angler-fish The Vulnerability History Project

Tags

Tags are one of the main ways we use organize vulnerabilities in VHP. Tags can be gathered automatically, or manually, or with a combination of both. Here are a few different types of tags below.

Lesson tags are about broader lessons that can be learned from that vulnerability. These are security principles and engineering pitfalls that we believe should be taught to all software engineers.

Discovered tags are about how the vulnerability was originally found.

Lifetime tags indicate how long we believe the vulnerability remained in the system.

CWE, or Common Weakness Enumeration, tags are manually assigned by curators to describe the particular type of vulnerability.

Subsystem tags are the curators' best efforts at determining what part of the system this vulnerability affected .

Project tags are the case study the vulnerability is from.

Language tags are what type of source code was fixed.

Severity tags are based on the NVD's CVSS.

CWE-732: Incorrect Permission Assignment for Critical Resource Lesson: Frameworks are Optional systemd subsystem: resolve CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer Lesson: Least Privilege CWE-703: Improper Check or Handling of Exceptional Conditions CWE-290: Authentication Bypass by Spoofing systemd subsystem: core Lesson: Environment Variables CWE-749: Exposed Dangerous Method or Function Lesson: Lacked Test Chromium subsystem: omnibox Chromium subsystem: navigation Lesson: Defense in Depth CWE-754: Improper Check for Unusual or Exceptional Conditions Tomcat subsystem: manager Big Fix CWE-667: Improper Locking Language: Python Discovered Manually CWE-476: NULL Pointer Dereference CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages CWE-451: User Interface (UI) Misrepresentation of Critical Information Severity: Attack Vector - Local CWE-789: Memory Allocation with Excessive Size Value CWE-358: Improperly Implemented Security Check for Standard CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-252: Unchecked Return Value Specification Known Origin (VCC) Django subsystem: backends CWE-361: 7PK - Time and State CWE-400: Uncontrolled Resource Consumption Chromium subsystem: speech Severity: Privileges Required - Low Language: C++ Chromium subsystem: media CWE-824: Access of Uninitialized Pointer Lesson: Reverting Codebase CWE-193: Off-by-one Error CWE-126: Buffer Over-read Lifetime: 2 to 5 years CWE-352: Cross-Site Request Forgery (CSRF) CWE-189: Numeric Errors Lifetime: 30 to 90 days CWE-285: Improper Authorization CWE-668: Exposure of Resource to Wrong Sphere Severity: Integrity Impact - High Project: Struts Chromium subsystem: renderer_host CWE-908: Use of Uninitialized Resource CWE-303: Incorrect Implementation of Authentication Algorithm CWE-183: Permissive List of Allowed Inputs Chromium subsystem: openjpeg Struts subsystem: plugins Dependency Issue Chromium subsystem: chrome Linux Kernel subsystem: usb Django subsystem: auth Lesson: Too Many Cooks Chromium subsystem: frame Severity: Integrity Impact - Complete CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax CWE-159: Improper Handling of Invalid Use of Special Elements Project: Linux Kernel CWE-281: Improper Preservation of Permissions CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences CWE-266: Incorrect Privilege Assignment CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Chromium subsystem: webgl Project: systemd CWE-664: Improper Control of a Resource Through its Lifetime systemd subsystem: journald CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') CWE-426: Untrusted Search Path systemd subsystem: vconsole CWE-401: Missing Release of Memory after Effective Lifetime CWE-770: Allocation of Resources Without Limits or Throttling CWE-20: Improper Input Validation Tomcat subsystem: authenticator Linux Kernel subsystem: scsi Chromium subsystem: serviceworker CWE-125: Out-of-bounds Read Django subsystem: files Severity: Attack Vector - Physical Chromium subsystem: pdfium Chromium subsystem: autofill Lesson: Security By Obscurity CWE-203: Observable Discrepancy CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Django subsystem: models CWE-294: Authentication Bypass by Capture-replay CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') i18n Tomcat subsystem: catalina Tomcat subsystem: coyote Chromium subsystem: sfntly CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Lifetime: 5+ years Lesson: Secure By Default Lifetime: 1 to 2 years Django subsystem: forms systemd subsystem: polkit Struts subsystem: dispatcher FFmpeg subsystem: avfilter Project: Django Lesson: Complex Inputs CWE-601: URL Redirection to Untrusted Site ('Open Redirect') Severity: Attack Vector - Adjacent Network Chromium subsystem: video Chromium subsystem: translate CWE-94: Improper Control of Generation of Code ('Code Injection') Chromium subsystem: browser CWE-295: Improper Certificate Validation Lesson: Code Refactors Chromium subsystem: blink svg Severity: Availability Impact - High Severity: Privileges Required - High Chromium subsystem: ui CWE-697: Incorrect Comparison CWE-787: Out-of-bounds Write Severity: Confidentiality Impact - Complete CWE-909: Missing Initialization of Resource CWE-347: Improper Verification of Cryptographic Signature Chromium subsystem: workers Linux Kernel subsystem: drivers Chromium subsystem: gpu CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') Project: Tomcat HTTPD subsystem: proxy Struts subsystem: mapper Chromium subsystem: third_party Struts subsystem: rest HTTPD subsystem: ssl Chromium subsystem: web_contents Linux Kernel subsystem: svm Lesson: Serial Killer Chromium subsystem: parser Linux Kernel subsystem: lib HTTPD subsystem: dav Chromium subsystem: audio Chromium subsystem: clipboard CWE-359: Exposure of Private Personal Information to an Unauthorized Actor HTTPD subsystem: server CWE-276: Incorrect Default Permissions Not Auto Discoverable CWE-416: Use After Free Django subsystem: urls CWE-606: Unchecked Input for Loop Condition CWE-354: Improper Validation of Integrity Check Value Sandbox CWE-415: Double Free Chromium subsystem: extensions Chromium subsystem: cc Lesson: Distrust Input Severity: Availability Impact - Complete Discovered Automatically Django subsystem: xml_parsers Project: FFmpeg Bounty Awarded Chromium subsystem: ffmpeg Severity: Privileges Required - None Chromium subsystem: base HTTPD subsystem: cache Severity: Availability Impact - Low CWE-122: Heap-based Buffer Overflow systemd subsystem: shared Discovered in Contest CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-502: Deserialization of Untrusted Data Django subsystem: admin Chromium subsystem: ssl Chromium subsystem: safebrowsing Linux Kernel subsystem: fs HTTPD subsystem: modules Chromium subsystem: plugins CWE-763: Release of Invalid Pointer or Reference CWE-384: Session Fixation Django subsystem: contrib CWE-653: Improper Isolation or Compartmentalization Django subsystem: authentication Severity: Integrity Impact - Partial Discovered Externally CWE-345: Insufficient Verification of Data Authenticity HTTPD subsystem: http2 Linux Kernel subsystem: arch Linux Kernel subsystem: bluetooth HTTPD subsystem: authentication and authorization CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Lesson: Fix Untested Chromium subsystem: appcache CWE-287: Improper Authentication CWE-825: Expired Pointer Dereference Lesson: You Ain't Gonna Need It Severity: User Interaction - Required CWE-641: Improper Restriction of Names for Files and Other Resources CWE-16: Configuration Severity: Scope - Unchanged Chromium subsystem: content Chromium subsystem: tab_contents CWE-310: Cryptographic Issues CWE-680: Integer Overflow to Buffer Overflow Chromium subsystem: internals CWE-255: Credentials Management Errors CWE-200: Exposure of Sensitive Information to an Unauthorized Actor Severity: Attack Complexity - Medium HTTPD subsystem: loggers Severity: Confidentiality Impact - Low CWE-791: Incomplete Filtering of Special Elements CWE-250: Execution with Unnecessary Privileges Lifetime: Less than 30 days FFmpeg subsystem: avformat Struts subsystem: ognl Django subsystem: views Small Fix CWE-185: Incorrect Regular Expression Tomcat subsystem: connector Chromium subsystem: blink Chromium subsystem: websockets CWE-707: Improper Neutralization Django subsystem: middleware Severity: Attack Complexity - Low CWE-862: Missing Authorization CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') Severity: Integrity Impact - Low Chromium subsystem: harfbuzz CWE-755: Improper Handling of Exceptional Conditions HTTPD subsystem: core Severity: Privileges Required - Low Stacktrace Linux Kernel subsystem: kvm CWE-209: Generation of Error Message Containing Sensitive Information Django subsystem: http Chromium subsystem: libxml Chromium subsystem: v8 Severity: Attack Complexity - High Project: Chromium CWE-1284: Improper Validation of Specified Quantity in Input Chromium subsystem: pdf Lifetime: 90 to 180 days Severity: Confidentiality Impact - High CWE-190: Integer Overflow or Wraparound Severity: Scope - Changed CWE-284: Improper Access Control Chromium subsystem: views Lesson: Changing Owners CWE-682: Incorrect Calculation Team Discussed Lifetime: 180 days to 1 year FFmpeg subsystem: libavcodec Chromium subsystem: downloads Chromium subsystem: devtools Language: Javascript CWE-121: Stack-based Buffer Overflow Django subsystem: utils CWE-456: Missing Initialization of a Variable CWE-399: Resource Management Errors Chromium subsystem: webdata CWE-863: Incorrect Authorization Stacktrace with Fix Chromium subsystem: common Chromium subsystem: permissions Severity: Availability Impact - Partial Discovered Internally Chromium subsystem: renderer CWE-19: Data Processing Errors CWE-CWE-ID: Name Chromium subsystem: storage Severity: Privileges Required - None Tomcat subsystem: http2 systemd subsystem: systemd-journald Chromium subsystem: dom Language: Java Vouch CWE-129: Improper Validation of Array Index Tomcat subsystem: startup CWE-23: Relative Path Traversal FFmpeg subsystem: avcodec CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition Struts subsystem: validator Linux Kernel subsystem: sctp Severity: Confidentiality Impact - Partial Util CWE-434: Unrestricted Upload of File with Dangerous Type CWE-269: Improper Privilege Management Chromium subsystem: svg Chromium subsystem: webkit CWE-457: Use of Uninitialized Variable Chromium subsystem: CWE-459: Incomplete Cleanup CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Struts subsystem: resources Forgotten Check Severity: Attack Vector - Network CWE-834: Excessive Iteration CWE-681: Incorrect Conversion between Numeric Types CWE-319: Cleartext Transmission of Sensitive Information Chromium subsystem: network CWE-617: Reachable Assertion CWE-366: Race Condition within a Thread Team Discussed if Security Linux Kernel subsystem: net Tomcat subsystem: http11 CWE-488: Exposure of Data Element to Wrong Session Linux Kernel subsystem: bpf systemd subsystem: basic Chromium subsystem: skia Chromium subsystem: webcore CWE-704: Incorrect Type Conversion or Cast Lesson: Native Wrappers CWE-279: Incorrect Execution-Assigned Permissions Project: HTTPD Struts subsystem: interceptor Linux Kernel subsystem: crypto Language: C CWE-330: Use of Insufficiently Random Values CWE-297: Improper Validation of Certificate with Host Mismatch CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Tomcat subsystem: core Chromium subsystem: net Linux Kernel subsystem: btrfs systemd subsystem: dbus Django subsystem: sessions CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-267: Privilege Defined With Unsafe Actions Severity: User Interaction - None CWE-201: Insertion of Sensitive Information Into Sent Data CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-346: Origin Validation Error CWE-131: Incorrect Calculation of Buffer Size CWE-254: 7PK - Security Features CWE-665: Improper Initialization CWE-184: Incomplete List of Disallowed Inputs CWE-807: Reliance on Untrusted Inputs in a Security Decision CWE-311: Missing Encryption of Sensitive Data Order of Operations Struts subsystem: xwork2 Struts subsystem: xwork-core HTTPD subsystem: http Linux Kernel subsystem: mm CWE-264: Permissions, Privileges, and Access Controls CWE-404: Improper Resource Shutdown or Release CWE-116: Improper Encoding or Escaping of Output

Tags are sized by the number of times they have been applied. Tags with zero or one vulnerability are not shown.

What is a VCC?

A **Vulnerability-Contributing Commit** is the change to source code that is likely the origin of a vulnerability. Finding a VCC is our attempt at finding the original mistake that was made... and missed... that led to a vulnerability. Full Article

Let's Just Undo That

A revert is when a commit is reversed, indicating that developers have decided to roll back changes that were originally approved and integrated into the system. Full Article

Beware of complex inputs

Don't just think about code complexity, think about *input* complexity. Full Article

Bad things happen when integers wrap around

Loop counters, file sizes, malloc arguments, session tokens, primary keys... numbers are everywhere in our code. What happens when our numbers get very, _very_ big? Integer overflow, or wraparound, is much more dangerous than it seems. Full Article
vertical_align_top