Paid content will be excluded from the download.
Matches : 909
The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors.
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.
The software does not properly "clean up" and remove temporary or supporting resources after they have been used.
Weaknesses in this category are related to improper handling of data within protection mechanisms that attempt to perform neutralization for untrusted data.
The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
The product does not sufficiently encapsulate critical data or functionality.
Weaknesses in this category are organized based on which phase they are introduced during the software development and deployment process.
The software does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed.