| CWE-77 |
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-770 |
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. |
| CWE-771 |
The software does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed. |
| CWE-772 |
The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. |
| CWE-773 |
The software does not properly maintain references to a file descriptor or handle, which prevents that file descriptor/handle from being reclaimed. |
| CWE-774 |
The software allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for that actor. |
| CWE-775 |
The software does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed. |
| CWE-776 |
The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities. |
| CWE-777 |
The software uses a regular expression to perform neutralization, but the regular expression is not anchored and may allow malicious or malformed data to slip through. |
| CWE-778 |
When a security-critical event occurs, the software either does not record the event or omits important details about the event when logging it. |
