[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The software does not properly maintain references to a file descriptor or handle, which prevents that file descriptor/handle from being reclaimed.

The software allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for that actor.

The software does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed.

The software requires the use of XML documents and allows their structure to be defined with a Document Type Definition (DTD). The software allows the DTD to recursively define entities which can lead to explosive growth of data when parsed.

The software uses a regular expression to perform neutralization, but the regular expression is not anchored and may allow malicious or malformed data to slip through.

When a security-critical event occurs, the software either does not record the event or omits important details about the event when logging it.

The software logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

The software uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.

The software defines an IOCTL that uses METHOD_NEITHER for I/O, but it does not validate or incorrectly validates the addresses that are provided.


Pages:      Start    66    67    68    69    70    71    72    73    74    75    76    77    78    79    ..   90

© SecPod Technologies