Types of Vulnerabilities - 2.3

Application

Memory Injection
Buffer Overflow
Race Conditions: multiple applications accessing and modifying shared data at the same time.
- Time-of-Check (TOC)
- Time-of-use (TOU)
Malicious updates

Structured Query Language Injection (SQLi)
Cross-Site-Scripting (XSS)
- Code injection where malicious scripts are injected into trusted websites OWASP

Firmware
- Software that is embedded directly into hardware devices
- Provides low-level control needed for hardware to function properly, acting as the intermediary between hardware and higher level OS.
End-of-Life
- EOL: A product no longer sold, but may have security updates for x period of time remaining, but the product is nearing its complete end
- EOSL: A product that is no longer sold or supported. It receives no security updates and software support and is considered vulnerable.
Legacy

Virtual machine (VM) escape
Resource reuse: Issue with hypervisor resource allocation that can result is separate VM having access to other VM resources.

Incorrect access settings, sometimes default access settings, that allow access to application / servers where that access should be restricted.
Use of insecure protocols (HTTP, SMPT, IMAP, etc) over secure, cryptographic/encrypted, protocols (HTTPS, IMAPS, SSH, etc).
- Worth noting that the additional 'S' in some of these methods reference that a protocols is "Secure".

Jailbreaking/Rooting: Replacing a phones existing firmware and replacing the OS
Side Loading: Installing apps from non-approved company sources
Both examples show how employees can bypass security standards set by organizations, getting around MDM (Mobile Device Manager) setups.

An unknown vulnerability exploited by an attacker. Since the vulnerability was unknown, no patch or mitigating fix is available.
The term zero-day is a more generalized term to describe attacks without a know patch or solution.