CWE-823 – Use of Out-of-range Pointer Offset
Description The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid...
CWE-822 – Untrusted Pointer Dereference
Description The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer. Modes of Introduction: Likelihood...
CWE-821 – Incorrect Synchronization
Description The software utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource. If access to a...
CWE-820 – Missing Synchronization
Description The software utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource. If access to a...
CWE-82 – Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
Description The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute. Attackers can...
CWE-807 – Reliance on Untrusted Inputs in a Security Decision
Description The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an...
CWE-806 – Buffer Access Using Size of Source Buffer
Description The software uses the size of a source buffer when reading from or writing to a destination buffer, which may cause it to access...
CWE-805 – Buffer Access with Incorrect Length Value
Description The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access...
CWE-804 – Guessable CAPTCHA
Description The software uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor. Modes of Introduction: - Architecture...