| CWE-622 |
The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities. |
| CWE-623 |
An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting. |
| CWE-624 |
The product uses a regular expression that either (1) contains an executable component with user-controlled inputs, or (2) allows a user to enable execution by inserting pattern modifiers. |
| CWE-625 |
The product uses a regular expression that does not sufficiently restrict the set of allowed values. |
| CWE-626 |
The product does not properly handle null bytes or NUL characters when passing data between different representations or components. |
| CWE-627 |
In a language where the user can influence the name of a variable at runtime, if the variable names are not controlled, an attacker can read or write to arbitrary variables, or access arbitrary functions. |
| CWE-628 |
The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses. |
| CWE-636 |
When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions. |
| CWE-637 |
The software uses a more complex mechanism than necessary, which could lead to resultant weaknesses when the mechanism is not correctly understood, modeled, configured, implemented, or used. |
| CWE-638 |
The software does not perform access checks on a resource every time the resource is accessed by an entity, which can create resultant weaknesses if that entity's rights or privileges change over time. |
