Vulnerabilities terms

60 terms

• Vulnerability

  A weakness in a system, application, or process that an attacker can exploit to violate confidentiality, integrity, or availability.

• CVE (Common Vulnerabilities and Exposures)

  A public catalogue that assigns a unique identifier to each disclosed software or hardware vulnerability so they can be referenced unambiguously across the industry.

• CWE (Common Weakness Enumeration)

  A community-developed taxonomy of software and hardware weakness types — the underlying flaw classes that lead to vulnerabilities.

• CVSS (Common Vulnerability Scoring System)

  An open framework, maintained by FIRST, that produces a 0–10 severity score for a vulnerability based on its exploitation characteristics and impact.

• EPSS (Exploit Prediction Scoring System)

  A data-driven model, maintained by FIRST, that estimates the probability a given CVE will be exploited in the wild within the next 30 days.

• Known Exploited Vulnerability (KEV)

  A CVE that the U.S. CISA confirms is being actively exploited and adds to its public KEV Catalog, triggering remediation deadlines for U.S. federal agencies.

• Zero-Day Vulnerability

  A security flaw that is unknown to the vendor (or for which no patch yet exists) at the moment it is discovered or exploited.

• N-Day Vulnerability

  A publicly disclosed vulnerability for which a patch already exists, but which remains exploitable on systems that have not yet been updated.

• Exploit

  A piece of code, data, or technique that takes advantage of a vulnerability to cause unintended behaviour such as code execution, privilege escalation, or information disclosure.

• Zero-Day Exploit

  Working exploit code for a vulnerability that the vendor does not yet know about, or for which no patch is available — extremely valuable to attackers.

• Weaponized Exploit

  A reliable, fully developed exploit ready for real-world use — typically integrated into malware, intrusion frameworks, or attacker tradecraft.

• Proof-of-Concept Exploit

  A minimal, often non-weaponized piece of code that demonstrates a vulnerability is real and exploitable, typically published for research or coordinated disclosure.

• Buffer Overflow

  A memory-safety flaw where a program writes past the end of an allocated buffer, corrupting adjacent memory and often enabling code execution.

• Stack Overflow Vulnerability

  A buffer overflow that occurs on the program stack, typically overwriting the saved return address or local function pointers to redirect execution.

• Heap Overflow

  A buffer overflow that occurs in dynamically allocated memory, often corrupting allocator metadata, function pointers, or object virtual tables.

• Integer Overflow

  A bug where an arithmetic operation produces a value outside the representable range of its integer type, wrapping or truncating in security-critical ways.

• Format String Vulnerability

  A flaw caused by passing user-controlled input as the format string of printf-like functions, allowing attackers to read or write arbitrary memory.

• Use-After-Free

  A memory-safety bug where a program continues to use memory after it has been freed, often allowing attackers to control object state and hijack execution.

• Double Free

  A memory-safety bug where the same heap chunk is freed twice, corrupting allocator metadata and often enabling arbitrary code execution.

• Race Condition

  A defect where the security or correctness of a system depends on the timing or ordering of concurrent operations, allowing attackers to interleave actions and bypass checks.

• TOCTOU Vulnerability

  A time-of-check to time-of-use race condition where the state checked by a security decision is changed before the corresponding action is performed.

• Null Pointer Dereference

  A bug in which a program reads or writes through a pointer whose value is null (or otherwise invalid), typically causing a crash and sometimes enabling exploitation.

• Memory Corruption

  An umbrella term for vulnerabilities where a program writes outside the bounds of intended memory, undermining type-safety, control flow, or data integrity.

• Memory Leak

  A defect where memory that is no longer needed is not released back to the allocator, gradually exhausting available memory and degrading or crashing the system.

• Side-Channel Attack

  An attack that recovers secrets from a system by observing physical or implementation characteristics — timing, power, electromagnetic emissions, caches, acoustic signals — rather than logical flaws.

• Timing Attack

  A side-channel attack that recovers secret information by measuring how long an operation takes under different inputs.

• Spectre

  A family of microarchitectural attacks that abuse CPU speculative execution to leak data across security boundaries via cache-based side channels.

• Meltdown

  A microarchitectural vulnerability (CVE-2017-5754) that lets unprivileged code read kernel memory by exploiting out-of-order execution and a delayed permission check.

• Rowhammer

  A hardware vulnerability in DRAM where repeatedly activating one memory row causes bit flips in physically adjacent rows, undermining memory integrity.

• Cold Boot Attack

  A physical attack that recovers cryptographic keys and other secrets from RAM by rapidly powering off and re-reading the volatile memory before its contents fully decay.

• Fault Injection

  A class of physical or logical attacks that deliberately induce abnormal conditions in hardware or software to bypass security checks or leak secrets.

• Hardware Trojan

  A malicious modification of an integrated circuit, inserted during design or fabrication, that triggers covert behaviour such as data leakage or denial of service.

• Privilege Escalation

  A class of vulnerabilities that lets an attacker gain rights beyond those originally granted, such as moving from a normal user to administrator.

• Vertical Privilege Escalation

  A flaw that lets a low-privileged user obtain higher-privileged rights — typically administrator, root, or SYSTEM.

• Horizontal Privilege Escalation

  A flaw that lets a user access resources or actions of another user with the same privilege level rather than gaining higher rights.

• Broken Authentication

  A category of vulnerabilities where flaws in authentication or session management let attackers impersonate legitimate users or take over accounts.

• Broken Access Control

  A class of vulnerabilities where authorization rules are missing or incorrectly enforced, letting users perform actions or reach data outside their privileges.

• Insecure Direct Object Reference (IDOR)

  An access-control flaw where an application exposes references to internal objects and lets a user change them to access data that does not belong to them.

• Mass Assignment

  A vulnerability where an application blindly binds client-supplied request fields to internal object properties, letting attackers set fields they should not control.

• Parameter Tampering

  An attack in which an adversary modifies parameters in HTTP requests, cookies, or hidden form fields to manipulate application behaviour.

• HTTP Response Splitting

  An injection vulnerability where untrusted CR/LF characters in user input force the server to emit additional, attacker-controlled HTTP responses.

• HTTP Request Smuggling

  An attack that exploits disagreements between a front-end proxy and a back-end server on how an HTTP request ends, so an attacker can sneak a hidden second request through.

• HTTP Desync Attack

  A modern form of HTTP request smuggling that desynchronises a chain of proxies and servers to inject malicious traffic into other users' connections.

• Cache Poisoning

  An attack that stores a malicious response in a shared cache so that other users later receive the attacker's content.

• Web Cache Deception

  An attack where a malicious URL tricks an intermediary cache into storing a victim's authenticated, sensitive response under a publicly cacheable path.

• Host Header Injection

  A vulnerability where an application trusts the HTTP Host (or X-Forwarded-Host) header to build URLs, allowing attackers to redirect users or poison caches.

• Prototype Pollution

  A JavaScript vulnerability where untrusted input modifies Object.prototype, injecting properties into every object and changing application behaviour or leading to RCE.

• Insecure Deserialization

  A vulnerability where an application deserialises untrusted data, letting attackers instantiate arbitrary objects and frequently achieve remote code execution.

• Log4Shell (CVE-2021-44228)

  A critical December 2021 remote code execution vulnerability in Apache Log4j 2 that allowed attackers to run arbitrary code by logging a single JNDI lookup string.

• Heartbleed (CVE-2014-0160)

  A 2014 buffer over-read in OpenSSL's TLS heartbeat extension that let attackers read up to 64 KB of process memory per request, leaking keys, sessions, and passwords.

• Shellshock (CVE-2014-6271)

  A 2014 GNU Bash vulnerability that let attackers run arbitrary commands by setting specially crafted environment variables passed to Bash through other programs.

• EternalBlue (CVE-2017-0144)

  An NSA-developed exploit for a 2017 Microsoft SMBv1 remote code execution vulnerability, leaked by the Shadow Brokers and used by WannaCry and NotPetya.

• PrintNightmare (CVE-2021-34527)

  A 2021 Windows Print Spooler vulnerability that let a low-privileged user install a malicious print driver and execute code with SYSTEM privileges.

• Spring4Shell

  Spring4Shell — definition coming soon.

• ProxyShell

  ProxyShell — definition coming soon.

• ProxyLogon

  ProxyLogon — definition coming soon.

• Dirty COW

  Dirty COW — definition coming soon.

• GHOST Vulnerability

  GHOST Vulnerability — definition coming soon.

• POODLE Attack

  POODLE Attack — definition coming soon.

• DROWN Attack

  DROWN Attack — definition coming soon.