CWE-695 – Use of Low-Level Functionality
Description The software uses low-level functionality that is explicitly prohibited by the framework or specification under which the software is supposed to operate. The use...
CWE-694 – Use of Multiple Resources with Duplicate Identifier
Description The software uses multiple resources that can have the same identifier, in a context in which unique identifiers are required. If the software assumes...
CWE-693 – Protection Mechanism Failure
Description The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. This weakness covers...
CWE-692 – Incomplete Denylist to Cross-Site Scripting
Description The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed. While XSS...
CWE-691 – Insufficient Control Flow Management
Description The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways....
CWE-690 – Unchecked Return Value to NULL Pointer Dereference
Description The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which...
USN-5402-2: OpenSSL vulnerabilities
USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Elison Niven discovered that OpenSSL incorrectly...
[R1] Nessus Version 10.2.0 Fixes Multiple Third-Party Vulnerabilities
[R1] Nessus Version 10.2.0 Fixes Multiple Third-Party Vulnerabilities Arnie Cabral Thu, 05/26/2022 - 09:30 Nessus leverages third-party software to help provide underlying functionality. Several of...
CVE-2021-40317
Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. Read More
Malware-Infested Smart Card Reader
Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and...