Category: 2011 Top 25 - Weaknesses On the Cusp
Obsolete
Summary
Weaknesses in this category are not part of the general Top 25, but they were part of the original nominee list from which the Top 25 was drawn.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-129 | Improper Validation of Array Index | The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. |
| CWE-209 | Generation of Error Message Containing Sensitive Information | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
| CWE-212 | Improper Removal of Sensitive Information Before Storage or Transfer | The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors. |
| CWE-330 | Use of Insufficiently Random Values | The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. |
| CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
| CWE-456 | Missing Initialization of a Variable | The product does not initialize critical variables, which causes the execution environment to use unexpected values. |
| CWE-476 | NULL Pointer Dereference | The product dereferences a pointer that it expects to be valid but is NULL. |
| CWE-681 | Incorrect Conversion between Numeric Types | When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur. |
| CWE-754 | Improper Check for Unusual or Exceptional Conditions | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
| CWE-770 | Allocation of Resources Without Limits or Throttling | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
| CWE-772 | Missing Release of Resource after Effective Lifetime | The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. |
| CWE-805 | Buffer Access with Incorrect Length Value | The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. |
| CWE-822 | Untrusted Pointer Dereference | The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer. |
| CWE-825 | Expired Pointer Dereference | The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid. |
| CWE-838 | Inappropriate Encoding for Output Context | The product uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component. |
| CWE-841 | Improper Enforcement of Behavioral Workflow | The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence. |
| CWE-900 | Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors | CWE entries in this view (graph) are listed in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.