| 1 |
DEPRECATED: Location |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 2 |
7PK - Environment |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 3 |
DEPRECATED: Technology-specific Environment Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 4 |
DEPRECATED: J2EE Environment Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 5 |
J2EE Misconfiguration: Data Transmission Without Encryption |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 6 |
J2EE Misconfiguration: Insufficient Session-ID Length |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 7 |
J2EE Misconfiguration: Missing Custom Error Page |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 8 |
J2EE Misconfiguration: Entity Bean Declared Remote |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 9 |
J2EE Misconfiguration: Weak Access Permissions for EJB Methods |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 10 |
DEPRECATED: ASP.NET Environment Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 11 |
ASP.NET Misconfiguration: Creating Debug Binary |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 12 |
ASP.NET Misconfiguration: Missing Custom Error Page |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 13 |
ASP.NET Misconfiguration: Password in Configuration File |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 14 |
Compiler Removal of Code to Clear Buffers |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 15 |
External Control of System or Configuration Setting |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 16 |
Configuration |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 17 |
DEPRECATED: Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 18 |
DEPRECATED: Source Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 19 |
Data Processing Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 20 |
Improper Input Validation |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 21 |
DEPRECATED: Pathname Traversal and Equivalence Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 23 |
Relative Path Traversal |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 24 |
Path Traversal: '../filedir' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 25 |
Path Traversal: '/../filedir' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 26 |
Path Traversal: '/dir/../filename' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 27 |
Path Traversal: 'dir/../../filename' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 28 |
Path Traversal: '..\filedir' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 29 |
Path Traversal: '\..\filename' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 30 |
Path Traversal: '\dir\..\filename' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 31 |
Path Traversal: 'dir\..\..\filename' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 32 |
Path Traversal: '...' (Triple Dot) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 33 |
Path Traversal: '....' (Multiple Dot) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 34 |
Path Traversal: '....//' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 35 |
Path Traversal: '.../...//' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 36 |
Absolute Path Traversal |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 37 |
Path Traversal: '/absolute/pathname/here' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 38 |
Path Traversal: '\absolute\pathname\here' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 39 |
Path Traversal: 'C:dirname' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 40 |
Path Traversal: '\\UNC\share\name\' (Windows UNC Share) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 41 |
Improper Resolution of Path Equivalence |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 42 |
Path Equivalence: 'filename.' (Trailing Dot) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 43 |
Path Equivalence: 'filename....' (Multiple Trailing Dot) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 44 |
Path Equivalence: 'file.name' (Internal Dot) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 45 |
Path Equivalence: 'file...name' (Multiple Internal Dot) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 46 |
Path Equivalence: 'filename ' (Trailing Space) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 47 |
Path Equivalence: ' filename' (Leading Space) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 48 |
Path Equivalence: 'file name' (Internal Whitespace) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 49 |
Path Equivalence: 'filename/' (Trailing Slash) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 50 |
Path Equivalence: '//multiple/leading/slash' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 51 |
Path Equivalence: '/multiple//internal/slash' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 52 |
Path Equivalence: '/multiple/trailing/slash//' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 53 |
Path Equivalence: '\multiple\\internal\backslash' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 54 |
Path Equivalence: 'filedir\' (Trailing Backslash) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 55 |
Path Equivalence: '/./' (Single Dot Directory) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 56 |
Path Equivalence: 'filedir*' (Wildcard) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 57 |
Path Equivalence: 'fakedir/../realdir/filename' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 58 |
Path Equivalence: Windows 8.3 Filename |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 59 |
Improper Link Resolution Before File Access ('Link Following') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 60 |
DEPRECATED: UNIX Path Link Problems |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 61 |
UNIX Symbolic Link (Symlink) Following |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 62 |
UNIX Hard Link |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 63 |
DEPRECATED: Windows Path Link Problems |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 64 |
Windows Shortcut Following (.LNK) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 65 |
Windows Hard Link |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 66 |
Improper Handling of File Names that Identify Virtual Resources |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 67 |
Improper Handling of Windows Device Names |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 68 |
DEPRECATED: Windows Virtual File Problems |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 69 |
Improper Handling of Windows ::DATA Alternate Data Stream |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 70 |
DEPRECATED: Mac Virtual File Problems |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 71 |
DEPRECATED: Apple '.DS_Store' |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 72 |
Improper Handling of Apple HFS+ Alternate Data Stream Path |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 73 |
External Control of File Name or Path |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 74 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 75 |
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 76 |
Improper Neutralization of Equivalent Special Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 77 |
Improper Neutralization of Special Elements used in a Command ('Command Injection') |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 78 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 79 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 80 |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 81 |
Improper Neutralization of Script in an Error Message Web Page |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 82 |
Improper Neutralization of Script in Attributes of IMG Tags in a Web Page |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 83 |
Improper Neutralization of Script in Attributes in a Web Page |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 84 |
Improper Neutralization of Encoded URI Schemes in a Web Page |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 85 |
Doubled Character XSS Manipulations |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 86 |
Improper Neutralization of Invalid Characters in Identifiers in Web Pages |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 87 |
Improper Neutralization of Alternate XSS Syntax |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 88 |
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 89 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 90 |
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 91 |
XML Injection (aka Blind XPath Injection) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 92 |
DEPRECATED: Improper Sanitization of Custom Special Characters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 93 |
Improper Neutralization of CRLF Sequences ('CRLF Injection') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 94 |
Improper Control of Generation of Code ('Code Injection') |
|
Major |
Mapping_Notes, Relationships, Taxonomy_Mappings |
|
Minor |
None |
| 95 |
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 96 |
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 97 |
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 98 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 99 |
Improper Control of Resource Identifiers ('Resource Injection') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 100 |
DEPRECATED: Technology-Specific Input Validation Problems |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 101 |
DEPRECATED: Struts Validation Problems |
|
Major |
Description, Mapping_Notes |
|
Minor |
None |
| 102 |
Struts: Duplicate Validation Forms |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 103 |
Struts: Incomplete validate() Method Definition |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 104 |
Struts: Form Bean Does Not Extend Validation Class |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 105 |
Struts: Form Field Without Validator |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 106 |
Struts: Plug-in Framework not in Use |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 107 |
Struts: Unused Validation Form |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 108 |
Struts: Unvalidated Action Form |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 109 |
Struts: Validator Turned Off |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 110 |
Struts: Validator Without Form Field |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 111 |
Direct Use of Unsafe JNI |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 112 |
Missing XML Validation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 113 |
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 114 |
Process Control |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 115 |
Misinterpretation of Input |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 116 |
Improper Encoding or Escaping of Output |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 117 |
Improper Output Neutralization for Logs |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 118 |
Incorrect Access of Indexable Resource ('Range Error') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 119 |
Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 120 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 121 |
Stack-based Buffer Overflow |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 122 |
Heap-based Buffer Overflow |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 123 |
Write-what-where Condition |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 124 |
Buffer Underwrite ('Buffer Underflow') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 125 |
Out-of-bounds Read |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 126 |
Buffer Over-read |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 127 |
Buffer Under-read |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 128 |
Wrap-around Error |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 129 |
Improper Validation of Array Index |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 130 |
Improper Handling of Length Parameter Inconsistency |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 131 |
Incorrect Calculation of Buffer Size |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 132 |
DEPRECATED: Miscalculated Null Termination |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 133 |
String Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 134 |
Use of Externally-Controlled Format String |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 135 |
Incorrect Calculation of Multi-Byte String Length |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 136 |
Type Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 137 |
Data Neutralization Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 138 |
Improper Neutralization of Special Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 139 |
DEPRECATED: General Special Element Problems |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 140 |
Improper Neutralization of Delimiters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 141 |
Improper Neutralization of Parameter/Argument Delimiters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 142 |
Improper Neutralization of Value Delimiters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 143 |
Improper Neutralization of Record Delimiters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 144 |
Improper Neutralization of Line Delimiters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 145 |
Improper Neutralization of Section Delimiters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 146 |
Improper Neutralization of Expression/Command Delimiters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 147 |
Improper Neutralization of Input Terminators |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 148 |
Improper Neutralization of Input Leaders |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 149 |
Improper Neutralization of Quoting Syntax |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 150 |
Improper Neutralization of Escape, Meta, or Control Sequences |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 151 |
Improper Neutralization of Comment Delimiters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 152 |
Improper Neutralization of Macro Symbols |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 153 |
Improper Neutralization of Substitution Characters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 154 |
Improper Neutralization of Variable Name Delimiters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 155 |
Improper Neutralization of Wildcards or Matching Symbols |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 156 |
Improper Neutralization of Whitespace |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 157 |
Failure to Sanitize Paired Delimiters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 158 |
Improper Neutralization of Null Byte or NUL Character |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 159 |
Improper Handling of Invalid Use of Special Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 160 |
Improper Neutralization of Leading Special Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 161 |
Improper Neutralization of Multiple Leading Special Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 162 |
Improper Neutralization of Trailing Special Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 163 |
Improper Neutralization of Multiple Trailing Special Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 164 |
Improper Neutralization of Internal Special Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 165 |
Improper Neutralization of Multiple Internal Special Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 166 |
Improper Handling of Missing Special Element |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 167 |
Improper Handling of Additional Special Element |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 168 |
Improper Handling of Inconsistent Special Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 169 |
DEPRECATED: Technology-Specific Special Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 170 |
Improper Null Termination |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 171 |
DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 172 |
Encoding Error |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 173 |
Improper Handling of Alternate Encoding |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 174 |
Double Decoding of the Same Data |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 175 |
Improper Handling of Mixed Encoding |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 176 |
Improper Handling of Unicode Encoding |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 177 |
Improper Handling of URL Encoding (Hex Encoding) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 178 |
Improper Handling of Case Sensitivity |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 179 |
Incorrect Behavior Order: Early Validation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 180 |
Incorrect Behavior Order: Validate Before Canonicalize |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 181 |
Incorrect Behavior Order: Validate Before Filter |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 182 |
Collapse of Data into Unsafe Value |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 183 |
Permissive List of Allowed Inputs |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 184 |
Incomplete List of Disallowed Inputs |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 185 |
Incorrect Regular Expression |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 186 |
Overly Restrictive Regular Expression |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 187 |
Partial String Comparison |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 188 |
Reliance on Data/Memory Layout |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 189 |
Numeric Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 190 |
Integer Overflow or Wraparound |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 191 |
Integer Underflow (Wrap or Wraparound) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 192 |
Integer Coercion Error |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 193 |
Off-by-one Error |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 194 |
Unexpected Sign Extension |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 195 |
Signed to Unsigned Conversion Error |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 196 |
Unsigned to Signed Conversion Error |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 197 |
Numeric Truncation Error |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 198 |
Use of Incorrect Byte Ordering |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 199 |
Information Management Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 200 |
Exposure of Sensitive Information to an Unauthorized Actor |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 201 |
Insertion of Sensitive Information Into Sent Data |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 202 |
Exposure of Sensitive Information Through Data Queries |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 203 |
Observable Discrepancy |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 204 |
Observable Response Discrepancy |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 205 |
Observable Behavioral Discrepancy |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 206 |
Observable Internal Behavioral Discrepancy |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 207 |
Observable Behavioral Discrepancy With Equivalent Products |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 208 |
Observable Timing Discrepancy |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 209 |
Generation of Error Message Containing Sensitive Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 210 |
Self-generated Error Message Containing Sensitive Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 211 |
Externally-Generated Error Message Containing Sensitive Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 212 |
Improper Removal of Sensitive Information Before Storage or Transfer |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 213 |
Exposure of Sensitive Information Due to Incompatible Policies |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 214 |
Invocation of Process Using Visible Sensitive Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 215 |
Insertion of Sensitive Information Into Debugging Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 216 |
DEPRECATED: Containment Errors (Container Errors) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 217 |
DEPRECATED: Failure to Protect Stored Data from Modification |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 218 |
DEPRECATED: Failure to provide confidentiality for stored data |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 219 |
Storage of File with Sensitive Data Under Web Root |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 220 |
Storage of File With Sensitive Data Under FTP Root |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 221 |
Information Loss or Omission |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 222 |
Truncation of Security-relevant Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 223 |
Omission of Security-relevant Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 224 |
Obscured Security-relevant Information by Alternate Name |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 225 |
DEPRECATED: General Information Management Problems |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 226 |
Sensitive Information in Resource Not Removed Before Reuse |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 227 |
7PK - API Abuse |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 228 |
Improper Handling of Syntactically Invalid Structure |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 229 |
Improper Handling of Values |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 230 |
Improper Handling of Missing Values |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 231 |
Improper Handling of Extra Values |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 232 |
Improper Handling of Undefined Values |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 233 |
Improper Handling of Parameters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 234 |
Failure to Handle Missing Parameter |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 235 |
Improper Handling of Extra Parameters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 236 |
Improper Handling of Undefined Parameters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 237 |
Improper Handling of Structural Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 238 |
Improper Handling of Incomplete Structural Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 239 |
Failure to Handle Incomplete Element |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 240 |
Improper Handling of Inconsistent Structural Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 241 |
Improper Handling of Unexpected Data Type |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 242 |
Use of Inherently Dangerous Function |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 243 |
Creation of chroot Jail Without Changing Working Directory |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 244 |
Improper Clearing of Heap Memory Before Release ('Heap Inspection') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 245 |
J2EE Bad Practices: Direct Management of Connections |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 246 |
J2EE Bad Practices: Direct Use of Sockets |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 247 |
DEPRECATED: Reliance on DNS Lookups in a Security Decision |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 248 |
Uncaught Exception |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 249 |
DEPRECATED: Often Misused: Path Manipulation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 250 |
Execution with Unnecessary Privileges |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 251 |
Often Misused: String Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 252 |
Unchecked Return Value |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 253 |
Incorrect Check of Function Return Value |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 254 |
7PK - Security Features |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 255 |
Credentials Management Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 256 |
Plaintext Storage of a Password |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 257 |
Storing Passwords in a Recoverable Format |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 258 |
Empty Password in Configuration File |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 259 |
Use of Hard-coded Password |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 260 |
Password in Configuration File |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 261 |
Weak Encoding for Password |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 262 |
Not Using Password Aging |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 263 |
Password Aging with Long Expiration |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 264 |
Permissions, Privileges, and Access Controls |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 265 |
Privilege Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 266 |
Incorrect Privilege Assignment |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 267 |
Privilege Defined With Unsafe Actions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 268 |
Privilege Chaining |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 269 |
Improper Privilege Management |
|
Major |
Mapping_Notes, Relationships, Taxonomy_Mappings |
|
Minor |
None |
| 270 |
Privilege Context Switching Error |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 271 |
Privilege Dropping / Lowering Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 272 |
Least Privilege Violation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 273 |
Improper Check for Dropped Privileges |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 274 |
Improper Handling of Insufficient Privileges |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 275 |
Permission Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 276 |
Incorrect Default Permissions |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 277 |
Insecure Inherited Permissions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 278 |
Insecure Preserved Inherited Permissions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 279 |
Incorrect Execution-Assigned Permissions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 280 |
Improper Handling of Insufficient Permissions or Privileges |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 281 |
Improper Preservation of Permissions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 282 |
Improper Ownership Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 283 |
Unverified Ownership |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 284 |
Improper Access Control |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 285 |
Improper Authorization |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 286 |
Incorrect User Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 287 |
Improper Authentication |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 288 |
Authentication Bypass Using an Alternate Path or Channel |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 289 |
Authentication Bypass by Alternate Name |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 290 |
Authentication Bypass by Spoofing |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 291 |
Reliance on IP Address for Authentication |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 292 |
DEPRECATED: Trusting Self-reported DNS Name |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 293 |
Using Referer Field for Authentication |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 294 |
Authentication Bypass by Capture-replay |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 295 |
Improper Certificate Validation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 296 |
Improper Following of a Certificate's Chain of Trust |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 297 |
Improper Validation of Certificate with Host Mismatch |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 298 |
Improper Validation of Certificate Expiration |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 299 |
Improper Check for Certificate Revocation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 300 |
Channel Accessible by Non-Endpoint |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 301 |
Reflection Attack in an Authentication Protocol |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 302 |
Authentication Bypass by Assumed-Immutable Data |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 303 |
Incorrect Implementation of Authentication Algorithm |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 304 |
Missing Critical Step in Authentication |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 305 |
Authentication Bypass by Primary Weakness |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 306 |
Missing Authentication for Critical Function |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 307 |
Improper Restriction of Excessive Authentication Attempts |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 308 |
Use of Single-factor Authentication |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 309 |
Use of Password System for Primary Authentication |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 310 |
Cryptographic Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 311 |
Missing Encryption of Sensitive Data |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 312 |
Cleartext Storage of Sensitive Information |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 313 |
Cleartext Storage in a File or on Disk |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 314 |
Cleartext Storage in the Registry |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 315 |
Cleartext Storage of Sensitive Information in a Cookie |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 316 |
Cleartext Storage of Sensitive Information in Memory |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 317 |
Cleartext Storage of Sensitive Information in GUI |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 318 |
Cleartext Storage of Sensitive Information in Executable |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 319 |
Cleartext Transmission of Sensitive Information |
|
Major |
Description, Mapping_Notes, Relationships |
|
Minor |
None |
| 320 |
Key Management Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 321 |
Use of Hard-coded Cryptographic Key |
|
Major |
Mapping_Notes, Taxonomy_Mappings |
|
Minor |
None |
| 322 |
Key Exchange without Entity Authentication |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 323 |
Reusing a Nonce, Key Pair in Encryption |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 324 |
Use of a Key Past its Expiration Date |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 325 |
Missing Cryptographic Step |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 326 |
Inadequate Encryption Strength |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 327 |
Use of a Broken or Risky Cryptographic Algorithm |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 328 |
Use of Weak Hash |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 329 |
Generation of Predictable IV with CBC Mode |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 330 |
Use of Insufficiently Random Values |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 331 |
Insufficient Entropy |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 332 |
Insufficient Entropy in PRNG |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 333 |
Improper Handling of Insufficient Entropy in TRNG |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 334 |
Small Space of Random Values |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 335 |
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 336 |
Same Seed in Pseudo-Random Number Generator (PRNG) |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 337 |
Predictable Seed in Pseudo-Random Number Generator (PRNG) |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 338 |
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 339 |
Small Seed Space in PRNG |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 340 |
Generation of Predictable Numbers or Identifiers |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 341 |
Predictable from Observable State |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 342 |
Predictable Exact Value from Previous Values |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 343 |
Predictable Value Range from Previous Values |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 344 |
Use of Invariant Value in Dynamically Changing Context |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 345 |
Insufficient Verification of Data Authenticity |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 346 |
Origin Validation Error |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 347 |
Improper Verification of Cryptographic Signature |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 348 |
Use of Less Trusted Source |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 349 |
Acceptance of Extraneous Untrusted Data With Trusted Data |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 350 |
Reliance on Reverse DNS Resolution for a Security-Critical Action |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 351 |
Insufficient Type Distinction |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 352 |
Cross-Site Request Forgery (CSRF) |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 353 |
Missing Support for Integrity Check |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 354 |
Improper Validation of Integrity Check Value |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 355 |
User Interface Security Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 356 |
Product UI does not Warn User of Unsafe Actions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 357 |
Insufficient UI Warning of Dangerous Operations |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 358 |
Improperly Implemented Security Check for Standard |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 359 |
Exposure of Private Personal Information to an Unauthorized Actor |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 360 |
Trust of System Event Data |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 361 |
7PK - Time and State |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 362 |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 363 |
Race Condition Enabling Link Following |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 364 |
Signal Handler Race Condition |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 365 |
DEPRECATED: Race Condition in Switch |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 366 |
Race Condition within a Thread |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 367 |
Time-of-check Time-of-use (TOCTOU) Race Condition |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 368 |
Context Switching Race Condition |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 369 |
Divide By Zero |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 370 |
Missing Check for Certificate Revocation after Initial Check |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 371 |
State Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 372 |
Incomplete Internal State Distinction |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 373 |
DEPRECATED: State Synchronization Error |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 374 |
Passing Mutable Objects to an Untrusted Method |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 375 |
Returning a Mutable Object to an Untrusted Caller |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 376 |
DEPRECATED: Temporary File Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 377 |
Insecure Temporary File |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 378 |
Creation of Temporary File With Insecure Permissions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 379 |
Creation of Temporary File in Directory with Insecure Permissions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 380 |
DEPRECATED: Technology-Specific Time and State Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 381 |
DEPRECATED: J2EE Time and State Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 382 |
J2EE Bad Practices: Use of System.exit() |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 383 |
J2EE Bad Practices: Direct Use of Threads |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 384 |
Session Fixation |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 385 |
Covert Timing Channel |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 386 |
Symbolic Name not Mapping to Correct Object |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 387 |
Signal Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 388 |
7PK - Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 389 |
Error Conditions, Return Values, Status Codes |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 390 |
Detection of Error Condition Without Action |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 391 |
Unchecked Error Condition |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 392 |
Missing Report of Error Condition |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 393 |
Return of Wrong Status Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 394 |
Unexpected Status Code or Return Value |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 395 |
Use of NullPointerException Catch to Detect NULL Pointer Dereference |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 396 |
Declaration of Catch for Generic Exception |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 397 |
Declaration of Throws for Generic Exception |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 398 |
7PK - Code Quality |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 399 |
Resource Management Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 400 |
Uncontrolled Resource Consumption |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 401 |
Missing Release of Memory after Effective Lifetime |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 402 |
Transmission of Private Resources into a New Sphere ('Resource Leak') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 403 |
Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 404 |
Improper Resource Shutdown or Release |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 405 |
Asymmetric Resource Consumption (Amplification) |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 406 |
Insufficient Control of Network Message Volume (Network Amplification) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 407 |
Inefficient Algorithmic Complexity |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 408 |
Incorrect Behavior Order: Early Amplification |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 409 |
Improper Handling of Highly Compressed Data (Data Amplification) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 410 |
Insufficient Resource Pool |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 411 |
Resource Locking Problems |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 412 |
Unrestricted Externally Accessible Lock |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 413 |
Improper Resource Locking |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 414 |
Missing Lock Check |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 415 |
Double Free |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 416 |
Use After Free |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 417 |
Communication Channel Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 418 |
DEPRECATED: Channel Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 419 |
Unprotected Primary Channel |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 420 |
Unprotected Alternate Channel |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 421 |
Race Condition During Access to Alternate Channel |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 422 |
Unprotected Windows Messaging Channel ('Shatter') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 423 |
DEPRECATED: Proxied Trusted Channel |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 424 |
Improper Protection of Alternate Path |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 425 |
Direct Request ('Forced Browsing') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 426 |
Untrusted Search Path |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 427 |
Uncontrolled Search Path Element |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 428 |
Unquoted Search Path or Element |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 429 |
Handler Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 430 |
Deployment of Wrong Handler |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 431 |
Missing Handler |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 432 |
Dangerous Signal Handler not Disabled During Sensitive Operations |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 433 |
Unparsed Raw Web Content Delivery |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 434 |
Unrestricted Upload of File with Dangerous Type |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 435 |
Improper Interaction Between Multiple Correctly-Behaving Entities |
|
Major |
Mapping_Notes, Research_Gaps |
|
Minor |
None |
| 436 |
Interpretation Conflict |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 437 |
Incomplete Model of Endpoint Features |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 438 |
Behavioral Problems |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 439 |
Behavioral Change in New Version or Environment |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 440 |
Expected Behavior Violation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 441 |
Unintended Proxy or Intermediary ('Confused Deputy') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 442 |
DEPRECATED: Web Problems |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 443 |
DEPRECATED: HTTP response splitting |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 444 |
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 445 |
DEPRECATED: User Interface Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 446 |
UI Discrepancy for Security Feature |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 447 |
Unimplemented or Unsupported Feature in UI |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 448 |
Obsolete Feature in UI |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 449 |
The UI Performs the Wrong Action |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 450 |
Multiple Interpretations of UI Input |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 451 |
User Interface (UI) Misrepresentation of Critical Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 452 |
Initialization and Cleanup Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 453 |
Insecure Default Variable Initialization |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 454 |
External Initialization of Trusted Variables or Data Stores |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 455 |
Non-exit on Failed Initialization |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 456 |
Missing Initialization of a Variable |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 457 |
Use of Uninitialized Variable |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 458 |
DEPRECATED: Incorrect Initialization |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 459 |
Incomplete Cleanup |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 460 |
Improper Cleanup on Thrown Exception |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 461 |
DEPRECATED: Data Structure Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 462 |
Duplicate Key in Associative List (Alist) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 463 |
Deletion of Data Structure Sentinel |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 464 |
Addition of Data Structure Sentinel |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 465 |
Pointer Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 466 |
Return of Pointer Value Outside of Expected Range |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 467 |
Use of sizeof() on a Pointer Type |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 468 |
Incorrect Pointer Scaling |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 469 |
Use of Pointer Subtraction to Determine Size |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 470 |
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 471 |
Modification of Assumed-Immutable Data (MAID) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 472 |
External Control of Assumed-Immutable Web Parameter |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 473 |
PHP External Variable Modification |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 474 |
Use of Function with Inconsistent Implementations |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 475 |
Undefined Behavior for Input to API |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 476 |
NULL Pointer Dereference |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 477 |
Use of Obsolete Function |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 478 |
Missing Default Case in Multiple Condition Expression |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 479 |
Signal Handler Use of a Non-reentrant Function |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 480 |
Use of Incorrect Operator |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 481 |
Assigning instead of Comparing |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 482 |
Comparing instead of Assigning |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 483 |
Incorrect Block Delimitation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 484 |
Omitted Break Statement in Switch |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 485 |
7PK - Encapsulation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 486 |
Comparison of Classes by Name |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 487 |
Reliance on Package-level Scope |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 488 |
Exposure of Data Element to Wrong Session |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 489 |
Active Debug Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 490 |
DEPRECATED: Mobile Code Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 491 |
Public cloneable() Method Without Final ('Object Hijack') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 492 |
Use of Inner Class Containing Sensitive Data |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 493 |
Critical Public Variable Without Final Modifier |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 494 |
Download of Code Without Integrity Check |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 495 |
Private Data Structure Returned From A Public Method |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 496 |
Public Data Assigned to Private Array-Typed Field |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 497 |
Exposure of Sensitive System Information to an Unauthorized Control Sphere |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 498 |
Cloneable Class Containing Sensitive Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 499 |
Serializable Class Containing Sensitive Data |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 500 |
Public Static Field Not Marked Final |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 501 |
Trust Boundary Violation |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 502 |
Deserialization of Untrusted Data |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 503 |
DEPRECATED: Byte/Object Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 504 |
DEPRECATED: Motivation/Intent |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 505 |
DEPRECATED: Intentionally Introduced Weakness |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 506 |
Embedded Malicious Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 507 |
Trojan Horse |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 508 |
Non-Replicating Malicious Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 509 |
Replicating Malicious Code (Virus or Worm) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 510 |
Trapdoor |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 511 |
Logic/Time Bomb |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 512 |
Spyware |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 513 |
DEPRECATED: Intentionally Introduced Nonmalicious Weakness |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 514 |
Covert Channel |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 515 |
Covert Storage Channel |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 516 |
DEPRECATED: Covert Timing Channel |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 517 |
DEPRECATED: Other Intentional, Nonmalicious Weakness |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 518 |
DEPRECATED: Inadvertently Introduced Weakness |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 519 |
DEPRECATED: .NET Environment Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 520 |
.NET Misconfiguration: Use of Impersonation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 521 |
Weak Password Requirements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 522 |
Insufficiently Protected Credentials |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 523 |
Unprotected Transport of Credentials |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 524 |
Use of Cache Containing Sensitive Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 525 |
Use of Web Browser Cache Containing Sensitive Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 526 |
Cleartext Storage of Sensitive Information in an Environment Variable |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 527 |
Exposure of Version-Control Repository to an Unauthorized Control Sphere |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 528 |
Exposure of Core Dump File to an Unauthorized Control Sphere |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 529 |
Exposure of Access Control List Files to an Unauthorized Control Sphere |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 530 |
Exposure of Backup File to an Unauthorized Control Sphere |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 531 |
Inclusion of Sensitive Information in Test Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 532 |
Insertion of Sensitive Information into Log File |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 533 |
DEPRECATED: Information Exposure Through Server Log Files |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 534 |
DEPRECATED: Information Exposure Through Debug Log Files |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 535 |
Exposure of Information Through Shell Error Message |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 536 |
Servlet Runtime Error Message Containing Sensitive Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 537 |
Java Runtime Error Message Containing Sensitive Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 538 |
Insertion of Sensitive Information into Externally-Accessible File or Directory |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 539 |
Use of Persistent Cookies Containing Sensitive Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 540 |
Inclusion of Sensitive Information in Source Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 541 |
Inclusion of Sensitive Information in an Include File |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 542 |
DEPRECATED: Information Exposure Through Cleanup Log Files |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 543 |
Use of Singleton Pattern Without Synchronization in a Multithreaded Context |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 544 |
Missing Standardized Error Handling Mechanism |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 545 |
DEPRECATED: Use of Dynamic Class Loading |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 546 |
Suspicious Comment |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 547 |
Use of Hard-coded, Security-relevant Constants |
|
Major |
Demonstrative_Examples, Mapping_Notes |
|
Minor |
None |
| 548 |
Exposure of Information Through Directory Listing |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 549 |
Missing Password Field Masking |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 550 |
Server-generated Error Message Containing Sensitive Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 551 |
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 552 |
Files or Directories Accessible to External Parties |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 553 |
Command Shell in Externally Accessible Directory |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 554 |
ASP.NET Misconfiguration: Not Using Input Validation Framework |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 555 |
J2EE Misconfiguration: Plaintext Password in Configuration File |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 556 |
ASP.NET Misconfiguration: Use of Identity Impersonation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 557 |
Concurrency Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 558 |
Use of getlogin() in Multithreaded Application |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 559 |
DEPRECATED: Often Misused: Arguments and Parameters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 560 |
Use of umask() with chmod-style Argument |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 561 |
Dead Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 562 |
Return of Stack Variable Address |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 563 |
Assignment to Variable without Use |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 564 |
SQL Injection: Hibernate |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 565 |
Reliance on Cookies without Validation and Integrity Checking |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 566 |
Authorization Bypass Through User-Controlled SQL Primary Key |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 567 |
Unsynchronized Access to Shared Data in a Multithreaded Context |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 568 |
finalize() Method Without super.finalize() |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 569 |
Expression Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 570 |
Expression is Always False |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 571 |
Expression is Always True |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 572 |
Call to Thread run() instead of start() |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 573 |
Improper Following of Specification by Caller |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 574 |
EJB Bad Practices: Use of Synchronization Primitives |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 575 |
EJB Bad Practices: Use of AWT Swing |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 576 |
EJB Bad Practices: Use of Java I/O |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 577 |
EJB Bad Practices: Use of Sockets |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 578 |
EJB Bad Practices: Use of Class Loader |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 579 |
J2EE Bad Practices: Non-serializable Object Stored in Session |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 580 |
clone() Method Without super.clone() |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 581 |
Object Model Violation: Just One of Equals and Hashcode Defined |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 582 |
Array Declared Public, Final, and Static |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 583 |
finalize() Method Declared Public |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 584 |
Return Inside Finally Block |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 585 |
Empty Synchronized Block |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 586 |
Explicit Call to Finalize() |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 587 |
Assignment of a Fixed Address to a Pointer |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 588 |
Attempt to Access Child of a Non-structure Pointer |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 589 |
Call to Non-ubiquitous API |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 590 |
Free of Memory not on the Heap |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 591 |
Sensitive Data Storage in Improperly Locked Memory |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 592 |
DEPRECATED: Authentication Bypass Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 593 |
Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 594 |
J2EE Framework: Saving Unserializable Objects to Disk |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 595 |
Comparison of Object References Instead of Object Contents |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 596 |
DEPRECATED: Incorrect Semantic Object Comparison |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 597 |
Use of Wrong Operator in String Comparison |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 598 |
Use of GET Request Method With Sensitive Query Strings |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 599 |
Missing Validation of OpenSSL Certificate |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 600 |
Uncaught Exception in Servlet |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 601 |
URL Redirection to Untrusted Site ('Open Redirect') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 602 |
Client-Side Enforcement of Server-Side Security |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 603 |
Use of Client-Side Authentication |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 604 |
Deprecated Entries |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 605 |
Multiple Binds to the Same Port |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 606 |
Unchecked Input for Loop Condition |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 607 |
Public Static Final Field References Mutable Object |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 608 |
Struts: Non-private Field in ActionForm Class |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 609 |
Double-Checked Locking |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 610 |
Externally Controlled Reference to a Resource in Another Sphere |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 611 |
Improper Restriction of XML External Entity Reference |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 612 |
Improper Authorization of Index Containing Sensitive Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 613 |
Insufficient Session Expiration |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 614 |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 615 |
Inclusion of Sensitive Information in Source Code Comments |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 616 |
Incomplete Identification of Uploaded File Variables (PHP) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 617 |
Reachable Assertion |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 618 |
Exposed Unsafe ActiveX Method |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 619 |
Dangling Database Cursor ('Cursor Injection') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 620 |
Unverified Password Change |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 621 |
Variable Extraction Error |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 622 |
Improper Validation of Function Hook Arguments |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 623 |
Unsafe ActiveX Control Marked Safe For Scripting |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 624 |
Executable Regular Expression Error |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 625 |
Permissive Regular Expression |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 626 |
Null Byte Interaction Error (Poison Null Byte) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 627 |
Dynamic Variable Evaluation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 628 |
Function Call with Incorrectly Specified Arguments |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 629 |
Weaknesses in OWASP Top Ten (2007) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 630 |
DEPRECATED: Weaknesses Examined by SAMATE |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 631 |
DEPRECATED: Resource-specific Weaknesses |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 632 |
DEPRECATED: Weaknesses that Affect Files or Directories |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 633 |
DEPRECATED: Weaknesses that Affect Memory |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 634 |
DEPRECATED: Weaknesses that Affect System Processes |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 635 |
Weaknesses Originally Used by NVD from 2008 to 2016 |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 636 |
Not Failing Securely ('Failing Open') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 637 |
Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 638 |
Not Using Complete Mediation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 639 |
Authorization Bypass Through User-Controlled Key |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 640 |
Weak Password Recovery Mechanism for Forgotten Password |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 641 |
Improper Restriction of Names for Files and Other Resources |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 642 |
External Control of Critical State Data |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 643 |
Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 644 |
Improper Neutralization of HTTP Headers for Scripting Syntax |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 645 |
Overly Restrictive Account Lockout Mechanism |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 646 |
Reliance on File Name or Extension of Externally-Supplied File |
|
Major |
Description, Mapping_Notes |
|
Minor |
None |
| 647 |
Use of Non-Canonical URL Paths for Authorization Decisions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 648 |
Incorrect Use of Privileged APIs |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 649 |
Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 650 |
Trusting HTTP Permission Methods on the Server Side |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 651 |
Exposure of WSDL File Containing Sensitive Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 652 |
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 653 |
Improper Isolation or Compartmentalization |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 654 |
Reliance on a Single Factor in a Security Decision |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 655 |
Insufficient Psychological Acceptability |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 656 |
Reliance on Security Through Obscurity |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 657 |
Violation of Secure Design Principles |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 658 |
Weaknesses in Software Written in C |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 659 |
Weaknesses in Software Written in C++ |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 660 |
Weaknesses in Software Written in Java |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 661 |
Weaknesses in Software Written in PHP |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 662 |
Improper Synchronization |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 663 |
Use of a Non-reentrant Function in a Concurrent Context |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 664 |
Improper Control of a Resource Through its Lifetime |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 665 |
Improper Initialization |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 666 |
Operation on Resource in Wrong Phase of Lifetime |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 667 |
Improper Locking |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 668 |
Exposure of Resource to Wrong Sphere |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 669 |
Incorrect Resource Transfer Between Spheres |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 670 |
Always-Incorrect Control Flow Implementation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 671 |
Lack of Administrator Control over Security |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 672 |
Operation on a Resource after Expiration or Release |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 673 |
External Influence of Sphere Definition |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 674 |
Uncontrolled Recursion |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 675 |
Multiple Operations on Resource in Single-Operation Context |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 676 |
Use of Potentially Dangerous Function |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 677 |
Weakness Base Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 678 |
Composites |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 679 |
DEPRECATED: Chain Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 680 |
Integer Overflow to Buffer Overflow |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 681 |
Incorrect Conversion between Numeric Types |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 682 |
Incorrect Calculation |
|
Major |
Mapping_Notes, Research_Gaps |
|
Minor |
None |
| 683 |
Function Call With Incorrect Order of Arguments |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 684 |
Incorrect Provision of Specified Functionality |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 685 |
Function Call With Incorrect Number of Arguments |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 686 |
Function Call With Incorrect Argument Type |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 687 |
Function Call With Incorrectly Specified Argument Value |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 688 |
Function Call With Incorrect Variable or Reference as Argument |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 689 |
Permission Race Condition During Resource Copy |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 690 |
Unchecked Return Value to NULL Pointer Dereference |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 691 |
Insufficient Control Flow Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 692 |
Incomplete Denylist to Cross-Site Scripting |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 693 |
Protection Mechanism Failure |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 694 |
Use of Multiple Resources with Duplicate Identifier |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 695 |
Use of Low-Level Functionality |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 696 |
Incorrect Behavior Order |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 697 |
Incorrect Comparison |
|
Major |
Mapping_Notes, Research_Gaps |
|
Minor |
None |
| 698 |
Execution After Redirect (EAR) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 699 |
Software Development |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 700 |
Seven Pernicious Kingdoms |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 701 |
Weaknesses Introduced During Design |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 702 |
Weaknesses Introduced During Implementation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 703 |
Improper Check or Handling of Exceptional Conditions |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 704 |
Incorrect Type Conversion or Cast |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 705 |
Incorrect Control Flow Scoping |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 706 |
Use of Incorrectly-Resolved Name or Reference |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 707 |
Improper Neutralization |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 708 |
Incorrect Ownership Assignment |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 709 |
Named Chains |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 710 |
Improper Adherence to Coding Standards |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 711 |
Weaknesses in OWASP Top Ten (2004) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 712 |
OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 713 |
OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 714 |
OWASP Top Ten 2007 Category A3 - Malicious File Execution |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 715 |
OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 716 |
OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 717 |
OWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error Handling |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 718 |
OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 719 |
OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 720 |
OWASP Top Ten 2007 Category A9 - Insecure Communications |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 721 |
OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 722 |
OWASP Top Ten 2004 Category A1 - Unvalidated Input |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 723 |
OWASP Top Ten 2004 Category A2 - Broken Access Control |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 724 |
OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 725 |
OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 726 |
OWASP Top Ten 2004 Category A5 - Buffer Overflows |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 727 |
OWASP Top Ten 2004 Category A6 - Injection Flaws |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 728 |
OWASP Top Ten 2004 Category A7 - Improper Error Handling |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 729 |
OWASP Top Ten 2004 Category A8 - Insecure Storage |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 730 |
OWASP Top Ten 2004 Category A9 - Denial of Service |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 731 |
OWASP Top Ten 2004 Category A10 - Insecure Configuration Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 732 |
Incorrect Permission Assignment for Critical Resource |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 733 |
Compiler Optimization Removal or Modification of Security-critical Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 734 |
Weaknesses Addressed by the CERT C Secure Coding Standard (2008) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 735 |
CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 736 |
CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 737 |
CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 738 |
CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 739 |
CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 740 |
CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 741 |
CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 742 |
CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 743 |
CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 744 |
CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 745 |
CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 746 |
CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 747 |
CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 748 |
CERT C Secure Coding Standard (2008) Appendix - POSIX (POS) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 749 |
Exposed Dangerous Method or Function |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 750 |
Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 751 |
2009 Top 25 - Insecure Interaction Between Components |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 752 |
2009 Top 25 - Risky Resource Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 753 |
2009 Top 25 - Porous Defenses |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 754 |
Improper Check for Unusual or Exceptional Conditions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 755 |
Improper Handling of Exceptional Conditions |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 756 |
Missing Custom Error Page |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 757 |
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 758 |
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 759 |
Use of a One-Way Hash without a Salt |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 760 |
Use of a One-Way Hash with a Predictable Salt |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 761 |
Free of Pointer not at Start of Buffer |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 762 |
Mismatched Memory Management Routines |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 763 |
Release of Invalid Pointer or Reference |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 764 |
Multiple Locks of a Critical Resource |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 765 |
Multiple Unlocks of a Critical Resource |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 766 |
Critical Data Element Declared Public |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 767 |
Access to Critical Private Variable via Public Method |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 768 |
Incorrect Short Circuit Evaluation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 769 |
DEPRECATED: Uncontrolled File Descriptor Consumption |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 770 |
Allocation of Resources Without Limits or Throttling |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 771 |
Missing Reference to Active Allocated Resource |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 772 |
Missing Release of Resource after Effective Lifetime |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 773 |
Missing Reference to Active File Descriptor or Handle |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 774 |
Allocation of File Descriptors or Handles Without Limits or Throttling |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 775 |
Missing Release of File Descriptor or Handle after Effective Lifetime |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 776 |
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 777 |
Regular Expression without Anchors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 778 |
Insufficient Logging |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 779 |
Logging of Excessive Data |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 780 |
Use of RSA Algorithm without OAEP |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 781 |
Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 782 |
Exposed IOCTL with Insufficient Access Control |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 783 |
Operator Precedence Logic Error |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 784 |
Reliance on Cookies without Validation and Integrity Checking in a Security Decision |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 785 |
Use of Path Manipulation Function without Maximum-sized Buffer |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 786 |
Access of Memory Location Before Start of Buffer |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 787 |
Out-of-bounds Write |
|
Major |
Mapping_Notes, Relationships, Taxonomy_Mappings |
|
Minor |
None |
| 788 |
Access of Memory Location After End of Buffer |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 789 |
Memory Allocation with Excessive Size Value |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 790 |
Improper Filtering of Special Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 791 |
Incomplete Filtering of Special Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 792 |
Incomplete Filtering of One or More Instances of Special Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 793 |
Only Filtering One Instance of a Special Element |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 794 |
Incomplete Filtering of Multiple Instances of Special Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 795 |
Only Filtering Special Elements at a Specified Location |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 796 |
Only Filtering Special Elements Relative to a Marker |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 797 |
Only Filtering Special Elements at an Absolute Position |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 798 |
Use of Hard-coded Credentials |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 799 |
Improper Control of Interaction Frequency |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 800 |
Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 801 |
2010 Top 25 - Insecure Interaction Between Components |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 802 |
2010 Top 25 - Risky Resource Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 803 |
2010 Top 25 - Porous Defenses |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 804 |
Guessable CAPTCHA |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 805 |
Buffer Access with Incorrect Length Value |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 806 |
Buffer Access Using Size of Source Buffer |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 807 |
Reliance on Untrusted Inputs in a Security Decision |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 808 |
2010 Top 25 - Weaknesses On the Cusp |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 809 |
Weaknesses in OWASP Top Ten (2010) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 810 |
OWASP Top Ten 2010 Category A1 - Injection |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 811 |
OWASP Top Ten 2010 Category A2 - Cross-Site Scripting (XSS) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 812 |
OWASP Top Ten 2010 Category A3 - Broken Authentication and Session Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 813 |
OWASP Top Ten 2010 Category A4 - Insecure Direct Object References |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 814 |
OWASP Top Ten 2010 Category A5 - Cross-Site Request Forgery(CSRF) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 815 |
OWASP Top Ten 2010 Category A6 - Security Misconfiguration |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 816 |
OWASP Top Ten 2010 Category A7 - Insecure Cryptographic Storage |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 817 |
OWASP Top Ten 2010 Category A8 - Failure to Restrict URL Access |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 818 |
OWASP Top Ten 2010 Category A9 - Insufficient Transport Layer Protection |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 819 |
OWASP Top Ten 2010 Category A10 - Unvalidated Redirects and Forwards |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 820 |
Missing Synchronization |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 821 |
Incorrect Synchronization |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 822 |
Untrusted Pointer Dereference |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 823 |
Use of Out-of-range Pointer Offset |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 824 |
Access of Uninitialized Pointer |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 825 |
Expired Pointer Dereference |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 826 |
Premature Release of Resource During Expected Lifetime |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 827 |
Improper Control of Document Type Definition |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 828 |
Signal Handler with Functionality that is not Asynchronous-Safe |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 829 |
Inclusion of Functionality from Untrusted Control Sphere |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 830 |
Inclusion of Web Functionality from an Untrusted Source |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 831 |
Signal Handler Function Associated with Multiple Signals |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 832 |
Unlock of a Resource that is not Locked |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 833 |
Deadlock |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 834 |
Excessive Iteration |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 835 |
Loop with Unreachable Exit Condition ('Infinite Loop') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 836 |
Use of Password Hash Instead of Password for Authentication |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 837 |
Improper Enforcement of a Single, Unique Action |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 838 |
Inappropriate Encoding for Output Context |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 839 |
Numeric Range Comparison Without Minimum Check |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 840 |
Business Logic Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 841 |
Improper Enforcement of Behavioral Workflow |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 842 |
Placement of User into Incorrect Group |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 843 |
Access of Resource Using Incompatible Type ('Type Confusion') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 844 |
Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 845 |
The CERT Oracle Secure Coding Standard for Java (2011) Chapter 2 - Input Validation and Data Sanitization (IDS) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 846 |
The CERT Oracle Secure Coding Standard for Java (2011) Chapter 3 - Declarations and Initialization (DCL) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 847 |
The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 848 |
The CERT Oracle Secure Coding Standard for Java (2011) Chapter 5 - Numeric Types and Operations (NUM) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 849 |
The CERT Oracle Secure Coding Standard for Java (2011) Chapter 6 - Object Orientation (OBJ) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 850 |
The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 851 |
The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 852 |
The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 853 |
The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 854 |
The CERT Oracle Secure Coding Standard for Java (2011) Chapter 11 - Thread APIs (THI) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 855 |
The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 856 |
The CERT Oracle Secure Coding Standard for Java (2011) Chapter 13 - Thread-Safety Miscellaneous (TSM) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 857 |
The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 858 |
The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 859 |
The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 860 |
The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 861 |
The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 862 |
Missing Authorization |
|
Major |
Mapping_Notes, Relationships, Taxonomy_Mappings |
|
Minor |
None |
| 863 |
Incorrect Authorization |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 864 |
2011 Top 25 - Insecure Interaction Between Components |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 865 |
2011 Top 25 - Risky Resource Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 866 |
2011 Top 25 - Porous Defenses |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 867 |
2011 Top 25 - Weaknesses On the Cusp |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 868 |
Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 869 |
CERT C++ Secure Coding Section 01 - Preprocessor (PRE) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 870 |
CERT C++ Secure Coding Section 02 - Declarations and Initialization (DCL) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 871 |
CERT C++ Secure Coding Section 03 - Expressions (EXP) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 872 |
CERT C++ Secure Coding Section 04 - Integers (INT) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 873 |
CERT C++ Secure Coding Section 05 - Floating Point Arithmetic (FLP) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 874 |
CERT C++ Secure Coding Section 06 - Arrays and the STL (ARR) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 875 |
CERT C++ Secure Coding Section 07 - Characters and Strings (STR) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 876 |
CERT C++ Secure Coding Section 08 - Memory Management (MEM) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 877 |
CERT C++ Secure Coding Section 09 - Input Output (FIO) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 878 |
CERT C++ Secure Coding Section 10 - Environment (ENV) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 879 |
CERT C++ Secure Coding Section 11 - Signals (SIG) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 880 |
CERT C++ Secure Coding Section 12 - Exceptions and Error Handling (ERR) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 881 |
CERT C++ Secure Coding Section 13 - Object Oriented Programming (OOP) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 882 |
CERT C++ Secure Coding Section 14 - Concurrency (CON) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 883 |
CERT C++ Secure Coding Section 49 - Miscellaneous (MSC) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 884 |
CWE Cross-section |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 885 |
SFP Primary Cluster: Risky Values |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 886 |
SFP Primary Cluster: Unused entities |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 887 |
SFP Primary Cluster: API |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 888 |
Software Fault Pattern (SFP) Clusters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 889 |
SFP Primary Cluster: Exception Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 890 |
SFP Primary Cluster: Memory Access |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 891 |
SFP Primary Cluster: Memory Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 892 |
SFP Primary Cluster: Resource Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 893 |
SFP Primary Cluster: Path Resolution |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 894 |
SFP Primary Cluster: Synchronization |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 895 |
SFP Primary Cluster: Information Leak |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 896 |
SFP Primary Cluster: Tainted Input |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 897 |
SFP Primary Cluster: Entry Points |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 898 |
SFP Primary Cluster: Authentication |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 899 |
SFP Primary Cluster: Access Control |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 900 |
Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 901 |
SFP Primary Cluster: Privilege |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 902 |
SFP Primary Cluster: Channel |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 903 |
SFP Primary Cluster: Cryptography |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 904 |
SFP Primary Cluster: Malware |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 905 |
SFP Primary Cluster: Predictability |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 906 |
SFP Primary Cluster: UI |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 907 |
SFP Primary Cluster: Other |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 908 |
Use of Uninitialized Resource |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 909 |
Missing Initialization of Resource |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 910 |
Use of Expired File Descriptor |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 911 |
Improper Update of Reference Count |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 912 |
Hidden Functionality |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 913 |
Improper Control of Dynamically-Managed Code Resources |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 914 |
Improper Control of Dynamically-Identified Variables |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 915 |
Improperly Controlled Modification of Dynamically-Determined Object Attributes |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 916 |
Use of Password Hash With Insufficient Computational Effort |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 917 |
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 918 |
Server-Side Request Forgery (SSRF) |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 919 |
Weaknesses in Mobile Applications |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 920 |
Improper Restriction of Power Consumption |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 921 |
Storage of Sensitive Data in a Mechanism without Access Control |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 922 |
Insecure Storage of Sensitive Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 923 |
Improper Restriction of Communication Channel to Intended Endpoints |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 924 |
Improper Enforcement of Message Integrity During Transmission in a Communication Channel |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 925 |
Improper Verification of Intent by Broadcast Receiver |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 926 |
Improper Export of Android Application Components |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 927 |
Use of Implicit Intent for Sensitive Communication |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 928 |
Weaknesses in OWASP Top Ten (2013) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 929 |
OWASP Top Ten 2013 Category A1 - Injection |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 930 |
OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 931 |
OWASP Top Ten 2013 Category A3 - Cross-Site Scripting (XSS) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 932 |
OWASP Top Ten 2013 Category A4 - Insecure Direct Object References |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 933 |
OWASP Top Ten 2013 Category A5 - Security Misconfiguration |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 934 |
OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 935 |
OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 936 |
OWASP Top Ten 2013 Category A8 - Cross-Site Request Forgery (CSRF) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 937 |
OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 938 |
OWASP Top Ten 2013 Category A10 - Unvalidated Redirects and Forwards |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 939 |
Improper Authorization in Handler for Custom URL Scheme |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 940 |
Improper Verification of Source of a Communication Channel |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 941 |
Incorrectly Specified Destination in a Communication Channel |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 942 |
Permissive Cross-domain Policy with Untrusted Domains |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 943 |
Improper Neutralization of Special Elements in Data Query Logic |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 944 |
SFP Secondary Cluster: Access Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 945 |
SFP Secondary Cluster: Insecure Resource Access |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 946 |
SFP Secondary Cluster: Insecure Resource Permissions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 947 |
SFP Secondary Cluster: Authentication Bypass |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 948 |
SFP Secondary Cluster: Digital Certificate |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 949 |
SFP Secondary Cluster: Faulty Endpoint Authentication |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 950 |
SFP Secondary Cluster: Hardcoded Sensitive Data |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 951 |
SFP Secondary Cluster: Insecure Authentication Policy |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 952 |
SFP Secondary Cluster: Missing Authentication |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 953 |
SFP Secondary Cluster: Missing Endpoint Authentication |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 954 |
SFP Secondary Cluster: Multiple Binds to the Same Port |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 955 |
SFP Secondary Cluster: Unrestricted Authentication |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 956 |
SFP Secondary Cluster: Channel Attack |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 957 |
SFP Secondary Cluster: Protocol Error |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 958 |
SFP Secondary Cluster: Broken Cryptography |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 959 |
SFP Secondary Cluster: Weak Cryptography |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 960 |
SFP Secondary Cluster: Ambiguous Exception Type |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 961 |
SFP Secondary Cluster: Incorrect Exception Behavior |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 962 |
SFP Secondary Cluster: Unchecked Status Condition |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 963 |
SFP Secondary Cluster: Exposed Data |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 964 |
SFP Secondary Cluster: Exposure Temporary File |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 965 |
SFP Secondary Cluster: Insecure Session Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 966 |
SFP Secondary Cluster: Other Exposures |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 967 |
SFP Secondary Cluster: State Disclosure |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 968 |
SFP Secondary Cluster: Covert Channel |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 969 |
SFP Secondary Cluster: Faulty Memory Release |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 970 |
SFP Secondary Cluster: Faulty Buffer Access |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 971 |
SFP Secondary Cluster: Faulty Pointer Use |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 972 |
SFP Secondary Cluster: Faulty String Expansion |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 973 |
SFP Secondary Cluster: Improper NULL Termination |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 974 |
SFP Secondary Cluster: Incorrect Buffer Length Computation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 975 |
SFP Secondary Cluster: Architecture |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 976 |
SFP Secondary Cluster: Compiler |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 977 |
SFP Secondary Cluster: Design |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 978 |
SFP Secondary Cluster: Implementation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 979 |
SFP Secondary Cluster: Failed Chroot Jail |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 980 |
SFP Secondary Cluster: Link in Resource Name Resolution |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 981 |
SFP Secondary Cluster: Path Traversal |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 982 |
SFP Secondary Cluster: Failure to Release Resource |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 983 |
SFP Secondary Cluster: Faulty Resource Use |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 984 |
SFP Secondary Cluster: Life Cycle |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 985 |
SFP Secondary Cluster: Unrestricted Consumption |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 986 |
SFP Secondary Cluster: Missing Lock |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 987 |
SFP Secondary Cluster: Multiple Locks/Unlocks |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 988 |
SFP Secondary Cluster: Race Condition Window |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 989 |
SFP Secondary Cluster: Unrestricted Lock |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 990 |
SFP Secondary Cluster: Tainted Input to Command |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 991 |
SFP Secondary Cluster: Tainted Input to Environment |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 992 |
SFP Secondary Cluster: Faulty Input Transformation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 993 |
SFP Secondary Cluster: Incorrect Input Handling |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 994 |
SFP Secondary Cluster: Tainted Input to Variable |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 995 |
SFP Secondary Cluster: Feature |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 996 |
SFP Secondary Cluster: Security |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 997 |
SFP Secondary Cluster: Information Loss |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 998 |
SFP Secondary Cluster: Glitch in Computation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 999 |
DEPRECATED: Weaknesses without Software Fault Patterns |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1000 |
Research Concepts |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1001 |
SFP Secondary Cluster: Use of an Improper API |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1002 |
SFP Secondary Cluster: Unexpected Entry Points |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1003 |
Weaknesses for Simplified Mapping of Published Vulnerabilities |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1004 |
Sensitive Cookie Without 'HttpOnly' Flag |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1005 |
7PK - Input Validation and Representation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1006 |
Bad Coding Practices |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1007 |
Insufficient Visual Distinction of Homoglyphs Presented to User |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1008 |
Architectural Concepts |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1009 |
Audit |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1010 |
Authenticate Actors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1011 |
Authorize Actors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1012 |
Cross Cutting |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1013 |
Encrypt Data |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1014 |
Identify Actors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1015 |
Limit Access |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1016 |
Limit Exposure |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1017 |
Lock Computer |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1018 |
Manage User Sessions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1019 |
Validate Inputs |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1020 |
Verify Message Integrity |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1021 |
Improper Restriction of Rendered UI Layers or Frames |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1022 |
Use of Web Link to Untrusted Target with window.opener Access |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1023 |
Incomplete Comparison with Missing Factors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1024 |
Comparison of Incompatible Types |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1025 |
Comparison Using Wrong Factors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1026 |
Weaknesses in OWASP Top Ten (2017) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1027 |
OWASP Top Ten 2017 Category A1 - Injection |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1028 |
OWASP Top Ten 2017 Category A2 - Broken Authentication |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1029 |
OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1030 |
OWASP Top Ten 2017 Category A4 - XML External Entities (XXE) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1031 |
OWASP Top Ten 2017 Category A5 - Broken Access Control |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1032 |
OWASP Top Ten 2017 Category A6 - Security Misconfiguration |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1033 |
OWASP Top Ten 2017 Category A7 - Cross-Site Scripting (XSS) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1034 |
OWASP Top Ten 2017 Category A8 - Insecure Deserialization |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1035 |
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1036 |
OWASP Top Ten 2017 Category A10 - Insufficient Logging & Monitoring |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1037 |
Processor Optimization Removal or Modification of Security-critical Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1038 |
Insecure Automated Optimizations |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1039 |
Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1040 |
Quality Weaknesses with Indirect Security Impacts |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1041 |
Use of Redundant Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1042 |
Static Member Data Element outside of a Singleton Class Element |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1043 |
Data Element Aggregating an Excessively Large Number of Non-Primitive Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1044 |
Architecture with Number of Horizontal Layers Outside of Expected Range |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1045 |
Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1046 |
Creation of Immutable Text Using String Concatenation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1047 |
Modules with Circular Dependencies |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1048 |
Invokable Control Element with Large Number of Outward Calls |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1049 |
Excessive Data Query Operations in a Large Data Table |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1050 |
Excessive Platform Resource Consumption within a Loop |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1051 |
Initialization with Hard-Coded Network Resource Configuration Data |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1052 |
Excessive Use of Hard-Coded Literals in Initialization |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1053 |
Missing Documentation for Design |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1054 |
Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1055 |
Multiple Inheritance from Concrete Classes |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1056 |
Invokable Control Element with Variadic Parameters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1057 |
Data Access Operations Outside of Expected Data Manager Component |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1058 |
Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1059 |
Insufficient Technical Documentation |
|
Major |
Mapping_Notes, Taxonomy_Mappings |
|
Minor |
None |
| 1060 |
Excessive Number of Inefficient Server-Side Data Accesses |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1061 |
Insufficient Encapsulation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1062 |
Parent Class with References to Child Class |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1063 |
Creation of Class Instance within a Static Code Block |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1064 |
Invokable Control Element with Signature Containing an Excessive Number of Parameters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1065 |
Runtime Resource Management Control Element in a Component Built to Run on Application Servers |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1066 |
Missing Serialization Control Element |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1067 |
Excessive Execution of Sequential Searches of Data Resource |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1068 |
Inconsistency Between Implementation and Documented Design |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1069 |
Empty Exception Block |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1070 |
Serializable Data Element Containing non-Serializable Item Elements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1071 |
Empty Code Block |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1072 |
Data Resource Access without Use of Connection Pooling |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1073 |
Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1074 |
Class with Excessively Deep Inheritance |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1075 |
Unconditional Control Flow Transfer outside of Switch Block |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1076 |
Insufficient Adherence to Expected Conventions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1077 |
Floating Point Comparison with Incorrect Operator |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1078 |
Inappropriate Source Code Style or Formatting |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1079 |
Parent Class without Virtual Destructor Method |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1080 |
Source Code File with Excessive Number of Lines of Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1081 |
Entries with Maintenance Notes |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1082 |
Class Instance Self Destruction Control Element |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1083 |
Data Access from Outside Expected Data Manager Component |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1084 |
Invokable Control Element with Excessive File or Data Access Operations |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1085 |
Invokable Control Element with Excessive Volume of Commented-out Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1086 |
Class with Excessive Number of Child Classes |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1087 |
Class with Virtual Method without a Virtual Destructor |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1088 |
Synchronous Access of Remote Resource without Timeout |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1089 |
Large Data Table with Excessive Number of Indices |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1090 |
Method Containing Access of a Member Element from Another Class |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1091 |
Use of Object without Invoking Destructor Method |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1092 |
Use of Same Invokable Control Element in Multiple Architectural Layers |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1093 |
Excessively Complex Data Representation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1094 |
Excessive Index Range Scan for a Data Resource |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1095 |
Loop Condition Value Update within the Loop |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1096 |
Singleton Class Instance Creation without Proper Locking or Synchronization |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1097 |
Persistent Storable Data Element without Associated Comparison Control Element |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1098 |
Data Element containing Pointer Item without Proper Copy Control Element |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1099 |
Inconsistent Naming Conventions for Identifiers |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1100 |
Insufficient Isolation of System-Dependent Functions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1101 |
Reliance on Runtime Component in Generated Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1102 |
Reliance on Machine-Dependent Data Representation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1103 |
Use of Platform-Dependent Third Party Components |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1104 |
Use of Unmaintained Third Party Components |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1105 |
Insufficient Encapsulation of Machine-Dependent Functionality |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1106 |
Insufficient Use of Symbolic Constants |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1107 |
Insufficient Isolation of Symbolic Constant Definitions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1108 |
Excessive Reliance on Global Variables |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1109 |
Use of Same Variable for Multiple Purposes |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1110 |
Incomplete Design Documentation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1111 |
Incomplete I/O Documentation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1112 |
Incomplete Documentation of Program Execution |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1113 |
Inappropriate Comment Style |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1114 |
Inappropriate Whitespace Style |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1115 |
Source Code Element without Standard Prologue |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1116 |
Inaccurate Comments |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1117 |
Callable with Insufficient Behavioral Summary |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1118 |
Insufficient Documentation of Error Handling Techniques |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1119 |
Excessive Use of Unconditional Branching |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1120 |
Excessive Code Complexity |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1121 |
Excessive McCabe Cyclomatic Complexity |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1122 |
Excessive Halstead Complexity |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1123 |
Excessive Use of Self-Modifying Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1124 |
Excessively Deep Nesting |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1125 |
Excessive Attack Surface |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1126 |
Declaration of Variable with Unnecessarily Wide Scope |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1127 |
Compilation with Insufficient Warnings or Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1128 |
CISQ Quality Measures (2016) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1129 |
CISQ Quality Measures (2016) - Reliability |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1130 |
CISQ Quality Measures (2016) - Maintainability |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1131 |
CISQ Quality Measures (2016) - Security |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1132 |
CISQ Quality Measures (2016) - Performance Efficiency |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1133 |
Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1134 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 00. Input Validation and Data Sanitization (IDS) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1135 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 01. Declarations and Initialization (DCL) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1136 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 02. Expressions (EXP) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1137 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1138 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 04. Characters and Strings (STR) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1139 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 05. Object Orientation (OBJ) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1140 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 06. Methods (MET) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1141 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 07. Exceptional Behavior (ERR) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1142 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 08. Visibility and Atomicity (VNA) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1143 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 09. Locking (LCK) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1144 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 10. Thread APIs (THI) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1145 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 11. Thread Pools (TPS) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1146 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 12. Thread-Safety Miscellaneous (TSM) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1147 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1148 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 14. Serialization (SER) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1149 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 15. Platform Security (SEC) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1150 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 16. Runtime Environment (ENV) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1151 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 17. Java Native Interface (JNI) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1152 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 49. Miscellaneous (MSC) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1153 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 50. Android (DRD) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1154 |
Weaknesses Addressed by the SEI CERT C Coding Standard |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1155 |
SEI CERT C Coding Standard - Guidelines 01. Preprocessor (PRE) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1156 |
SEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1157 |
SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1158 |
SEI CERT C Coding Standard - Guidelines 04. Integers (INT) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1159 |
SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1160 |
SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1161 |
SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1162 |
SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1163 |
SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1164 |
Irrelevant Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1165 |
SEI CERT C Coding Standard - Guidelines 10. Environment (ENV) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1166 |
SEI CERT C Coding Standard - Guidelines 11. Signals (SIG) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1167 |
SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1168 |
SEI CERT C Coding Standard - Guidelines 13. Application Programming Interfaces (API) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1169 |
SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1170 |
SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1171 |
SEI CERT C Coding Standard - Guidelines 50. POSIX (POS) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1172 |
SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1173 |
Improper Use of Validation Framework |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1174 |
ASP.NET Misconfiguration: Improper Model Validation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1175 |
SEI CERT Oracle Secure Coding Standard for Java - Guidelines 18. Concurrency (CON) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1176 |
Inefficient CPU Computation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1177 |
Use of Prohibited Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1178 |
Weaknesses Addressed by the SEI CERT Perl Coding Standard |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1179 |
SEI CERT Perl Coding Standard - Guidelines 01. Input Validation and Data Sanitization (IDS) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1180 |
SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1181 |
SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1182 |
SEI CERT Perl Coding Standard - Guidelines 04. Integers (INT) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1183 |
SEI CERT Perl Coding Standard - Guidelines 05. Strings (STR) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1184 |
SEI CERT Perl Coding Standard - Guidelines 06. Object-Oriented Programming (OOP) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1185 |
SEI CERT Perl Coding Standard - Guidelines 07. File Input and Output (FIO) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1186 |
SEI CERT Perl Coding Standard - Guidelines 50. Miscellaneous (MSC) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1187 |
DEPRECATED: Use of Uninitialized Resource |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1188 |
Insecure Default Initialization of Resource |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1189 |
Improper Isolation of Shared Resources on System-on-a-Chip (SoC) |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 1190 |
DMA Device Enabled Too Early in Boot Phase |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1191 |
On-Chip Debug and Test Interface With Improper Access Control |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1192 |
System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1193 |
Power-On of Untrusted Execution Core Before Enabling Fabric Access Control |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1194 |
Hardware Design |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1195 |
Manufacturing and Life Cycle Management Concerns |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1196 |
Security Flow Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1197 |
Integration Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1198 |
Privilege Separation and Access Control Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1199 |
General Circuit and Logic Design Concerns |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1200 |
Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1201 |
Core and Compute Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1202 |
Memory and Storage Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1203 |
Peripherals, On-chip Fabric, and Interface/IO Problems |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1204 |
Generation of Weak Initialization Vector (IV) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1205 |
Security Primitives and Cryptography Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1206 |
Power, Clock, Thermal, and Reset Concerns |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1207 |
Debug and Test Problems |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1208 |
Cross-Cutting Problems |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1209 |
Failure to Disable Reserved Bits |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1210 |
Audit / Logging Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1211 |
Authentication Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1212 |
Authorization Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1213 |
Random Number Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1214 |
Data Integrity Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1215 |
Data Validation Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1216 |
Lockout Mechanism Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1217 |
User Session Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1218 |
Memory Buffer Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1219 |
File Handling Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1220 |
Insufficient Granularity of Access Control |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1221 |
Incorrect Register Defaults or Module Parameters |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1222 |
Insufficient Granularity of Address Regions Protected by Register Locks |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1223 |
Race Condition for Write-Once Attributes |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1224 |
Improper Restriction of Write-Once Bit Fields |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1225 |
Documentation Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1226 |
Complexity Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1227 |
Encapsulation Issues |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1228 |
API / Function Errors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1229 |
Creation of Emergent Resource |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1230 |
Exposure of Sensitive Information Through Metadata |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1231 |
Improper Prevention of Lock Bit Modification |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1232 |
Improper Lock Behavior After Power State Transition |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1233 |
Security-Sensitive Hardware Controls with Missing Lock Bit Protection |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1234 |
Hardware Internal or Debug Modes Allow Override of Locks |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1235 |
Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1236 |
Improper Neutralization of Formula Elements in a CSV File |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1237 |
SFP Primary Cluster: Faulty Resource Release |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1238 |
SFP Primary Cluster: Failure to Release Memory |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1239 |
Improper Zeroization of Hardware Register |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1240 |
Use of a Cryptographic Primitive with a Risky Implementation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1241 |
Use of Predictable Algorithm in Random Number Generator |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1242 |
Inclusion of Undocumented Features or Chicken Bits |
|
Major |
Mapping_Notes, Taxonomy_Mappings |
|
Minor |
None |
| 1243 |
Sensitive Non-Volatile Information Not Protected During Debug |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1244 |
Internal Asset Exposed to Unsafe Debug Access Level or State |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1245 |
Improper Finite State Machines (FSMs) in Hardware Logic |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1246 |
Improper Write Handling in Limited-write Non-Volatile Memories |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1247 |
Improper Protection Against Voltage and Clock Glitches |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1248 |
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1249 |
Application-Level Admin Tool with Inconsistent View of Underlying Operating System |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1250 |
Improper Preservation of Consistency Between Independent Representations of Shared State |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1251 |
Mirrored Regions with Different Values |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1252 |
CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1253 |
Incorrect Selection of Fuse Values |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1254 |
Incorrect Comparison Logic Granularity |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1255 |
Comparison Logic is Vulnerable to Power Side-Channel Attacks |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1256 |
Improper Restriction of Software Interfaces to Hardware Features |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1257 |
Improper Access Control Applied to Mirrored or Aliased Memory Regions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1258 |
Exposure of Sensitive System Information Due to Uncleared Debug Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1259 |
Improper Restriction of Security Token Assignment |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1260 |
Improper Handling of Overlap Between Protected Memory Ranges |
|
Major |
Demonstrative_Examples, Mapping_Notes, References |
|
Minor |
None |
| 1261 |
Improper Handling of Single Event Upsets |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1262 |
Improper Access Control for Register Interface |
|
Major |
Demonstrative_Examples, Mapping_Notes, References |
|
Minor |
None |
| 1263 |
Improper Physical Access Control |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 1264 |
Hardware Logic with Insecure De-Synchronization between Control and Data Channels |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1265 |
Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1266 |
Improper Scrubbing of Sensitive Data from Decommissioned Device |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1267 |
Policy Uses Obsolete Encoding |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1268 |
Policy Privileges are not Assigned Consistently Between Control and Data Agents |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1269 |
Product Released in Non-Release Configuration |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1270 |
Generation of Incorrect Security Tokens |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1271 |
Uninitialized Value on Reset for Registers Holding Security Settings |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1272 |
Sensitive Information Uncleared Before Debug/Power State Transition |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1273 |
Device Unlock Credential Sharing |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1274 |
Improper Access Control for Volatile Memory Containing Boot Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1275 |
Sensitive Cookie with Improper SameSite Attribute |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1276 |
Hardware Child Block Incorrectly Connected to Parent System |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1277 |
Firmware Not Updateable |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1278 |
Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1279 |
Cryptographic Operations are run Before Supporting Units are Ready |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1280 |
Access Control Check Implemented After Asset is Accessed |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1281 |
Sequence of Processor Instructions Leads to Unexpected Behavior |
|
Major |
Demonstrative_Examples, Mapping_Notes, References |
|
Minor |
None |
| 1282 |
Assumed-Immutable Data is Stored in Writable Memory |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1283 |
Mutable Attestation or Measurement Reporting Data |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1284 |
Improper Validation of Specified Quantity in Input |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 1285 |
Improper Validation of Specified Index, Position, or Offset in Input |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1286 |
Improper Validation of Syntactic Correctness of Input |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1287 |
Improper Validation of Specified Type of Input |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1288 |
Improper Validation of Consistency within Input |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1289 |
Improper Validation of Unsafe Equivalence in Input |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1290 |
Incorrect Decoding of Security Identifiers |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1291 |
Public Key Re-Use for Signing both Debug and Production Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1292 |
Incorrect Conversion of Security Identifiers |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1293 |
Missing Source Correlation of Multiple Independent Data |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1294 |
Insecure Security Identifier Mechanism |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1295 |
Debug Messages Revealing Unnecessary Information |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1296 |
Incorrect Chaining or Granularity of Debug Components |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1297 |
Unprotected Confidential Information on Device is Accessible by OSAT Vendors |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1298 |
Hardware Logic Contains Race Conditions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1299 |
Missing Protection Mechanism for Alternate Hardware Interface |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1300 |
Improper Protection of Physical Side Channels |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1301 |
Insufficient or Incomplete Data Removal within Hardware Component |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1302 |
Missing Security Identifier |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1303 |
Non-Transparent Sharing of Microarchitectural Resources |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 1304 |
Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1305 |
CISQ Quality Measures (2020) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1306 |
CISQ Quality Measures - Reliability |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1307 |
CISQ Quality Measures - Maintainability |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1308 |
CISQ Quality Measures - Security |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1309 |
CISQ Quality Measures - Efficiency |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1310 |
Missing Ability to Patch ROM Code |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1311 |
Improper Translation of Security Attributes by Fabric Bridge |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1312 |
Missing Protection for Mirrored Regions in On-Chip Fabric Firewall |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1313 |
Hardware Allows Activation of Test or Debug Logic at Runtime |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1314 |
Missing Write Protection for Parametric Data Values |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1315 |
Improper Setting of Bus Controlling Capability in Fabric End-point |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1316 |
Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1317 |
Improper Access Control in Fabric Bridge |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1318 |
Missing Support for Security Features in On-chip Fabrics or Buses |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1319 |
Improper Protection against Electromagnetic Fault Injection (EM-FI) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1320 |
Improper Protection for Outbound Error Messages and Alert Signals |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1321 |
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1322 |
Use of Blocking Code in Single-threaded, Non-blocking Context |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1323 |
Improper Management of Sensitive Trace Data |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1324 |
DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1325 |
Improperly Controlled Sequential Memory Allocation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1326 |
Missing Immutable Root of Trust in Hardware |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1327 |
Binding to an Unrestricted IP Address |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1328 |
Security Version Number Mutable to Older Versions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1329 |
Reliance on Component That is Not Updateable |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1330 |
Remanent Data Readable after Memory Erase |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1331 |
Improper Isolation of Shared Resources in Network On Chip (NoC) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1332 |
Improper Handling of Faults that Lead to Instruction Skips |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1333 |
Inefficient Regular Expression Complexity |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1334 |
Unauthorized Error Injection Can Degrade Hardware Redundancy |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1335 |
Incorrect Bitwise Shift of Integer |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1336 |
Improper Neutralization of Special Elements Used in a Template Engine |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1337 |
Weaknesses in the 2021 CWE Top 25 Most Dangerous Software Weaknesses |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1338 |
Improper Protections Against Hardware Overheating |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1339 |
Insufficient Precision or Accuracy of a Real Number |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1340 |
CISQ Data Protection Measures |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1341 |
Multiple Releases of Same Resource or Handle |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1342 |
Information Exposure through Microarchitectural State after Transient Execution |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1343 |
Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1344 |
Weaknesses in OWASP Top Ten (2021) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1345 |
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1346 |
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1347 |
OWASP Top Ten 2021 Category A03:2021 - Injection |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1348 |
OWASP Top Ten 2021 Category A04:2021 - Insecure Design |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1349 |
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1350 |
Weaknesses in the 2020 CWE Top 25 Most Dangerous Software Weaknesses |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1351 |
Improper Handling of Hardware Behavior in Exceptionally Cold Environments |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1352 |
OWASP Top Ten 2021 Category A06:2021 - Vulnerable and Outdated Components |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1353 |
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1354 |
OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1355 |
OWASP Top Ten 2021 Category A09:2021 - Security Logging and Monitoring Failures |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1356 |
OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1357 |
Reliance on Insufficiently Trustworthy Component |
|
Major |
Mapping_Notes, Taxonomy_Mappings |
|
Minor |
None |
| 1358 |
Weaknesses in SEI ETF Categories of Security Vulnerabilities in ICS |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1359 |
ICS Communications |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1360 |
ICS Dependencies (& Architecture) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1361 |
ICS Supply Chain |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1362 |
ICS Engineering (Constructions/Deployment) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1363 |
ICS Operations (& Maintenance) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1364 |
ICS Communications: Zone Boundary Failures |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 1365 |
ICS Communications: Unreliability |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 1366 |
ICS Communications: Frail Security in Protocols |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 1367 |
ICS Dependencies (& Architecture): External Physical Systems |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1368 |
ICS Dependencies (& Architecture): External Digital Systems |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 1369 |
ICS Supply Chain: IT/OT Convergence/Expansion |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1370 |
ICS Supply Chain: Common Mode Frailties |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1371 |
ICS Supply Chain: Poorly Documented or Undocumented Features |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1372 |
ICS Supply Chain: OT Counterfeit and Malicious Corruption |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1373 |
ICS Engineering (Construction/Deployment): Trust Model Problems |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1374 |
ICS Engineering (Construction/Deployment): Maker Breaker Blindness |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1375 |
ICS Engineering (Construction/Deployment): Gaps in Details/Data |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1376 |
ICS Engineering (Construction/Deployment): Security Gaps in Commissioning |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1377 |
ICS Engineering (Construction/Deployment): Inherent Predictability in Design |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1378 |
ICS Operations (& Maintenance): Gaps in obligations and training |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1379 |
ICS Operations (& Maintenance): Human factors in ICS environments |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1380 |
ICS Operations (& Maintenance): Post-analysis changes |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1381 |
ICS Operations (& Maintenance): Exploitable Standard Operational Procedures |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1382 |
ICS Operations (& Maintenance): Emerging Energy Technologies |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1383 |
ICS Operations (& Maintenance): Compliance/Conformance with Regulatory Requirements |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1384 |
Improper Handling of Physical or Environmental Conditions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1385 |
Missing Origin Validation in WebSockets |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1386 |
Insecure Operation on Windows Junction / Mount Point |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1387 |
Weaknesses in the 2022 CWE Top 25 Most Dangerous Software Weaknesses |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1388 |
Physical Access Issues and Concerns |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1389 |
Incorrect Parsing of Numbers with Different Radices |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1390 |
Weak Authentication |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1391 |
Use of Weak Credentials |
|
Major |
Mapping_Notes, Taxonomy_Mappings |
|
Minor |
None |
| 1392 |
Use of Default Credentials |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1393 |
Use of Default Password |
|
Major |
Mapping_Notes, Relationships |
|
Minor |
None |
| 1394 |
Use of Default Cryptographic Key |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1395 |
Dependency on Vulnerable Third-Party Component |
|
Major |
Mapping_Notes, Taxonomy_Mappings |
|
Minor |
None |
| 1396 |
Comprehensive Categorization: Access Control |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1397 |
Comprehensive Categorization: Comparison |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1398 |
Comprehensive Categorization: Component Interaction |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1399 |
Comprehensive Categorization: Memory Safety |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1400 |
Comprehensive Categorization for Software Assurance Trends |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1401 |
Comprehensive Categorization: Concurrency |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1402 |
Comprehensive Categorization: Encryption |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1403 |
Comprehensive Categorization: Exposed Resource |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1404 |
Comprehensive Categorization: File Handling |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1405 |
Comprehensive Categorization: Improper Check or Handling of Exceptional Conditions |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1406 |
Comprehensive Categorization: Improper Input Validation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1407 |
Comprehensive Categorization: Improper Neutralization |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1408 |
Comprehensive Categorization: Incorrect Calculation |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1409 |
Comprehensive Categorization: Injection |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1410 |
Comprehensive Categorization: Insufficient Control Flow Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1411 |
Comprehensive Categorization: Insufficient Verification of Data Authenticity |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1412 |
Comprehensive Categorization: Poor Coding Practices |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1413 |
Comprehensive Categorization: Protection Mechanism Failure |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1414 |
Comprehensive Categorization: Randomness |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1415 |
Comprehensive Categorization: Resource Control |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1416 |
Comprehensive Categorization: Resource Lifecycle Management |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1417 |
Comprehensive Categorization: Sensitive Information Exposure |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1418 |
Comprehensive Categorization: Violation of Secure Design Principles |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 2000 |
Comprehensive CWE Dictionary |
|
Major |
Mapping_Notes |
|
Minor |
None |
