• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security

The Top Three Most Dangerous Software Vulnerabilities

Mitre released its annual list of the most dangerous software vulnerabilities for developers and users alike to be aware of and patch ASAP.

July 23, 2021 Alyssa Borelli Leave a Comment

SBOMs
maciek905/stock.adobe.com

Mitre shared its findings of the most dangerous software vulnerabilities using its Common Weakness Enumeration (CWE) scale, a community developed list of software and hardware weakness types. The list details the common vulnerabilities which can give cybercriminals the ability to access machines to steal data or even cause crashes.

The team leveraged Common Vulnerabilities and Exposures (CVE®) data found within the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), as well as the Common Vulnerability Scoring System (CVSS) scores associated with each CVE record. A formula was applied to the data to score each weakness based on prevalence and severity.

Related: Microsoft Warns Of Another Print Spooler Vuln

The top three common weakness are the following:

1. Out of bounds Write

Topping the most dangerous software vulnerability list is CWE-78: Out of bounds Write.

According to Mitre, “The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.”

2. Improper Neutralization of Input During Web Page Generation (‘Cross site Scripting’)

Coming in second place is improper neutralization of input during web page generation or cross-site scripting (XSS). Mitre says, “The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. These vulnerabilities occur most often when untrusted data enters a web application, typically from a web request.”

3. Out of Bounds Read

The software reads data past the end, or before the beginning, of the intended buffer.  This can allow attackers to read sensitive information from other memory locations or cause a crash.

A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string.

The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow.

The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent read operation then produces undefined or unexpected results.

Patch Those Software Vulnerabilities

Developers, testers, users, project managers, security researchers, and even educators should check their network systems for the most severe and current security weaknesses. Applying security patches is one of the key things organizations can do to protect their networks.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: software vulnerabilities

Related Content:

  • Cloud, SASE, Aryaka How the Cloud is Redefining Media Production and…
  • Software License Spending, SaaS, cloud apps Your Guide to Choosing the Best Cloud Security…
  • IT Budget 2025 Budgeting Tips for IT Pros/CIOs in 2025
  • A close-up of a technician’s hands typing and navigating through troubleshooting steps on a computer in a well-lit office. , natural light, soft shadows, with copy space Five Ways to Reduce Desktop Support Troubleshooting Time

Free downloadable guide you may like:

  • Practical Design Guide for Office SpacesPractical Design Guide for Office Spaces

    Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-face time with co-workers. When designing the office spaces — and meeting spaces in particular — enabling that connection between co-workers is crucial. But introducing the right collaboration technology in meeting spaces can […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.