Impact Associated with Types of Vulnerabilities
Race Conditions
A race condition attack happens when a computing system that's designed to handle tasks in a specific sequence is forced to perform two or more operations simultaneously. -veracode.com
End-of-Life System
With End-of-Life technology, patches, bug fixes and security upgrades automatically stop. As a result, your product security is essentially at a dead halt. -abcservices.com
Embedded Systems
An embedded system is a computer system with a dedicated function within a larger mechanical or electrical system. Embedded systems are vulnerable to a range of abuses that can aim at stealing private information, draining the power supply, destroying the system, or hijacking the system for other than its intended purpose. -iosrjournals.org
Lack of Vendor Support
This term is typically used along side End-of-Life systems. When a product is EoL vendors stop providing support and patches which leaves your system vulnerable. Vendors will often stop providing support and EoL a device to push customers to buy a new version.
Improper Input Handling
Improper Input Handling is the term used to describe functions such as validation, sanitization, filtering, or encoding and/or decoding of input data. Improper Input Handling is a leading cause of critical vulnerabilities that exist in today's systems and applications. -whitehatsec.com
Improper Error Handling
Improper error handling results when security mechanisms fail to deny access until it's specifically granted. This may occur as a result of a mismatch in policy and coding practice. It may also result from code that lacks appropriate error handling logic. For example, a system may grant access until it's denied. -veracode.com
Misconfiguration/Weak Configuration
An incorrect or subobtimal configuration of an information system or system component that may lead to vulnerabilities. -NIST.gov
Default Configuration
According to the principle of default configuration, controls should default to the most secure condition. Modifications to the strength of a control should require a formal acceptance of the associated risk. Therefore, a less secure configuration is an unacceptable default for any control. -sciencedirect.com
Resource Exhaustion
Resource exhaustion is a simple denial of service condition that happens when the resources required to execute an action are entirely expended, preventing that action from occurring. The most common outcome of resource exhaustion is denial of service. -cybrary.it
Untrained Users
With out proper commitment to training, your employees will do more harm to your reputation than a horde of hackers. As famed hacker Kevin Mitnik observed recently, "You can have the best technology, firewalls, intrusion-detection systems, biometric devices. All it takes is a call to an unsuspecting employee, and that's all she wrote, baby. They got everything." -techtarget.com
Improperly Configured Accounts
More likely a process rather than technical issue, improperly configured accounts can give users much higher access privileges than their jobs require. Problems can also result when accounts aren’t reconfigured after a user changes roles, or aren’t deleted at all. -infosecinstitute.com
Vulnerable Business Processes
Business processes that have not been secured properly.
Weak Cipher Suits and Implementations
A weak cipher is defined as an encryption/decryption algorithm that uses a key of insufficient length. -electricenergyonline.com
Memory/Buffer Vulnerabilities
Memory Leak
A failure in a program to release discarded memory, causing impaired performance or failure. -dictionary
Integer Overflow
Integer overflow is the result of trying to place into computer memory an integer (whole number) that is too large for the integer data type in a given system. -techtarget.com
Buffer Overflow
A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. Adversaries exploit such a condition to crash a system or to insert specially crafted code that allows them to gain control of the system. -NIST.gov
Pointer Dereference
Lorem ipsum dolor sit amet consectetur adipiscing elit dolor
DLL Injection
A technique used for running code within the address space of another process by forcing it to load a dynamic-link library. -wikipedia.org
System Sprawl/ Undocumented Assets
System sprawl refers to the expansion of systems over time where the growth exceeds the documentation and understanding. Undocumented assets are parts of the system that aren't documented or otherwise known by the whole team. -Jaimelightfoot.com
Architecture/ Design Weaknesses
Software design weaknesses such as misunderstanding architecturally significant requirements, poor architectural implementation, violation of design principles in the source code and degradations of the security architecture. Weaknesses in the architecture of a software system can have a greater impact on various security concerns in the system and, as a result, give more space and flexibility for malicious users. -G. McGraw. Software security: building security in, volume 1. AddisonWesley Professional, 2006.
New Threats/Zero Day
A computer-software vulnerability that is unknown to, or unaddressed by, those who should be interested in mitigating the vulnerability. -wikipedia.org
Improper Certificate
Lorem ipsum dolor sit amet consectetur adipiscing elit dolor
Key Management
The activities involving the handling of cryptographic keys and other related security parameters (e.g. passwords) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output, and destruction. -NIST.gov