2011 Top 25 - Weaknesses On the Cusp

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be ...

The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds ...

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a ...

The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.

The product generates an error message that includes sensitive information about its environment, users, or associated data.

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the pro...

The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in ...

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the ...

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index ref...

The product uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected...

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting va...

The product does not initialize critical variables, which causes the execution environment to use unexpected values.

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

CWE entries in this view (graph) are listed in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors.