| CWE-82 |
The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute. |
| CWE-820 |
The software utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource. |
| CWE-821 |
The software utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource. |
| CWE-822 |
The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer. |
| CWE-823 |
The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer. |
| CWE-824 |
The program accesses or uses a pointer that has not been initialized. |
| CWE-825 |
The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid. |
| CWE-826 |
The program releases a resource that is still intended to be used by the program itself or another actor. |
| CWE-912 |
The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software's users or administrators. |
| CWE-827 |
The software does not restrict a reference to a Document Type Definition (DTD) to the intended control sphere. This might allow attackers to reference arbitrary DTDs, possibly causing the software to expose files, consume excessive system resources, or execute arbitrary http requests on behalf of the attacker. |
