Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE VIEW:High likelihood of exploit
ID:BOSS-274
Vulnerability Mapping:Prohibited
Type:Implicit
Status:Draft
DetailsContent HistoryObserved CVE ExamplesReports
▼Objective

This view displays only High likelihood of exploit weaknesses.

▼Memberships
NatureMappingTypeIDName
HasMemberAllowed-with-ReviewC116Improper Encoding or Escaping of Output
HasMemberDiscouragedC119Improper Restriction of Operations within the Bounds of a Memory Buffer
HasMemberAllowed-with-ReviewB120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
HasMemberAllowedV121Stack-based Buffer Overflow
HasMemberAllowedV122Heap-based Buffer Overflow
HasMemberAllowedB123Write-what-where Condition
HasMemberAllowedV129Improper Validation of Array Index
HasMemberAllowedB131Incorrect Calculation of Buffer Size
HasMemberAllowedB1333Inefficient Regular Expression Complexity
HasMemberAllowedB134Use of Externally-Controlled Format String
HasMemberAllowedV194Unexpected Sign Extension
HasMemberDiscouragedC20Improper Input Validation
HasMemberDiscouragedC200Exposure of Sensitive Information to an Unauthorized Actor
HasMemberAllowedB209Generation of Error Message Containing Sensitive Information
HasMemberAllowedB22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HasMemberDiscouragedV234Failure to Handle Missing Parameter
HasMemberAllowedB242Use of Inherently Dangerous Function
HasMemberAllowedV243Creation of chroot Jail Without Changing Working Directory
HasMemberAllowedB256Plaintext Storage of a Password
HasMemberAllowedB257Storing Passwords in a Recoverable Format
HasMemberAllowedV258Empty Password in Configuration File
HasMemberAllowedV259Use of Hard-coded Password
HasMemberAllowedB268Privilege Chaining
HasMemberAllowed-with-ReviewC271Privilege Dropping / Lowering Errors
HasMemberDiscouragedC285Improper Authorization
HasMemberDiscouragedC287Improper Authentication
HasMemberAllowedV291Reliance on IP Address for Authentication
HasMemberAllowedV293Using Referer Field for Authentication
HasMemberAllowedB294Authentication Bypass by Capture-replay
HasMemberAllowedV297Improper Validation of Certificate with Host Mismatch
HasMemberAllowedB306Missing Authentication for Critical Function
HasMemberAllowedB308Use of Single-factor Authentication
HasMemberAllowedB309Use of Password System for Primary Authentication
HasMemberDiscouragedC311Missing Encryption of Sensitive Data
HasMemberAllowedB319Cleartext Transmission of Sensitive Information
HasMemberAllowedV321Use of Hard-coded Cryptographic Key
HasMemberAllowedB322Key Exchange without Entity Authentication
HasMemberAllowedB323Reusing a Nonce, Key Pair in Encryption
HasMemberAllowed-with-ReviewC327Use of a Broken or Risky Cryptographic Algorithm
HasMemberDiscouragedC330Use of Insufficiently Random Values
HasMemberAllowedB360Trust of System Event Data
HasMemberAllowedB378Creation of Temporary File With Insecure Permissions
HasMemberDiscouragedC400Uncontrolled Resource Consumption
HasMemberAllowedV415Double Free
HasMemberAllowedV416Use After Free
HasMemberAllowed-with-ReviewB426Untrusted Search Path
HasMemberAllowedV457Use of Uninitialized Variable
HasMemberAllowedB464Addition of Data Structure Sentinel
HasMemberAllowedV467Use of sizeof() on a Pointer Type
HasMemberAllowedV486Comparison of Classes by Name
HasMemberAllowedV493Critical Public Variable Without Final Modifier
HasMemberAllowedV499Serializable Class Containing Sensitive Data
HasMemberAllowedV500Public Static Field Not Marked Final
HasMemberAllowedB515Covert Storage Channel
HasMemberAllowedC61UNIX Symbolic Link (Symlink) Following
HasMemberAllowedB639Authorization Bypass Through User-Controlled Key
HasMemberAllowed-with-ReviewB640Weak Password Recovery Mechanism for Forgotten Password
HasMemberAllowed-with-ReviewC642External Control of Critical State Data
HasMemberAllowedB643Improper Neutralization of Data within XPath Expressions ('XPath Injection')
HasMemberAllowedV644Improper Neutralization of HTTP Headers for Scripting Syntax
HasMemberAllowedB645Overly Restrictive Account Lockout Mechanism
HasMemberAllowedV646Reliance on File Name or Extension of Externally-Supplied File
HasMemberAllowedV647Use of Non-Canonical URL Paths for Authorization Decisions
HasMemberAllowedB649Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
HasMemberAllowedV650Trusting HTTP Permission Methods on the Server Side
HasMemberAllowedB652Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
HasMemberAllowedV67Improper Handling of Windows Device Names
HasMemberAllowedB676Use of Potentially Dangerous Function
HasMemberAllowedB681Incorrect Conversion between Numeric Types
HasMemberDiscouragedP682Incorrect Calculation
HasMemberAllowedB73External Control of File Name or Path
HasMemberAllowed-with-ReviewC732Incorrect Permission Assignment for Critical Resource
HasMemberDiscouragedC74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
HasMemberAllowedB76Improper Neutralization of Equivalent Special Elements
HasMemberAllowed-with-ReviewC77Improper Neutralization of Special Elements used in a Command ('Command Injection')
HasMemberAllowedB770Allocation of Resources Without Limits or Throttling
HasMemberAllowedB772Missing Release of Resource after Effective Lifetime
HasMemberAllowedB78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HasMemberAllowedV784Reliance on Cookies without Validation and Integrity Checking in a Security Decision
HasMemberAllowedB787Out-of-bounds Write
HasMemberAllowedB79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
HasMemberAllowedB798Use of Hard-coded Credentials
HasMemberAllowedV80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
HasMemberAllowedB805Buffer Access with Incorrect Length Value
HasMemberAllowedB807Reliance on Untrusted Inputs in a Security Decision
HasMemberAllowed-with-ReviewC862Missing Authorization
HasMemberAllowed-with-ReviewC863Incorrect Authorization
HasMemberAllowedB89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
HasMemberAllowedV98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
HasMemberAllowed-with-ReviewC99Improper Control of Resource Identifiers ('Resource Injection')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 116
Name: Improper Encoding or Escaping of Output
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 119
Name: Improper Restriction of Operations within the Bounds of a Memory Buffer
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 120
Name: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 121
Name: Stack-based Buffer Overflow
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 122
Name: Heap-based Buffer Overflow
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 123
Name: Write-what-where Condition
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 129
Name: Improper Validation of Array Index
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 131
Name: Incorrect Calculation of Buffer Size
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1333
Name: Inefficient Regular Expression Complexity
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 134
Name: Use of Externally-Controlled Format String
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 194
Name: Unexpected Sign Extension
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 20
Name: Improper Input Validation
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 200
Name: Exposure of Sensitive Information to an Unauthorized Actor
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 209
Name: Generation of Error Message Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 22
Name: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Nature: HasMember
Mapping: Discouraged
Type: Variant
ID: 234
Name: Failure to Handle Missing Parameter
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 242
Name: Use of Inherently Dangerous Function
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 243
Name: Creation of chroot Jail Without Changing Working Directory
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 256
Name: Plaintext Storage of a Password
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 257
Name: Storing Passwords in a Recoverable Format
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 258
Name: Empty Password in Configuration File
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 259
Name: Use of Hard-coded Password
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 268
Name: Privilege Chaining
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 271
Name: Privilege Dropping / Lowering Errors
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 285
Name: Improper Authorization
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 287
Name: Improper Authentication
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 291
Name: Reliance on IP Address for Authentication
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 293
Name: Using Referer Field for Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 294
Name: Authentication Bypass by Capture-replay
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 297
Name: Improper Validation of Certificate with Host Mismatch
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 306
Name: Missing Authentication for Critical Function
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 308
Name: Use of Single-factor Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 309
Name: Use of Password System for Primary Authentication
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 311
Name: Missing Encryption of Sensitive Data
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 319
Name: Cleartext Transmission of Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 321
Name: Use of Hard-coded Cryptographic Key
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 322
Name: Key Exchange without Entity Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 323
Name: Reusing a Nonce, Key Pair in Encryption
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 327
Name: Use of a Broken or Risky Cryptographic Algorithm
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 330
Name: Use of Insufficiently Random Values
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 360
Name: Trust of System Event Data
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 378
Name: Creation of Temporary File With Insecure Permissions
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 400
Name: Uncontrolled Resource Consumption
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 415
Name: Double Free
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 416
Name: Use After Free
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 426
Name: Untrusted Search Path
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 457
Name: Use of Uninitialized Variable
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 464
Name: Addition of Data Structure Sentinel
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 467
Name: Use of sizeof() on a Pointer Type
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 486
Name: Comparison of Classes by Name
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 493
Name: Critical Public Variable Without Final Modifier
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 499
Name: Serializable Class Containing Sensitive Data
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 500
Name: Public Static Field Not Marked Final
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 515
Name: Covert Storage Channel
Nature: HasMember
Mapping: Allowed
Type: Compound
ID: 61
Name: UNIX Symbolic Link (Symlink) Following
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 639
Name: Authorization Bypass Through User-Controlled Key
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 640
Name: Weak Password Recovery Mechanism for Forgotten Password
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 642
Name: External Control of Critical State Data
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 643
Name: Improper Neutralization of Data within XPath Expressions ('XPath Injection')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 644
Name: Improper Neutralization of HTTP Headers for Scripting Syntax
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 645
Name: Overly Restrictive Account Lockout Mechanism
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 646
Name: Reliance on File Name or Extension of Externally-Supplied File
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 647
Name: Use of Non-Canonical URL Paths for Authorization Decisions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 649
Name: Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 650
Name: Trusting HTTP Permission Methods on the Server Side
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 652
Name: Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 67
Name: Improper Handling of Windows Device Names
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 676
Name: Use of Potentially Dangerous Function
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 681
Name: Incorrect Conversion between Numeric Types
Nature: HasMember
Mapping: Discouraged
Type: Pillar
ID: 682
Name: Incorrect Calculation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 73
Name: External Control of File Name or Path
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 732
Name: Incorrect Permission Assignment for Critical Resource
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 74
Name: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 76
Name: Improper Neutralization of Equivalent Special Elements
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 77
Name: Improper Neutralization of Special Elements used in a Command ('Command Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 770
Name: Allocation of Resources Without Limits or Throttling
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 772
Name: Missing Release of Resource after Effective Lifetime
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 78
Name: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 784
Name: Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 787
Name: Out-of-bounds Write
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 79
Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 798
Name: Use of Hard-coded Credentials
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 80
Name: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 805
Name: Buffer Access with Incorrect Length Value
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 807
Name: Reliance on Untrusted Inputs in a Security Decision
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 862
Name: Missing Authorization
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 863
Name: Incorrect Authorization
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 89
Name: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 98
Name: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 99
Name: Improper Control of Resource Identifiers ('Resource Injection')
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:View
Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comments:

Use this View or other Views to search and navigate for the appropriate weakness.

▼Notes
▼Audience
StakeholderDescription
▼References
Expand AllCollapse All
BOSS-274 - High likelihood of exploit
Details not found