| CWE-788 |
The software reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer. |
| CWE-789 |
The product allocates memory based on an untrusted size value, but it does not validate or incorrectly validates the size, allowing arbitrary amounts of memory to be allocated. |
| CWE-79 |
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-790 |
The software receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component. |
| CWE-791 |
The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component. |
| CWE-792 |
The software receives data from an upstream component, but does not completely filter one or more instances of special elements before sending it to a downstream component. |
| CWE-793 |
The software receives data from an upstream component, but only filters a single instance of a special element before sending it to a downstream component. |
| CWE-794 |
The software receives data from an upstream component, but does not filter all instances of a special element before sending it to a downstream component. |
| CWE-795 |
The software receives data from an upstream component, but only accounts for special elements at a specified location, thereby missing remaining special elements that may exist before sending it to a downstream component. |
| CWE-796 |
The software receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. "at the beginning/end of a string; the second argument"), thereby missing remaining special elements that may exist before sending it to a downstream component. |
