Paid content will be excluded from the download.
Matches : 909
Weaknesses in this category are related to improper assignment or handling of permissions.
The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors.
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
The software does not check or improperly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.
The program does not release or incorrectly releases a resource before it is made available for re-use.
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.