CWE - Differences between Version 3.1 and Version 3.2

Home > CWE List > Reports > Differences between Version 3.1 and Version 3.2

Differences between Version 3.1 and Version 3.2

Summary | Field Change Summary | Important Changes | Detailed Difference Report

Summary

Total weaknesses/chains/composites (Version 3.2)	806
Total weaknesses/chains/composites (Version 3.1)	716
Total new	137
Total deprecated	1
Total with major changes	304
Total with only minor changes	2
Total unchanged	733

Summary of Entry Types

Type	Version 3.1	Version 3.2
Weakness	716	806
Category	247	289
View	32	36
Deprecated	45	46
Total	1040	1177

Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field	Major	Minor
Name	39	0
Description	49	3
Applicable_Platforms	2	0
Time_of_Introduction	1	0
Demonstrative_Examples	5	0
Detection_Factors	0	0
Likelihood_of_Exploit	1	0
Common_Consequences	8	2
Relationships	187	0
References	64	0
Potential_Mitigations	2	0
Observed_Examples	0	0
Terminology_Notes	0	0
Alternate_Terms	3	0
Related_Attack_Patterns	44	0
Relationship_Notes	1	0
Taxonomy_Mappings	139	0
Maintenance_Notes	2	0
Modes_of_Introduction	0	0
Research_Gaps	0	0
Background_Details	0	0
Theoretical_Notes	5	0
Weakness_Ordinalities	23	0
Other_Notes	0	0
View_Type	0	0
View_Structure	0	0
View_Filter	3	0
View_Audience	1	0
Type	3	0
Source_Taxonomy	0	0

Form and Abstraction Changes

From	To	Total	CWE IDs
Unchanged		1037
Weakness/Base	Deprecated	1	769
Weakness/Base	Weakness/Class	1	404
Weakness/Base	Weakness/Variant	1	401

Status Changes

From	To	Total
Unchanged		952
Draft	Obsolete	1
Incomplete	Deprecated	1
Incomplete	Obsolete	86

Relationship Changes

The "Version 3.2 Total" lists the total number of relationships in Version 3.2. The "Shared" value is the total number of relationships in entries that were in both Version 3.2 and Version 3.1. The "New" value is the total number of relationships involving entries that did not exist in Version 3.1. Thus, the total number of relationships in Version 3.2 would combine stats from Shared entries and New entries.

Relationship	Version 3.2 Total	Version 3.1 Total	Version 3.2 Shared	Unchanged	Added to Version 3.2	Removed from Version 3.1	Version 3.2 New
ALL	9267	8227	8143	8117	26	110	1124
ChildOf	4009	3528	3490	3478	12	50	519
ParentOf	4009	3528	3490	3478	12	50	519
MemberOf	401	359	359	359			42
HasMember	401	359	359	359			42
CanPrecede	127	130	127	126	1	4
CanFollow	127	130	127	126	1	4
StartsWith	3	3	3	3
Requires	14	14	14	14
RequiredBy	14	14	14	14
CanAlsoBe	30	32	30	30		2
PeerOf	132	130	130	130			2

Nodes Removed from Version 3.1

CWE-ID	CWE Name
None.

Nodes Added to Version 3.2

CWE-ID	CWE Name
1040	Quality Weaknesses with Indirect Security Impacts
1041	Use of Redundant Code
1042	Static Member Data Element outside of a Singleton Class Element
1043	Data Element Aggregating an Excessively Large Number of Non-Primitive Elements
1044	Architecture with Number of Horizontal Layers Outside of Expected Range
1045	Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor
1046	Creation of Immutable Text Using String Concatenation
1047	Modules with Circular Dependencies
1048	Invokable Control Element with Large Number of Outward Calls
1049	Excessive Data Query Operations in a Large Data Table
1050	Excessive Platform Resource Consumption within a Loop
1051	Initialization with Hard-Coded Network Resource Configuration Data
1052	Excessive Use of Hard-Coded Literals in Initialization
1053	Missing Documentation for Design
1054	Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer
1055	Multiple Inheritance from Concrete Classes
1056	Invokable Control Element with Variadic Parameters
1057	Data Access Operations Outside of Expected Data Manager Component
1058	Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element
1059	Incomplete Documentation
1060	Excessive Number of Inefficient Server-Side Data Accesses
1061	Insufficient Encapsulation
1062	Parent Class with References to Child Class
1063	Creation of Class Instance within a Static Code Block
1064	Invokable Control Element with Signature Containing an Excessive Number of Parameters
1065	Runtime Resource Management Control Element in a Component Built to Run on Application Servers
1066	Missing Serialization Control Element
1067	Excessive Execution of Sequential Searches of Data Resource
1068	Inconsistency Between Implementation and Documented Design
1069	Empty Exception Block
1070	Serializable Data Element Containing non-Serializable Item Elements
1071	Empty Code Block
1072	Data Resource Access without Use of Connection Pooling
1073	Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
1074	Class with Excessively Deep Inheritance
1075	Unconditional Control Flow Transfer outside of Switch Block
1076	Insufficient Adherence to Expected Conventions
1077	Floating Point Comparison with Incorrect Operator
1078	Inappropriate Source Code Style or Formatting
1079	Parent Class without Virtual Destructor Method
1080	Source Code File with Excessive Number of Lines of Code
1082	Class Instance Self Destruction Control Element
1083	Data Access from Outside Expected Data Manager Component
1084	Invokable Control Element with Excessive File or Data Access Operations
1085	Invokable Control Element with Excessive Volume of Commented-out Code
1086	Class with Excessive Number of Child Classes
1087	Class with Virtual Method without a Virtual Destructor
1088	Synchronous Access of Remote Resource without Timeout
1089	Large Data Table with Excessive Number of Indices
1090	Method Containing Access of a Member Element from Another Class
1091	Use of Object without Invoking Destructor Method
1092	Use of Same Invokable Control Element in Multiple Architectural Layers
1093	Excessively Complex Data Representation
1094	Excessive Index Range Scan for a Data Resource
1095	Loop Condition Value Update within the Loop
1096	Singleton Class Instance Creation without Proper Locking or Synchronization
1097	Persistent Storable Data Element without Associated Comparison Control Element
1098	Data Element containing Pointer Item without Proper Copy Control Element
1099	Inconsistent Naming Conventions for Identifiers
1100	Insufficient Isolation of System-Dependent Functions
1101	Reliance on Runtime Component in Generated Code
1102	Reliance on Machine-Dependent Data Representation
1103	Use of Platform-Dependent Third Party Components
1104	Use of Unmaintained Third Party Components
1105	Insufficient Encapsulation of Machine-Dependent Functionality
1106	Insufficient Use of Symbolic Constants
1107	Insufficient Isolation of Symbolic Constant Definitions
1108	Excessive Reliance on Global Variables
1109	Use of Same Variable for Multiple Purposes
1110	Incomplete Design Documentation
1111	Incomplete I/O Documentation
1112	Incomplete Documentation of Program Execution
1113	Inappropriate Comment Style
1114	Inappropriate Whitespace Style
1115	Source Code Element without Standard Prologue
1116	Inaccurate Comments
1117	Callable with Insufficient Behavioral Summary
1118	Insufficient Documentation of Error Handling Techniques
1119	Excessive Use of Unconditional Branching
1120	Excessive Code Complexity
1121	Excessive McCabe Cyclomatic Complexity
1122	Excessive Halstead Complexity
1123	Excessive Use of Self-Modifying Code
1124	Excessively Deep Nesting
1125	Excessive Attack Surface
1126	Declaration of Variable with Unnecessarily Wide Scope
1127	Compilation with Insufficient Warnings or Errors
1128	CISQ Quality Measures (2016)
1129	CISQ Quality Measures - Reliability
1130	CISQ Quality Measures - Maintainability
1131	CISQ Quality Measures - Security
1132	CISQ Quality Measures - Performance
1133	Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java
1134	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 00. Input Validation and Data Sanitization (IDS)
1135	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 01. Declarations and Initialization (DCL)
1136	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 02. Expressions (EXP)
1137	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM)
1138	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 04. Characters and Strings (STR)
1139	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 05. Object Orientation (OBJ)
1140	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 06. Methods (MET)
1141	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 07. Exceptional Behavior (ERR)
1142	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 08. Visibility and Atomicity (VNA)
1143	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 09. Locking (LCK)
1144	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 10. Thread APIs (THI)
1145	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 11. Thread Pools (TPS)
1146	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 12. Thread-Safety Miscellaneous (TSM)
1147	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)
1148	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 14. Serialization (SER)
1149	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 15. Platform Security (SEC)
1150	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 16. Runtime Environment (ENV)
1151	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 17. Java Native Interface (JNI)
1152	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 49. Miscellaneous (MSC)
1153	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 50. Android (DRD)
1154	Weaknesses Addressed by the SEI CERT C Coding Standard
1155	SEI CERT C Coding Standard - Guidelines 01. Preprocessor (PRE)
1156	SEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL)
1157	SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP)
1158	SEI CERT C Coding Standard - Guidelines 04. Integers (INT)
1159	SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP)
1160	SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR)
1161	SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR)
1162	SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM)
1163	SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO)
1164	Irrelevant Code
1165	SEI CERT C Coding Standard - Guidelines 10. Environment (ENV)
1166	SEI CERT C Coding Standard - Guidelines 11. Signals (SIG)
1167	SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR)
1168	SEI CERT C Coding Standard - Guidelines 13. Application Programming Interfaces (API)
1169	SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON)
1170	SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC)
1171	SEI CERT C Coding Standard - Guidelines 50. POSIX (POS)
1172	SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN)
1173	Improper Use of Validation Framework
1174	ASP.NET Misconfiguration: Improper Model Validation
1175	SEI CERT Oracle Secure Coding Standard for Java - Guidelines 18. Concurrency (CON)
1176	Inefficient CPU Computation
1177	Use of Prohibited Code

Nodes Deprecated in Version 3.2

CWE-ID	CWE Name
769	DEPRECATED: Uncontrolled File Descriptor Consumption

Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D	Description
N	Name
R	Relationships

		R	20	Improper Input Validation
		R	22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
		R	67	Improper Handling of Windows Device Names
		R	78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
		R	79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
		R	88	Argument Injection or Modification
		R	89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
		R	99	Improper Control of Resource Identifiers ('Resource Injection')
		R	102	Struts: Duplicate Validation Forms
		R	105	Struts: Form Field Without Validator
		R	106	Struts: Plug-in Framework not in Use
		R	108	Struts: Unvalidated Action Form
		R	109	Struts: Validator Turned Off
		R	111	Direct Use of Unsafe JNI
		R	112	Missing XML Validation
		R	116	Improper Encoding or Escaping of Output
		R	117	Improper Output Neutralization for Logs
		R	119	Improper Restriction of Operations within the Bounds of a Memory Buffer
		R	120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
		R	121	Stack-based Buffer Overflow
		R	122	Heap-based Buffer Overflow
		R	123	Write-what-where Condition
		R	125	Out-of-bounds Read
		R	129	Improper Validation of Array Index
		R	131	Incorrect Calculation of Buffer Size
		R	134	Use of Externally-Controlled Format String
		R	144	Improper Neutralization of Line Delimiters
		R	150	Improper Neutralization of Escape, Meta, or Control Sequences
		R	170	Improper Null Termination
		R	171	Cleansing, Canonicalization, and Comparison Errors
		R	180	Incorrect Behavior Order: Validate Before Canonicalize
		R	182	Collapse of Data into Unsafe Value
D			186	Overly Restrictive Regular Expression
		R	187	Partial String Comparison
D		R	188	Reliance on Data/Memory Layout
		R	189	Numeric Errors
		R	190	Integer Overflow or Wraparound
		R	191	Integer Underflow (Wrap or Wraparound)
		R	192	Integer Coercion Error
		R	194	Unexpected Sign Extension
		R	195	Signed to Unsigned Conversion Error
		R	197	Numeric Truncation Error
		R	198	Use of Incorrect Byte Ordering
		R	227	7PK - API Abuse
		R	241	Improper Handling of Unexpected Data Type
		R	242	Use of Inherently Dangerous Function
		R	248	Uncaught Exception
		R	252	Unchecked Return Value
		R	253	Incorrect Check of Function Return Value
		R	259	Use of Hard-coded Password
		R	266	Incorrect Privilege Assignment
		R	272	Least Privilege Violation
		R	273	Improper Check for Dropped Privileges
		R	276	Incorrect Default Permissions
		R	279	Incorrect Execution-Assigned Permissions
		R	283	Unverified Ownership
		R	289	Authentication Bypass by Alternate Name
		R	311	Missing Encryption of Sensitive Data
		R	319	Cleartext Transmission of Sensitive Information
		R	327	Use of a Broken or Risky Cryptographic Algorithm
		R	330	Use of Insufficiently Random Values
		R	331	Insufficient Entropy
		R	332	Insufficient Entropy in PRNG
		R	336	Same Seed in Pseudo-Random Number Generator (PRNG)
		R	337	Predictable Seed in Pseudo-Random Number Generator (PRNG)
		R	338	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
		R	349	Acceptance of Extraneous Untrusted Data With Trusted Data
		R	359	Exposure of Private Information ('Privacy Violation')
		R	362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
		R	363	Race Condition Enabling Link Following
		R	365	Race Condition in Switch
		R	366	Race Condition within a Thread
		R	369	Divide By Zero
		R	374	Passing Mutable Objects to an Untrusted Method
		R	375	Returning a Mutable Object to an Untrusted Caller
		R	377	Insecure Temporary File
		R	382	J2EE Bad Practices: Use of System.exit()
		R	391	Unchecked Error Condition
		R	392	Missing Report of Error Condition
		R	396	Declaration of Catch for Generic Exception
		R	397	Declaration of Throws for Generic Exception
		R	399	Resource Management Errors
D	N	R	400	Uncontrolled Resource Consumption
	N	R	401	Improper Release of Memory Before Removing Last Reference
		R	404	Improper Resource Shutdown or Release
		R	405	Asymmetric Resource Consumption (Amplification)
		R	409	Improper Handling of Highly Compressed Data (Data Amplification)
		R	410	Insufficient Resource Pool
		R	412	Unrestricted Externally Accessible Lock
		R	413	Improper Resource Locking
		R	415	Double Free
		R	416	Use After Free
		R	434	Unrestricted Upload of File with Dangerous Type
		R	452	Initialization and Cleanup Errors
		R	456	Missing Initialization of a Variable
		R	459	Incomplete Cleanup
		R	460	Improper Cleanup on Thrown Exception
		R	467	Use of sizeof() on a Pointer Type
		R	468	Incorrect Pointer Scaling
		R	469	Use of Pointer Subtraction to Determine Size
		R	474	Use of Function with Inconsistent Implementations
		R	476	NULL Pointer Dereference
		R	478	Missing Default Case in Switch Statement
		R	479	Signal Handler Use of a Non-reentrant Function
		R	480	Use of Incorrect Operator
		R	481	Assigning instead of Comparing
		R	486	Comparison of Classes by Name
		R	491	Public cloneable() Method Without Final ('Object Hijack')
		R	492	Use of Inner Class Containing Sensitive Data
D	N		495	Private Data Structure Returned From A Public Method
		R	498	Cloneable Class Containing Sensitive Information
		R	499	Serializable Class Containing Sensitive Data
		R	500	Public Static Field Not Marked Final
		R	502	Deserialization of Untrusted Data
		R	532	Information Exposure Through Log Files
		R	546	Suspicious Comment
		R	547	Use of Hard-coded, Security-relevant Constants
		R	554	ASP.NET Misconfiguration: Not Using Input Validation Framework
		R	561	Dead Code
		R	562	Return of Stack Variable Address
		R	563	Assignment to Variable without Use
		R	567	Unsynchronized Access to Shared Data in a Multithreaded Context
		R	568	finalize() Method Without super.finalize()
		R	572	Call to Thread run() instead of start()
		R	573	Improper Following of Specification by Caller
		R	581	Object Model Violation: Just One of Equals and Hashcode Defined
		R	583	finalize() Method Declared Public
		R	584	Return Inside Finally Block
		R	585	Empty Synchronized Block
		R	586	Explicit Call to Finalize()
		R	587	Assignment of a Fixed Address to a Pointer
		R	589	Call to Non-ubiquitous API
		R	590	Free of Memory not on the Heap
		R	595	Comparison of Object References Instead of Object Contents
		R	597	Use of Wrong Operator in String Comparison
		R	606	Unchecked Input for Loop Condition
		R	609	Double-Checked Locking
		R	617	Reachable Assertion
		R	628	Function Call with Incorrectly Specified Arguments
D			629	Weaknesses in OWASP Top Ten (2007)
		R	647	Use of Non-Canonical URL Paths for Authorization Decisions
		R	662	Improper Synchronization
		R	664	Improper Control of a Resource Through its Lifetime
		R	665	Improper Initialization
		R	666	Operation on Resource in Wrong Phase of Lifetime
		R	667	Improper Locking
		R	668	Exposure of Resource to Wrong Sphere
		R	672	Operation on a Resource after Expiration or Release
		R	674	Uncontrolled Recursion
		R	676	Use of Potentially Dangerous Function
		R	680	Integer Overflow to Buffer Overflow
		R	681	Incorrect Conversion between Numeric Types
		R	682	Incorrect Calculation
		R	685	Function Call With Incorrect Number of Arguments
		R	686	Function Call With Incorrect Argument Type
		R	690	Unchecked Return Value to NULL Pointer Dereference
		R	696	Incorrect Behavior Order
		R	697	Incorrect Comparison
		R	703	Improper Check or Handling of Exceptional Conditions
		R	704	Incorrect Type Conversion or Cast
		R	705	Incorrect Control Flow Scoping
		R	710	Improper Adherence to Coding Standards
D			711	Weaknesses in OWASP Top Ten (2004)
		R	732	Incorrect Permission Assignment for Critical Resource
D	N		734	Weaknesses Addressed by the CERT C Secure Coding Standard (2008)
D	N		735	CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE)
D	N		736	CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL)
D	N		737	CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP)
D	N		738	CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT)
D	N		739	CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP)
D	N		740	CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR)
D	N		741	CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR)
D	N		742	CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM)
D	N		743	CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO)
D	N		744	CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV)
D	N		745	CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG)
D	N		746	CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR)
D	N		747	CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC)
D	N	R	748	CERT C Secure Coding Standard (2008) Appendix - POSIX (POS)
D			750	Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors
		R	754	Improper Check for Unusual or Exceptional Conditions
		R	758	Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
		R	762	Mismatched Memory Management Routines
D	N	R	766	Critical Data Element Declared Public
D	N	R	769	DEPRECATED: Uncontrolled File Descriptor Consumption
D		R	770	Allocation of Resources Without Limits or Throttling
		R	771	Missing Reference to Active Allocated Resource
		R	772	Missing Release of Resource after Effective Lifetime
		R	773	Missing Reference to Active File Descriptor or Handle
		R	774	Allocation of File Descriptors or Handles Without Limits or Throttling
		R	775	Missing Release of File Descriptor or Handle after Effective Lifetime
		R	786	Access of Memory Location Before Start of Buffer
		R	788	Access of Memory Location After End of Buffer
		R	789	Uncontrolled Memory Allocation
		R	798	Use of Hard-coded Credentials
D			800	Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
		R	805	Buffer Access with Incorrect Length Value
D			809	Weaknesses in OWASP Top Ten (2010)
		R	820	Missing Synchronization
		R	821	Incorrect Synchronization
		R	835	Loop with Unreachable Exit Condition ('Infinite Loop')
		R	838	Inappropriate Encoding for Output Context
		R	839	Numeric Range Comparison Without Minimum Check
		R	843	Access of Resource Using Incompatible Type ('Type Confusion')
D	N		844	Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)
D	N		845	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 2 - Input Validation and Data Sanitization (IDS)
D	N		846	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 3 - Declarations and Initialization (DCL)
D	N		847	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP)
D	N		848	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 5 - Numeric Types and Operations (NUM)
D	N		849	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 6 - Object Orientation (OBJ)
D	N		850	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET)
D	N		851	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR)
D	N		852	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA)
D	N		853	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK)
D	N		854	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 11 - Thread APIs (THI)
D	N		855	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS)
D	N		856	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 13 - Thread-Safety Miscellaneous (TSM)
D	N		857	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO)
D	N		858	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER)
D	N		859	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC)
D	N		860	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV)
D	N		861	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC)
D	N		868	Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)
		R	908	Use of Uninitialized Resource
		R	910	Use of Expired File Descriptor
D			916	Use of Password Hash With Insufficient Computational Effort
D			928	Weaknesses in OWASP Top Ten (2013)
		R	1006	Bad Coding Practices
D			1007	Insufficient Visual Distinction of Homoglyphs Presented to User
		R	1023	Incomplete Comparison with Missing Factors

Detailed Difference Report

15	External Control of System or Configuration Setting
	Major	Related_Attack_Patterns
	Minor	None
20	Improper Input Validation
	Major	Related_Attack_Patterns, Relationships
	Minor	None
22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
	Major	References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings
	Minor	None
59	Improper Link Resolution Before File Access ('Link Following')
	Major	Taxonomy_Mappings
	Minor	None
64	Windows Shortcut Following (.LNK)
	Major	Related_Attack_Patterns
	Minor	None
67	Improper Handling of Windows Device Names
	Major	Relationships, Taxonomy_Mappings
	Minor	None
69	Improper Handling of Windows ::DATA Alternate Data Stream
	Major	Related_Attack_Patterns
	Minor	None
74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
	Major	Related_Attack_Patterns
	Minor	None
77	Improper Neutralization of Special Elements used in a Command ('Command Injection')
	Major	Taxonomy_Mappings
	Minor	None
78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
88	Argument Injection or Modification
	Major	Relationships
	Minor	None
89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
95	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
	Major	Taxonomy_Mappings
	Minor	None
99	Improper Control of Resource Identifiers ('Resource Injection')
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
102	Struts: Duplicate Validation Forms
	Major	Relationships
	Minor	None
105	Struts: Form Field Without Validator
	Major	Relationships
	Minor	None
106	Struts: Plug-in Framework not in Use
	Major	Relationships
	Minor	None
108	Struts: Unvalidated Action Form
	Major	Relationships
	Minor	None
109	Struts: Validator Turned Off
	Major	Relationships
	Minor	None
111	Direct Use of Unsafe JNI
	Major	Relationships, Taxonomy_Mappings
	Minor	None
112	Missing XML Validation
	Major	Relationships
	Minor	None
116	Improper Encoding or Escaping of Output
	Major	Relationships, Taxonomy_Mappings
	Minor	None
117	Improper Output Neutralization for Logs
	Major	Relationships, Taxonomy_Mappings
	Minor	None
119	Improper Restriction of Operations within the Bounds of a Memory Buffer
	Major	Relationships
	Minor	None
120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
121	Stack-based Buffer Overflow
	Major	Relationships
	Minor	None
122	Heap-based Buffer Overflow
	Major	Relationships
	Minor	None
123	Write-what-where Condition
	Major	Relationships
	Minor	None
125	Out-of-bounds Read
	Major	Relationships
	Minor	None
129	Improper Validation of Array Index
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
131	Incorrect Calculation of Buffer Size
	Major	Relationships
	Minor	None
134	Use of Externally-Controlled Format String
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
135	Incorrect Calculation of Multi-Byte String Length
	Major	Taxonomy_Mappings
	Minor	None
144	Improper Neutralization of Line Delimiters
	Major	Relationships, Taxonomy_Mappings
	Minor	None
150	Improper Neutralization of Escape, Meta, or Control Sequences
	Major	Relationships, Taxonomy_Mappings
	Minor	None
162	Improper Neutralization of Trailing Special Elements
	Major	Related_Attack_Patterns
	Minor	None
170	Improper Null Termination
	Major	Relationships
	Minor	Common_Consequences
171	Cleansing, Canonicalization, and Comparison Errors
	Major	Relationships, Taxonomy_Mappings
	Minor	None
172	Encoding Error
	Major	Related_Attack_Patterns
	Minor	None
173	Improper Handling of Alternate Encoding
	Major	Related_Attack_Patterns
	Minor	None
177	Improper Handling of URL Encoding (Hex Encoding)
	Major	Related_Attack_Patterns
	Minor	None
180	Incorrect Behavior Order: Validate Before Canonicalize
	Major	Relationships, Taxonomy_Mappings
	Minor	None
181	Incorrect Behavior Order: Validate Before Filter
	Major	Related_Attack_Patterns
	Minor	None
182	Collapse of Data into Unsafe Value
	Major	Relationships, Taxonomy_Mappings
	Minor	None
183	Permissive Whitelist
	Major	Related_Attack_Patterns
	Minor	None
184	Incomplete Blacklist
	Major	Related_Attack_Patterns
	Minor	None
186	Overly Restrictive Regular Expression
	Major	Description
	Minor	None
187	Partial String Comparison
	Major	Relationships
	Minor	None
188	Reliance on Data/Memory Layout
	Major	Description, Relationships
	Minor	None
189	Numeric Errors
	Major	Relationships, Taxonomy_Mappings
	Minor	None
190	Integer Overflow or Wraparound
	Major	Relationships
	Minor	None
191	Integer Underflow (Wrap or Wraparound)
	Major	Relationships
	Minor	None
192	Integer Coercion Error
	Major	Relationships
	Minor	None
194	Unexpected Sign Extension
	Major	Relationships
	Minor	None
195	Signed to Unsigned Conversion Error
	Major	Relationships
	Minor	None
197	Numeric Truncation Error
	Major	Relationships, Taxonomy_Mappings
	Minor	None
198	Use of Incorrect Byte Ordering
	Major	Relationships, Taxonomy_Mappings
	Minor	None
200	Information Exposure
	Major	Related_Attack_Patterns
	Minor	Description
209	Information Exposure Through an Error Message
	Major	Taxonomy_Mappings
	Minor	None
227	7PK - API Abuse
	Major	Relationships
	Minor	None
230	Improper Handling of Missing Values
	Major	Taxonomy_Mappings
	Minor	None
232	Improper Handling of Undefined Values
	Major	Taxonomy_Mappings
	Minor	None
241	Improper Handling of Unexpected Data Type
	Major	Relationships
	Minor	None
242	Use of Inherently Dangerous Function
	Major	Relationships
	Minor	None
248	Uncaught Exception
	Major	Relationships, Taxonomy_Mappings
	Minor	None
250	Execution with Unnecessary Privileges
	Major	Taxonomy_Mappings
	Minor	None
252	Unchecked Return Value
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
253	Incorrect Check of Function Return Value
	Major	Relationships
	Minor	None
259	Use of Hard-coded Password
	Major	Relationships, Taxonomy_Mappings
	Minor	None
266	Incorrect Privilege Assignment
	Major	Relationships, Taxonomy_Mappings
	Minor	None
267	Privilege Defined With Unsafe Actions
	Major	Related_Attack_Patterns
	Minor	None
272	Least Privilege Violation
	Major	Relationships, Taxonomy_Mappings
	Minor	None
273	Improper Check for Dropped Privileges
	Major	Relationships
	Minor	None
276	Incorrect Default Permissions
	Major	Relationships, Taxonomy_Mappings
	Minor	None
279	Incorrect Execution-Assigned Permissions
	Major	Relationships, Taxonomy_Mappings
	Minor	None
283	Unverified Ownership
	Major	Relationships
	Minor	Common_Consequences
284	Improper Access Control
	Major	Related_Attack_Patterns
	Minor	None
285	Improper Authorization
	Major	Related_Attack_Patterns
	Minor	None
287	Improper Authentication
	Major	Related_Attack_Patterns
	Minor	None
289	Authentication Bypass by Alternate Name
	Major	Relationships, Taxonomy_Mappings
	Minor	None
300	Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
	Major	Taxonomy_Mappings
	Minor	None
302	Authentication Bypass by Assumed-Immutable Data
	Major	Taxonomy_Mappings
	Minor	None
306	Missing Authentication for Critical Function
	Major	Related_Attack_Patterns
	Minor	None
311	Missing Encryption of Sensitive Data
	Major	Related_Attack_Patterns, Relationships, Taxonomy_Mappings
	Minor	None
319	Cleartext Transmission of Sensitive Information
	Major	Relationships, Taxonomy_Mappings
	Minor	None
326	Inadequate Encryption Strength
	Major	Related_Attack_Patterns
	Minor	None
327	Use of a Broken or Risky Cryptographic Algorithm
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
330	Use of Insufficiently Random Values
	Major	Relationships, Taxonomy_Mappings
	Minor	None
331	Insufficient Entropy
	Major	Relationships
	Minor	None
332	Insufficient Entropy in PRNG
	Major	Relationships, Taxonomy_Mappings
	Minor	None
333	Improper Handling of Insufficient Entropy in TRNG
	Major	Taxonomy_Mappings
	Minor	None
336	Same Seed in Pseudo-Random Number Generator (PRNG)
	Major	Relationships, Taxonomy_Mappings
	Minor	None
337	Predictable Seed in Pseudo-Random Number Generator (PRNG)
	Major	Relationships, Taxonomy_Mappings
	Minor	None
338	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
	Major	Relationships
	Minor	None
347	Improper Verification of Cryptographic Signature
	Major	Taxonomy_Mappings
	Minor	None
349	Acceptance of Extraneous Untrusted Data With Trusted Data
	Major	Relationships, Taxonomy_Mappings
	Minor	None
359	Exposure of Private Information ('Privacy Violation')
	Major	Relationships, Taxonomy_Mappings
	Minor	None
362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
	Major	Relationships, Taxonomy_Mappings
	Minor	None
363	Race Condition Enabling Link Following
	Major	Relationships
	Minor	None
365	Race Condition in Switch
	Major	Relationships, Taxonomy_Mappings
	Minor	None
366	Race Condition within a Thread
	Major	Relationships, Taxonomy_Mappings
	Minor	None
369	Divide By Zero
	Major	Relationships, Taxonomy_Mappings
	Minor	None
374	Passing Mutable Objects to an Untrusted Method
	Major	Relationships, Taxonomy_Mappings
	Minor	None
375	Returning a Mutable Object to an Untrusted Caller
	Major	Relationships, Taxonomy_Mappings
	Minor	None
377	Insecure Temporary File
	Major	Relationships, Taxonomy_Mappings
	Minor	None
382	J2EE Bad Practices: Use of System.exit()
	Major	Relationships, Taxonomy_Mappings
	Minor	None
390	Detection of Error Condition Without Action
	Major	Related_Attack_Patterns, Taxonomy_Mappings
	Minor	None
391	Unchecked Error Condition
	Major	Relationships, Taxonomy_Mappings
	Minor	None
392	Missing Report of Error Condition
	Major	Relationships, Taxonomy_Mappings
	Minor	None
394	Unexpected Status Code or Return Value
	Major	Taxonomy_Mappings
	Minor	None
395	Use of NullPointerException Catch to Detect NULL Pointer Dereference
	Major	Taxonomy_Mappings
	Minor	None
396	Declaration of Catch for Generic Exception
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
397	Declaration of Throws for Generic Exception
	Major	Applicable_Platforms, Demonstrative_Examples, References, Relationships, Taxonomy_Mappings
	Minor	None
399	Resource Management Errors
	Major	Relationships
	Minor	None
400	Uncontrolled Resource Consumption
	Major	Alternate_Terms, Description, Name, Relationships, Taxonomy_Mappings, Theoretical_Notes
	Minor	None
401	Improper Release of Memory Before Removing Last Reference
	Major	Common_Consequences, Demonstrative_Examples, Name, References, Relationships, Taxonomy_Mappings, Type, Weakness_Ordinalities
	Minor	None
404	Improper Resource Shutdown or Release
	Major	Relationships, Taxonomy_Mappings, Type
	Minor	None
405	Asymmetric Resource Consumption (Amplification)
	Major	Relationships, Taxonomy_Mappings
	Minor	None
409	Improper Handling of Highly Compressed Data (Data Amplification)
	Major	Relationships, Taxonomy_Mappings
	Minor	None
410	Insufficient Resource Pool
	Major	Relationships, Taxonomy_Mappings
	Minor	None
412	Unrestricted Externally Accessible Lock
	Major	Relationships, Taxonomy_Mappings
	Minor	None
413	Improper Resource Locking
	Major	Relationships, Taxonomy_Mappings
	Minor	None
415	Double Free
	Major	Relationships
	Minor	None
416	Use After Free
	Major	Relationships
	Minor	None
426	Untrusted Search Path
	Major	Related_Attack_Patterns
	Minor	None
427	Uncontrolled Search Path Element
	Major	Related_Attack_Patterns
	Minor	None
428	Unquoted Search Path or Element
	Major	Applicable_Platforms, Related_Attack_Patterns
	Minor	None
434	Unrestricted Upload of File with Dangerous Type
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
452	Initialization and Cleanup Errors
	Major	Relationships
	Minor	None
456	Missing Initialization of a Variable
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
457	Use of Uninitialized Variable
	Major	Taxonomy_Mappings
	Minor	None
459	Incomplete Cleanup
	Major	Relationships, Taxonomy_Mappings
	Minor	None
460	Improper Cleanup on Thrown Exception
	Major	Relationships, Taxonomy_Mappings
	Minor	None
467	Use of sizeof() on a Pointer Type
	Major	Relationships
	Minor	None
468	Incorrect Pointer Scaling
	Major	Relationships
	Minor	None
469	Use of Pointer Subtraction to Determine Size
	Major	Relationships
	Minor	None
470	Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
	Major	Taxonomy_Mappings
	Minor	None
472	External Control of Assumed-Immutable Web Parameter
	Major	Related_Attack_Patterns
	Minor	None
474	Use of Function with Inconsistent Implementations
	Major	Relationships, Weakness_Ordinalities
	Minor	None
475	Undefined Behavior for Input to API
	Major	Weakness_Ordinalities
	Minor	None
476	NULL Pointer Dereference
	Major	Relationships
	Minor	None
477	Use of Obsolete Function
	Major	Taxonomy_Mappings, Weakness_Ordinalities
	Minor	None
478	Missing Default Case in Switch Statement
	Major	Relationships
	Minor	None
479	Signal Handler Use of a Non-reentrant Function
	Major	Relationships, Taxonomy_Mappings
	Minor	None
480	Use of Incorrect Operator
	Major	Relationships
	Minor	None
481	Assigning instead of Comparing
	Major	Relationships
	Minor	None
483	Incorrect Block Delimitation
	Major	Weakness_Ordinalities
	Minor	None
484	Omitted Break Statement in Switch
	Major	Weakness_Ordinalities
	Minor	None
486	Comparison of Classes by Name
	Major	Relationships, Taxonomy_Mappings
	Minor	None
487	Reliance on Package-level Scope
	Major	Taxonomy_Mappings
	Minor	None
489	Leftover Debug Code
	Major	Weakness_Ordinalities
	Minor	None
491	Public cloneable() Method Without Final ('Object Hijack')
	Major	Relationships, Taxonomy_Mappings
	Minor	None
492	Use of Inner Class Containing Sensitive Data
	Major	Relationships, Taxonomy_Mappings
	Minor	None
493	Critical Public Variable Without Final Modifier
	Major	Taxonomy_Mappings
	Minor	None
494	Download of Code Without Integrity Check
	Major	Taxonomy_Mappings
	Minor	None
495	Private Data Structure Returned From A Public Method
	Major	Common_Consequences, Demonstrative_Examples, Description, Name, Potential_Mitigations
	Minor	None
497	Exposure of System Data to an Unauthorized Control Sphere
	Major	Taxonomy_Mappings
	Minor	None
498	Cloneable Class Containing Sensitive Information
	Major	Relationships, Taxonomy_Mappings
	Minor	None
499	Serializable Class Containing Sensitive Data
	Major	Relationships, Taxonomy_Mappings
	Minor	None
500	Public Static Field Not Marked Final
	Major	Relationships, Taxonomy_Mappings
	Minor	None
502	Deserialization of Untrusted Data
	Major	Related_Attack_Patterns, Relationships, Taxonomy_Mappings
	Minor	None
522	Insufficiently Protected Credentials
	Major	Related_Attack_Patterns
	Minor	None
532	Information Exposure Through Log Files
	Major	Relationships, Taxonomy_Mappings
	Minor	None
543	Use of Singleton Pattern Without Synchronization in a Multithreaded Context
	Major	Taxonomy_Mappings
	Minor	None
546	Suspicious Comment
	Major	Relationships, Weakness_Ordinalities
	Minor	None
547	Use of Hard-coded, Security-relevant Constants
	Major	Relationships, Weakness_Ordinalities
	Minor	None
552	Files or Directories Accessible to External Parties
	Major	Related_Attack_Patterns
	Minor	None
553	Command Shell in Externally Accessible Directory
	Major	Related_Attack_Patterns
	Minor	None
554	ASP.NET Misconfiguration: Not Using Input Validation Framework
	Major	Relationships, Weakness_Ordinalities
	Minor	None
561	Dead Code
	Major	Common_Consequences, References, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
	Minor	None
562	Return of Stack Variable Address
	Major	Relationships, Weakness_Ordinalities
	Minor	None
563	Assignment to Variable without Use
	Major	Relationships, Taxonomy_Mappings, Weakness_Ordinalities
	Minor	None
567	Unsynchronized Access to Shared Data in a Multithreaded Context
	Major	Relationships, Taxonomy_Mappings
	Minor	None
568	finalize() Method Without super.finalize()
	Major	Relationships, Taxonomy_Mappings
	Minor	None
572	Call to Thread run() instead of start()
	Major	Relationships, Taxonomy_Mappings
	Minor	None
573	Improper Following of Specification by Caller
	Major	Relationships, Taxonomy_Mappings, Weakness_Ordinalities
	Minor	None
581	Object Model Violation: Just One of Equals and Hashcode Defined
	Major	Relationships, Taxonomy_Mappings
	Minor	None
582	Array Declared Public, Final, and Static
	Major	Taxonomy_Mappings
	Minor	None
583	finalize() Method Declared Public
	Major	Relationships, Taxonomy_Mappings
	Minor	None
584	Return Inside Finally Block
	Major	Relationships, Taxonomy_Mappings
	Minor	None
585	Empty Synchronized Block
	Major	Relationships, Weakness_Ordinalities
	Minor	None
586	Explicit Call to Finalize()
	Major	Relationships, Taxonomy_Mappings, Weakness_Ordinalities
	Minor	None
587	Assignment of a Fixed Address to a Pointer
	Major	Relationships
	Minor	None
589	Call to Non-ubiquitous API
	Major	Relationships, Taxonomy_Mappings, Weakness_Ordinalities
	Minor	None
590	Free of Memory not on the Heap
	Major	Relationships
	Minor	None
594	J2EE Framework: Saving Unserializable Objects to Disk
	Major	Weakness_Ordinalities
	Minor	None
595	Comparison of Object References Instead of Object Contents
	Major	Relationships, Taxonomy_Mappings
	Minor	None
597	Use of Wrong Operator in String Comparison
	Major	Relationships, Taxonomy_Mappings
	Minor	None
600	Uncaught Exception in Servlet
	Major	Taxonomy_Mappings
	Minor	None
601	URL Redirection to Untrusted Site ('Open Redirect')
	Major	Related_Attack_Patterns
	Minor	None
605	Multiple Binds to the Same Port
	Major	Weakness_Ordinalities
	Minor	None
606	Unchecked Input for Loop Condition
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
609	Double-Checked Locking
	Major	Relationships, Taxonomy_Mappings
	Minor	None
611	Improper Restriction of XML External Entity Reference ('XXE')
	Major	Related_Attack_Patterns
	Minor	None
617	Reachable Assertion
	Major	Relationships, Taxonomy_Mappings
	Minor	None
625	Permissive Regular Expression
	Major	Taxonomy_Mappings
	Minor	None
628	Function Call with Incorrectly Specified Arguments
	Major	Relationships, Taxonomy_Mappings
	Minor	None
629	Weaknesses in OWASP Top Ten (2007)
	Major	Description
	Minor	None
647	Use of Non-Canonical URL Paths for Authorization Decisions
	Major	Relationships, Taxonomy_Mappings
	Minor	None
662	Improper Synchronization
	Major	Relationships, Taxonomy_Mappings
	Minor	None
664	Improper Control of a Resource Through its Lifetime
	Major	Relationships
	Minor	None
665	Improper Initialization
	Major	Related_Attack_Patterns, Relationships, Taxonomy_Mappings
	Minor	None
666	Operation on Resource in Wrong Phase of Lifetime
	Major	Relationships
	Minor	None
667	Improper Locking
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
668	Exposure of Resource to Wrong Sphere
	Major	Relationships
	Minor	None
672	Operation on a Resource after Expiration or Release
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
674	Uncontrolled Recursion
	Major	References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings
	Minor	None
676	Use of Potentially Dangerous Function
	Major	Relationships, Weakness_Ordinalities
	Minor	None
677	Weakness Base Elements
	Major	View_Filter
	Minor	None
678	Composites
	Major	View_Filter
	Minor	None
680	Integer Overflow to Buffer Overflow
	Major	Relationships
	Minor	None
681	Incorrect Conversion between Numeric Types
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
682	Incorrect Calculation
	Major	Relationships
	Minor	None
684	Incorrect Provision of Specified Functionality
	Major	Weakness_Ordinalities
	Minor	None
685	Function Call With Incorrect Number of Arguments
	Major	Relationships
	Minor	None
686	Function Call With Incorrect Argument Type
	Major	Relationships
	Minor	None
690	Unchecked Return Value to NULL Pointer Dereference
	Major	Relationships, Taxonomy_Mappings
	Minor	None
692	Incomplete Blacklist to Cross-Site Scripting
	Major	Related_Attack_Patterns
	Minor	None
693	Protection Mechanism Failure
	Major	Related_Attack_Patterns
	Minor	None
696	Incorrect Behavior Order
	Major	Relationships
	Minor	None
697	Incorrect Comparison
	Major	Related_Attack_Patterns, Relationships
	Minor	None
703	Improper Check or Handling of Exceptional Conditions
	Major	Relationships, Taxonomy_Mappings
	Minor	None
704	Incorrect Type Conversion or Cast
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
705	Incorrect Control Flow Scoping
	Major	Relationships, Taxonomy_Mappings
	Minor	None
706	Use of Incorrectly-Resolved Name or Reference
	Major	Related_Attack_Patterns
	Minor	None
707	Improper Enforcement of Message or Data Structure
	Major	Related_Attack_Patterns
	Minor	None
710	Improper Adherence to Coding Standards
	Major	Relationships
	Minor	None
711	Weaknesses in OWASP Top Ten (2004)
	Major	Description
	Minor	None
732	Incorrect Permission Assignment for Critical Resource
	Major	Related_Attack_Patterns, Relationships, Taxonomy_Mappings
	Minor	None
734	Weaknesses Addressed by the CERT C Secure Coding Standard (2008)
	Major	Description, Name, References
	Minor	None
735	CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE)
	Major	Description, Name, References
	Minor	None
736	CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL)
	Major	Description, Name, References
	Minor	None
737	CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP)
	Major	Description, Name, References
	Minor	None
738	CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT)
	Major	Description, Name, References
	Minor	None
739	CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP)
	Major	Description, Name, References
	Minor	None
740	CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR)
	Major	Description, Name, References
	Minor	None
741	CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR)
	Major	Description, Name, References
	Minor	None
742	CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM)
	Major	Description, Name, References
	Minor	None
743	CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO)
	Major	Description, Name, References
	Minor	None
744	CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV)
	Major	Description, Name, References
	Minor	None
745	CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG)
	Major	Description, Name, References
	Minor	None
746	CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR)
	Major	Description, Name, References
	Minor	None
747	CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC)
	Major	Description, Name, References
	Minor	None
748	CERT C Secure Coding Standard (2008) Appendix - POSIX (POS)
	Major	Description, Name, References, Relationship_Notes, Relationships
	Minor	None
750	Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors
	Major	Description
	Minor	None
754	Improper Check for Unusual or Exceptional Conditions
	Major	Relationships, Taxonomy_Mappings
	Minor	None
758	Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
	Major	Relationships, Weakness_Ordinalities
	Minor	None
762	Mismatched Memory Management Routines
	Major	Relationships
	Minor	None
766	Critical Data Element Declared Public
	Major	Common_Consequences, Description, Name, References, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
	Minor	None
767	Access to Critical Private Variable via Public Method
	Major	Taxonomy_Mappings
	Minor	None
769	DEPRECATED: Uncontrolled File Descriptor Consumption
	Major	Alternate_Terms, Description, Likelihood_of_Exploit, Name, Potential_Mitigations, References, Relationships, Time_of_Introduction, Type
	Minor	None
770	Allocation of Resources Without Limits or Throttling
	Major	Demonstrative_Examples, Description, Relationships, Taxonomy_Mappings
	Minor	None
771	Missing Reference to Active Allocated Resource
	Major	Common_Consequences, Maintenance_Notes, Relationships, Theoretical_Notes
	Minor	None
772	Missing Release of Resource after Effective Lifetime
	Major	Common_Consequences, References, Relationships, Taxonomy_Mappings
	Minor	None
773	Missing Reference to Active File Descriptor or Handle
	Major	Common_Consequences, Relationships, Theoretical_Notes
	Minor	None
774	Allocation of File Descriptors or Handles Without Limits or Throttling
	Major	Alternate_Terms, Relationships, Theoretical_Notes
	Minor	None
775	Missing Release of File Descriptor or Handle after Effective Lifetime
	Major	Common_Consequences, Relationships, Theoretical_Notes
	Minor	None
783	Operator Precedence Logic Error
	Major	Taxonomy_Mappings
	Minor	None
786	Access of Memory Location Before Start of Buffer
	Major	Relationships
	Minor	None
788	Access of Memory Location After End of Buffer
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
789	Uncontrolled Memory Allocation
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
792	Incomplete Filtering of One or More Instances of Special Elements
	Major	None
	Minor	Description
794	Incomplete Filtering of Multiple Instances of Special Elements
	Major	None
	Minor	Description
798	Use of Hard-coded Credentials
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
800	Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
	Major	Description
	Minor	None
805	Buffer Access with Incorrect Length Value
	Major	Relationships
	Minor	None
807	Reliance on Untrusted Inputs in a Security Decision
	Major	Taxonomy_Mappings
	Minor	None
809	Weaknesses in OWASP Top Ten (2010)
	Major	Description
	Minor	None
820	Missing Synchronization
	Major	Relationships, Taxonomy_Mappings
	Minor	None
821	Incorrect Synchronization
	Major	Relationships
	Minor	None
829	Inclusion of Functionality from Untrusted Control Sphere
	Major	Related_Attack_Patterns
	Minor	None
833	Deadlock
	Major	Taxonomy_Mappings
	Minor	None
835	Loop with Unreachable Exit Condition ('Infinite Loop')
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
838	Inappropriate Encoding for Output Context
	Major	Relationships, Taxonomy_Mappings
	Minor	None
839	Numeric Range Comparison Without Minimum Check
	Major	Relationships
	Minor	None
843	Access of Resource Using Incompatible Type ('Type Confusion')
	Major	Relationships
	Minor	None
844	Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)
	Major	Description, Name, References, View_Audience
	Minor	None
845	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 2 - Input Validation and Data Sanitization (IDS)
	Major	Description, Name, References
	Minor	None
846	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 3 - Declarations and Initialization (DCL)
	Major	Description, Name, References
	Minor	None
847	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP)
	Major	Description, Name, References
	Minor	None
848	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 5 - Numeric Types and Operations (NUM)
	Major	Description, Name, References
	Minor	None
849	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 6 - Object Orientation (OBJ)
	Major	Description, Name, References
	Minor	None
850	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET)
	Major	Description, Name, References
	Minor	None
851	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR)
	Major	Description, Name, References
	Minor	None
852	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA)
	Major	Description, Name, References
	Minor	None
853	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK)
	Major	Description, Name, References
	Minor	None
854	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 11 - Thread APIs (THI)
	Major	Description, Name, References
	Minor	None
855	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS)
	Major	Description, Name, References
	Minor	None
856	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 13 - Thread-Safety Miscellaneous (TSM)
	Major	Description, Name, References
	Minor	None
857	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO)
	Major	Description, Name, References
	Minor	None
858	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER)
	Major	Description, Name, References
	Minor	None
859	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC)
	Major	Description, Name, References
	Minor	None
860	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV)
	Major	Description, Name, References
	Minor	None
861	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC)
	Major	Description, Name, References
	Minor	None
868	Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)
	Major	Description, Maintenance_Notes, Name, References
	Minor	None
869	CERT C++ Secure Coding Section 01 - Preprocessor (PRE)
	Major	References
	Minor	None
908	Use of Uninitialized Resource
	Major	Relationships
	Minor	None
910	Use of Expired File Descriptor
	Major	Relationships
	Minor	None
916	Use of Password Hash With Insufficient Computational Effort
	Major	Description
	Minor	None
923	Improper Restriction of Communication Channel to Intended Endpoints
	Major	Related_Attack_Patterns
	Minor	None
925	Improper Verification of Intent by Broadcast Receiver
	Major	Related_Attack_Patterns
	Minor	None
928	Weaknesses in OWASP Top Ten (2013)
	Major	Description
	Minor	None
999	Weaknesses without Software Fault Patterns
	Major	View_Filter
	Minor	None
1006	Bad Coding Practices
	Major	Relationships
	Minor	None
1007	Insufficient Visual Distinction of Homoglyphs Presented to User
	Major	Demonstrative_Examples, Description, Related_Attack_Patterns
	Minor	None
1023	Incomplete Comparison with Missing Factors
	Major	Relationships
	Minor	None

Page Last Updated: January 03, 2019


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Common Weakness Enumeration