CWE-781 – Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
Description The software defines an IOCTL that uses METHOD_NEITHER for I/O, but it does not validate or incorrectly validates the addresses that are provided. When...
CWE-780 – Use of RSA Algorithm without OAEP
Description The software uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption. Padding schemes are often...
CWE-78 – Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
Description The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly...
CWE-779 – Logging of Excessive Data
Description The software logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack. While...
CWE-778 – Insufficient Logging
Description When a security-critical event occurs, the software either does not record the event or omits important details about the event when logging it. When...
CWE-777 – Regular Expression without Anchors
Description The software uses a regular expression to perform neutralization, but the regular expression is not anchored and may allow malicious or malformed data to...
CWE-776 – Improper Restriction of Recursive Entity References in DTDs (‘XML Entity Expansion’)
Description The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control...
CWE-775 – Missing Release of File Descriptor or Handle after Effective Lifetime
Description The software does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer...
CWE-774 – Allocation of File Descriptors or Handles Without Limits or Throttling
Description The software allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in...
CWE-773 – Missing Reference to Active File Descriptor or Handle
Description The software does not properly maintain references to a file descriptor or handle, which prevents that file descriptor/handle from being reclaimed. This can cause...