Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE VIEW:Medium likelihood of exploit
ID:BOSS-273
Vulnerability Mapping:Prohibited
Type:Implicit
Status:Draft
DetailsContent HistoryObserved CVE ExamplesReports
▼Objective

This view displays only Medium likelihood of exploit weaknesses.

▼Memberships
NatureMappingTypeIDName
HasMemberAllowedV1004Sensitive Cookie Without 'HttpOnly' Flag
HasMemberAllowedB1007Insufficient Visual Distinction of Homoglyphs Presented to User
HasMemberAllowedV1022Use of Web Link to Untrusted Target with window.opener Access
HasMemberAllowedB117Improper Output Neutralization for Logs
HasMemberAllowedB124Buffer Underwrite ('Buffer Underflow')
HasMemberAllowedV1275Sensitive Cookie with Improper SameSite Attribute
HasMemberAllowedB128Wrap-around Error
HasMemberAllowedB170Improper Null Termination
HasMemberAllowedB190Integer Overflow or Wraparound
HasMemberAllowedV192Integer Coercion Error
HasMemberAllowedV196Unsigned to Signed Conversion Error
HasMemberAllowedB202Exposure of Sensitive Information Through Data Queries
HasMemberAllowedB250Execution with Unnecessary Privileges
HasMemberDiscouragedC269Improper Privilege Management
HasMemberAllowedB273Improper Check for Dropped Privileges
HasMemberAllowedB276Incorrect Default Permissions
HasMemberAllowedB299Improper Check for Certificate Revocation
HasMemberAllowedB301Reflection Attack in an Authentication Protocol
HasMemberAllowedV329Generation of Predictable IV with CBC Mode
HasMemberAllowedV332Insufficient Entropy in PRNG
HasMemberAllowedB338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
HasMemberAllowedC352Cross-Site Request Forgery (CSRF)
HasMemberAllowedB353Missing Support for Integrity Check
HasMemberAllowedB354Improper Validation of Integrity Check Value
HasMemberAllowed-with-ReviewC362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HasMemberAllowedB364Signal Handler Race Condition
HasMemberAllowedB366Race Condition within a Thread
HasMemberAllowedB367Time-of-check Time-of-use (TOCTOU) Race Condition
HasMemberAllowedB369Divide By Zero
HasMemberAllowedV370Missing Check for Certificate Revocation after Initial Check
HasMemberAllowedB374Passing Mutable Objects to an Untrusted Method
HasMemberAllowedB375Returning a Mutable Object to an Untrusted Caller
HasMemberAllowedB385Covert Timing Channel
HasMemberAllowedB390Detection of Error Condition Without Action
HasMemberProhibitedB391Unchecked Error Condition
HasMemberAllowedV401Missing Release of Memory after Effective Lifetime
HasMemberAllowed-with-ReviewC404Improper Resource Shutdown or Release
HasMemberAllowedB434Unrestricted Upload of File with Dangerous Type
HasMemberAllowedB460Improper Cleanup on Thrown Exception
HasMemberAllowedB468Incorrect Pointer Scaling
HasMemberAllowedB469Use of Pointer Subtraction to Determine Size
HasMemberAllowedB476NULL Pointer Dereference
HasMemberAllowedB484Omitted Break Statement in Switch
HasMemberAllowedB487Reliance on Package-level Scope
HasMemberAllowedV492Use of Inner Class Containing Sensitive Data
HasMemberAllowedB494Download of Code Without Integrity Check
HasMemberAllowedV498Cloneable Class Containing Sensitive Information
HasMemberAllowedB502Deserialization of Untrusted Data
HasMemberAllowedB532Insertion of Sensitive Information into Log File
HasMemberAllowedB59Improper Link Resolution Before File Access ('Link Following')
HasMemberAllowed-with-ReviewC602Client-Side Enforcement of Server-Side Security
HasMemberDiscouragedC665Improper Initialization
HasMemberAllowed-with-ReviewC754Improper Check for Unusual or Exceptional Conditions
HasMemberDiscouragedC755Improper Handling of Exceptional Conditions
HasMemberAllowedB771Missing Reference to Active Allocated Resource
HasMemberAllowedB776Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
HasMemberAllowedV777Regular Expression without Anchors
HasMemberAllowedB778Insufficient Logging
HasMemberAllowedV780Use of RSA Algorithm without OAEP
HasMemberAllowedB908Use of Uninitialized Resource
HasMemberAllowed-with-ReviewC909Missing Initialization of Resource
HasMemberAllowedB910Use of Expired File Descriptor
HasMemberAllowedB911Improper Update of Reference Count
HasMemberAllowed-with-ReviewB94Improper Control of Generation of Code ('Code Injection')
HasMemberAllowedV95Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 1004
Name: Sensitive Cookie Without 'HttpOnly' Flag
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1007
Name: Insufficient Visual Distinction of Homoglyphs Presented to User
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 1022
Name: Use of Web Link to Untrusted Target with window.opener Access
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 117
Name: Improper Output Neutralization for Logs
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 124
Name: Buffer Underwrite ('Buffer Underflow')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 1275
Name: Sensitive Cookie with Improper SameSite Attribute
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 128
Name: Wrap-around Error
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 170
Name: Improper Null Termination
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 190
Name: Integer Overflow or Wraparound
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 192
Name: Integer Coercion Error
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 196
Name: Unsigned to Signed Conversion Error
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 202
Name: Exposure of Sensitive Information Through Data Queries
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 250
Name: Execution with Unnecessary Privileges
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 269
Name: Improper Privilege Management
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 273
Name: Improper Check for Dropped Privileges
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 276
Name: Incorrect Default Permissions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 299
Name: Improper Check for Certificate Revocation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 301
Name: Reflection Attack in an Authentication Protocol
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 329
Name: Generation of Predictable IV with CBC Mode
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 332
Name: Insufficient Entropy in PRNG
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 338
Name: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Nature: HasMember
Mapping: Allowed
Type: Compound
ID: 352
Name: Cross-Site Request Forgery (CSRF)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 353
Name: Missing Support for Integrity Check
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 354
Name: Improper Validation of Integrity Check Value
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 362
Name: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 364
Name: Signal Handler Race Condition
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 366
Name: Race Condition within a Thread
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 367
Name: Time-of-check Time-of-use (TOCTOU) Race Condition
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 369
Name: Divide By Zero
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 370
Name: Missing Check for Certificate Revocation after Initial Check
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 374
Name: Passing Mutable Objects to an Untrusted Method
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 375
Name: Returning a Mutable Object to an Untrusted Caller
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 385
Name: Covert Timing Channel
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 390
Name: Detection of Error Condition Without Action
Nature: HasMember
Mapping: Prohibited
Type: Base
ID: 391
Name: Unchecked Error Condition
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 401
Name: Missing Release of Memory after Effective Lifetime
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 404
Name: Improper Resource Shutdown or Release
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 434
Name: Unrestricted Upload of File with Dangerous Type
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 460
Name: Improper Cleanup on Thrown Exception
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 468
Name: Incorrect Pointer Scaling
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 469
Name: Use of Pointer Subtraction to Determine Size
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 476
Name: NULL Pointer Dereference
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 484
Name: Omitted Break Statement in Switch
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 487
Name: Reliance on Package-level Scope
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 492
Name: Use of Inner Class Containing Sensitive Data
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 494
Name: Download of Code Without Integrity Check
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 498
Name: Cloneable Class Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 502
Name: Deserialization of Untrusted Data
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 532
Name: Insertion of Sensitive Information into Log File
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 59
Name: Improper Link Resolution Before File Access ('Link Following')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 602
Name: Client-Side Enforcement of Server-Side Security
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 665
Name: Improper Initialization
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 754
Name: Improper Check for Unusual or Exceptional Conditions
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 755
Name: Improper Handling of Exceptional Conditions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 771
Name: Missing Reference to Active Allocated Resource
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 776
Name: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 777
Name: Regular Expression without Anchors
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 778
Name: Insufficient Logging
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 780
Name: Use of RSA Algorithm without OAEP
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 908
Name: Use of Uninitialized Resource
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 909
Name: Missing Initialization of Resource
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 910
Name: Use of Expired File Descriptor
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 911
Name: Improper Update of Reference Count
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 94
Name: Improper Control of Generation of Code ('Code Injection')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 95
Name: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:View
Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comments:

Use this View or other Views to search and navigate for the appropriate weakness.

▼Notes
▼Audience
StakeholderDescription
▼References
Expand AllCollapse All
BOSS-273 - Medium likelihood of exploit
Details not found