description The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the...
CWE-807 – Reliance on Untrusted Inputs in a Security Decision
Description The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an...
CWE-82 – Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
Description The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute. Attackers can...
CWE-820 – Missing Synchronization
Description The software utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource. If access to a...
CWE-821 – Incorrect Synchronization
Description The software utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource. If access to a...
CWE-822 – Untrusted Pointer Dereference
Description The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer. Modes of Introduction: Likelihood...
CWE-823 – Use of Out-of-range Pointer Offset
Description The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid...
CWE-824 – Access of Uninitialized Pointer
Description The program accesses or uses a pointer that has not been initialized. Modes of Introduction: Likelihood of Exploit: Related Weaknesses CWE-119 CWE-119 CWE-119...