There are three main classes of vulnerability by which the distinction for the types of flaws (local and remote) can be made. These classes are generally divided into design, implementation, and operational categories:
Design vulnerabilities: These are discovered owing to the weaknesses found in the software specifications.
Implementation vulnerabilities: These are the technical security glitches found in the code of a system.
Operational vulnerabilities: These are the vulnerabilities that may arise, owing to the improper configuration and deployment of a system in a specific environment.
Based on these three classes, we have two generic types of vulnerability, local and remote, which can sit in any of the vulnerability classes.