Lista CWE

  • CWE-94

    Improper Control of Generation of Code ('Code Injection')

    The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment

  • CWE-775

    Missing Release of File Descriptor or Handle after Effective Lifetime

    The software does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed.

  • CWE-755

    Improper Handling of Exceptional Conditions

    The software does not handle or incorrectly handles an exceptional condition.

  • CWE-754

    Improper Check for Unusual or Exceptional Conditions

    The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

  • CWE-416

    Use After Free

    Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

  • CWE-203

    bservable Discrepancy

    The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

  • CWE-125

    Out-of-bounds Read

    The software reads data past the end, or before the beginning, of the intended buffer.

;