• Home
• org.owasp
• dependency-check-core
• 10.0.1
• source code
• cwe.hashmap.serialized

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

data.cwe.hashmap.serialized Maven / Gradle / Ivy

??srjava.util.HashMap???`?F
loadFactorI	thresholdxp?@wAtCWE-114tProcess ControltCWE-356t/Product UI does not Warn User of Unsafe ActionstCWE-598t6Use of GET Request Method With Sensitive Query StringstCWE-1375t?ICS Engineering (Construction/Deployment): Gaps in Details/DatatCWE-115tMisinterpretation of InputtCWE-357t/Insufficient UI Warning of Dangerous OperationstCWE-599t)Missing Validation of OpenSSL CertificatetCWE-1134tmSEI CERT Oracle Secure Coding Standard for Java - Guidelines 00. Input Validation and Data Sanitization (IDS)tCWE-1376tIICS Engineering (Construction/Deployment): Security Gaps in CommissioningtCWE-116t'Improper Encoding or Escaping of OutputtCWE-358t2Improperly Implemented Security Check for StandardtCWE-1135tfSEI CERT Oracle Secure Coding Standard for Java - Guidelines 01. Declarations and Initialization (DCL)tCWE-1377tLICS Engineering (Construction/Deployment): Inherent Predictability in DesigntCWE-117t'Improper Output Neutralization for LogstCWE-359tAExposure of Private Personal Information to an Unauthorized ActortCWE-1136tRSEI CERT Oracle Secure Coding Standard for Java - Guidelines 02. Expressions (EXP)tCWE-1378t@ICS Operations (& Maintenance): Gaps in obligations and trainingtCWE-118t6Incorrect Access of Indexable Resource ('Range Error')tCWE-1371tJ2EE Misconfiguration: Weak Access Permissions for EJB MethodstCWE-1341t,Multiple Releases of Same Resource or HandletCWE-381t&DEPRECATED: J2EE Time and State IssuestCWE-140t%Improper Neutralization of DelimiterstCWE-382t(J2EE Bad Practices: Use of System.exit()tCWE-141t8Improper Neutralization of Parameter/Argument DelimiterstCWE-383t)J2EE Bad Practices: Direct Use of ThreadstCWE-142t+Improper Neutralization of Value DelimiterstCWE-384tSession FixationtCWE-143t,Improper Neutralization of Record DelimiterstCWE-385tCovert Timing ChanneltCWE-144t*Improper Neutralization of Line DelimiterstCWE-386t+Symbolic Name not Mapping to Correct ObjecttCWE-1tDEPRECATED: LocationtCWE-145t-Improper Neutralization of Section DelimiterstCWE-2t7PK - EnvironmenttCWE-387t
Signal ErrorstCWE-146t8Improper Neutralization of Expression/Command DelimiterstCWE-3t2DEPRECATED: Technology-specific Environment IssuestCWE-388t7PK - ErrorstCWE-380t5DEPRECATED: Technology-Specific Time and State IssuestCWE-1339t3Insufficient Precision or Accuracy of a Real NumbertCWE-1335t"Incorrect Bitwise Shift of IntegertCWE-1336tEImproper Neutralization of Special Elements Used in a Template EnginetCWE-1338t1Improper Protections Against Hardware OverheatingtCWE-1177tUse of Prohibited CodetCWE-312t*Cleartext Storage of Sensitive InformationtCWE-554t>ASP.NET Misconfiguration: Not Using Input Validation FrameworktCWE-796t4Only Filtering Special Elements Relative to a MarkertCWE-313t&Cleartext Storage in a File or on DisktCWE-555t?J2EE Misconfiguration: Plaintext Password in Configuration FiletCWE-797t7Only Filtering Special Elements at an Absolute PositiontCWE-314t!Cleartext Storage in the RegistrytCWE-556t7ASP.NET Misconfiguration: Use of Identity ImpersonationtCWE-798tUse of Hard-coded CredentialstCWE-1179t[SEI CERT Perl Coding Standard - Guidelines 01. Input Validation and Data Sanitization (IDS)tCWE-315t6Cleartext Storage of Sensitive Information in a CookietCWE-799t)Improper Control of Interaction FrequencytCWE-557tConcurrency IssuestCWE-1173t$Improper Use of Validation FrameworktCWE-316t4Cleartext Storage of Sensitive Information in MemorytCWE-558t.Use of getlogin() in Multithreaded ApplicationtCWE-1174t3ASP.NET Misconfiguration: Improper Model ValidationtCWE-317t1Cleartext Storage of Sensitive Information in GUItCWE-559t3DEPRECATED: Often Misused: Arguments and ParameterstCWE-318t8Cleartext Storage of Sensitive Information in ExecutabletCWE-1175tRSEI CERT Oracle Secure Coding Standard for Java - Guidelines 18. Concurrency (CON)tCWE-1176tInefficient CPU ComputationtCWE-319t/Cleartext Transmission of Sensitive InformationtCWE-1170t?SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC)tCWE-790t&Improper Filtering of Special ElementstCWE-1171t7SEI CERT C Coding Standard - Guidelines 50. POSIX (POS)tCWE-791t(Incomplete Filtering of Special ElementstCWE-1172tDSEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN) tCWE-550t?Server-generated Error Message Containing Sensitive InformationtCWE-792tAIncomplete Filtering of One or More Instances of Special ElementstCWE-551tKIncorrect Behavior Order: Authorization Before Parsing and CanonicalizationtCWE-793t0Only Filtering One Instance of a Special ElementtCWE-552t3Files or Directories Accessible to External PartiestCWE-794t>Incomplete Filtering of Multiple Instances of Special ElementstCWE-310tCryptographic IssuestCWE-311t$Missing Encryption of Sensitive DatatCWE-553t0Command Shell in Externally Accessible DirectorytCWE-795t7Only Filtering Special Elements at a Specified LocationtCWE-309t1Use of Password System for Primary AuthenticationtCWE-323t'Reusing a Nonce, Key Pair in EncryptiontCWE-565t=Reliance on Cookies without Validation and Integrity CheckingtCWE-1166t9SEI CERT C Coding Standard - Guidelines 11. Signals (SIG)tCWE-324t%Use of a Key Past its Expiration DatetCWE-566tSEI CERT C Coding Standard - Guidelines 09. Input Output (FIO)tCWE-1164tIrrelevant CodetCWE-329t*Generation of Predictable IV with CBC ModetCWE-1165t=SEI CERT C Coding Standard - Guidelines 10. Environment (ENV)tCWE-1160t8SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR)tCWE-560t(Use of umask() with chmod-style ArgumenttCWE-1161tHSEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR)tCWE-561t	Dead CodetCWE-562t Return of Stack Variable AddresstCWE-320tKey Management ErrorstCWE-321t#Use of Hard-coded Cryptographic KeytCWE-563t"Assignment to Variable without UsetCWE-322t*Key Exchange without Entity AuthenticationtCWE-564tSQL Injection: HibernatetCWE-1159t@SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP)tCWE-334tSmall Space of Random ValuestCWE-576t"EJB Bad Practices: Use of Java I/OtCWE-1155t>SEI CERT C Coding Standard - Guidelines 01. Preprocessor (PRE)tCWE-335tAIncorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)tCWE-577t!EJB Bad Practices: Use of SocketstCWE-1156tQSEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL)tCWE-336t2Same Seed in Pseudo-Random Number Generator (PRNG)tCWE-578t&EJB Bad Practices: Use of Class LoadertCWE-1157t=SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP)tCWE-337t9Predictable Seed in Pseudo-Random Number Generator (PRNG)tCWE-579t=J2EE Bad Practices: Non-serializable Object Stored in SessiontCWE-1158t:SEI CERT C Coding Standard - Guidelines 04. Integers (INT)tCWE-1393tUse of Default PasswordtCWE-338tCUse of Cryptographically Weak Pseudo-Random Number Generator (PRNG)tCWE-1151t\SEI CERT Oracle Secure Coding Standard for Java - Guidelines 17. Java Native Interface (JNI)tCWE-1394t Use of Default Cryptographic KeytCWE-339tSmall Seed Space in PRNGtCWE-1152tTSEI CERT Oracle Secure Coding Standard for Java - Guidelines 49. Miscellaneous (MSC)tCWE-1395t.Dependency on Vulnerable Third-Party ComponenttCWE-1153tNSEI CERT Oracle Secure Coding Standard for Java - Guidelines 50. Android (DRD)tCWE-1390tWeak AuthenticationtCWE-1391tUse of Weak CredentialstCWE-570tExpression is Always FalsetCWE-1392tUse of Default CredentialstCWE-571tExpression is Always TruetCWE-1150tZSEI CERT Oracle Secure Coding Standard for Java - Guidelines 16. Runtime Environment (ENV)tCWE-330t#Use of Insufficiently Random ValuestCWE-572t'Call to Thread run() instead of start()tCWE-331tInsufficient EntropytCWE-573t-Improper Following of Specification by CallertCWE-332tInsufficient Entropy in PRNGtCWE-574t4EJB Bad Practices: Use of Synchronization PrimitivestCWE-333t1Improper Handling of Insufficient Entropy in TRNGtCWE-575t#EJB Bad Practices: Use of AWT SwingtCWE-1148tTSEI CERT Oracle Secure Coding Standard for Java - Guidelines 14. Serialization (SER)tCWE-1149tXSEI CERT Oracle Secure Coding Standard for Java - Guidelines 15. Platform Security (SEC)tCWE-103t/Struts: Incomplete validate() Method DefinitiontCWE-1386t4Insecure Operation on Windows Junction / Mount PointtCWE-345t.Insufficient Verification of Data AuthenticitytCWE-587t*Assignment of a Fixed Address to a PointertCWE-1144tRSEI CERT Oracle Secure Coding Standard for Java - Guidelines 10. Thread APIs (THI)tCWE-104t2Struts: Form Bean Does Not Extend Validation ClasstCWE-346tOrigin Validation ErrortCWE-588t2Attempt to Access Child of a Non-structure PointertCWE-1145tSSEI CERT Oracle Secure Coding Standard for Java - Guidelines 11. Thread Pools (TPS)tCWE-105t$Struts: Form Field Without ValidatortCWE-347t0Improper Verification of Cryptographic SignaturetCWE-589tCall to Non-ubiquitous APItCWE-1146tbSEI CERT Oracle Secure Coding Standard for Java - Guidelines 12. Thread-Safety Miscellaneous (TSM)tCWE-1388t#Physical Access Issues and ConcernstCWE-106t$Struts: Plug-in Framework not in UsetCWE-1389t3Incorrect Parsing of Numbers with Different RadicestCWE-348tUse of Less Trusted SourcetCWE-1147tSSEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)tCWE-107tStruts: Unused Validation FormtCWE-349t9Acceptance of Extraneous Untrusted Data With Trusted DatatCWE-1140tNSEI CERT Oracle Secure Coding Standard for Java - Guidelines 06. Methods (MET)tCWE-1382tDEPRECATED: Cleansing, Canonicalization, and Comparison ErrorstCWE-183t!Permissive List of Allowed InputstCWE-184t$Incomplete List of Disallowed InputstCWE-185tIncorrect Regular ExpressiontCWE-186t%Overly Restrictive Regular ExpressiontCWE-187tPartial String ComparisontCWE-188tReliance on Data/Memory LayouttCWE-189tNumeric ErrorstCWE-180t6Incorrect Behavior Order: Validate Before CanonicalizetCWE-181t0Incorrect Behavior Order: Validate Before FiltertCWE-182t"Collapse of Data into Unsafe ValuetCWE-801t52010 Top 25 - Insecure Interaction Between ComponentstCWE-802t'2010 Top 25 - Risky Resource ManagementtCWE-803t2010 Top 25 - Porous DefensestCWE-810t*OWASP Top Ten 2010 Category A1 - InjectiontCWE-811t;OWASP Top Ten 2010 Category A2 - Cross-Site Scripting (XSS)tCWE-812tMOWASP Top Ten 2010 Category A3 - Broken Authentication and Session ManagementtCWE-813tBOWASP Top Ten 2010 Category A4 - Insecure Direct Object ReferencestCWE-814tAOWASP Top Ten 2010 Category A5 - Cross-Site Request Forgery(CSRF)tCWE-804tGuessable CAPTCHAtCWE-805t)Buffer Access with Incorrect Length ValuetCWE-806t)Buffer Access Using Size of Source BuffertCWE-807t3Reliance on Untrusted Inputs in a Security DecisiontCWE-808t$2010 Top 25 - Weaknesses On the CusptCWE-820tMissing SynchronizationtCWE-821tIncorrect SynchronizationtCWE-822tUntrusted Pointer DereferencetCWE-823t"Use of Out-of-range Pointer OffsettCWE-824tAccess of Uninitialized PointertCWE-825tExpired Pointer DereferencetCWE-815t:OWASP Top Ten 2010 Category A6 - Security MisconfigurationtCWE-816t?OWASP Top Ten 2010 Category A7 - Insecure Cryptographic StoragetCWE-817t?OWASP Top Ten 2010 Category A8 - Failure to Restrict URL AccesstCWE-818tHOWASP Top Ten 2010 Category A9 - Insufficient Transport Layer ProtectiontCWE-819tDOWASP Top Ten 2010 Category A10 - Unvalidated Redirects and ForwardstCWE-873tCCERT C++ Secure Coding Section 05 - Floating Point Arithmetic (FLP)tCWE-632t7DEPRECATED: Weaknesses that Affect Files or DirectoriestCWE-874tReliance on File Name or Extension of Externally-Supplied FiletCWE-97tGImproper Neutralization of Server-Side Includes (SSI) Within a Web PagetCWE-405t/Asymmetric Resource Consumption (Amplification)tCWE-647t:Use of Non-Canonical URL Paths for Authorization DecisionstCWE-98tgImproper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')tCWE-889t)SFP Primary Cluster: Exception ManagementtCWE-406tFInsufficient Control of Network Message Volume (Network Amplification)tCWE-648t Incorrect Use of Privileged APIstCWE-95tVImproper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')tCWE-407t"Inefficient Algorithmic ComplexitytCWE-649t\Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity CheckingtCWE-96tXImproper Neutralization of Directives in Statically Saved Code ('Static Code Injection')tCWE-93tDEPRECATED: Improper Sanitization of Custom Special CharacterstCWE-880tGCERT C++ Secure Coding Section 12 - Exceptions and Error Handling (ERR)tCWE-90tTImproper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')tCWE-881tECERT C++ Secure Coding Section 13 - Object Oriented Programming (OOP)tCWE-640t7Weak Password Recovery Mechanism for Forgotten PasswordtCWE-882t5CERT C++ Secure Coding Section 14 - Concurrency (CON)tCWE-641t;Improper Restriction of Names for Files and Other ResourcestCWE-883t7CERT C++ Secure Coding Section 49 - Miscellaneous (MSC)tCWE-639t0Authorization Bypass Through User-Controlled KeytCWE-653t*Improper Isolation or CompartmentalizationtCWE-411tResource Locking ProblemstCWE-895t%SFP Primary Cluster: Information LeaktCWE-412t'Unrestricted Externally Accessible LocktCWE-654t2Reliance on a Single Factor in a Security DecisiontCWE-896t"SFP Primary Cluster: Tainted InputtCWE-413tImproper Resource LockingtCWE-655t(Insufficient Psychological AcceptabilitytCWE-897t!SFP Primary Cluster: Entry PointstCWE-414tMissing Lock ChecktCWE-656t&Reliance on Security Through ObscuritytCWE-898t#SFP Primary Cluster: AuthenticationtCWE-415tDouble FreetCWE-657t%Violation of Secure Design PrinciplestCWE-899t#SFP Primary Cluster: Access ControltCWE-416tUse After FreetCWE-417tCommunication Channel ErrorstCWE-418tDEPRECATED: Channel ErrorstCWE-890t"SFP Primary Cluster: Memory AccesstCWE-891t&SFP Primary Cluster: Memory ManagementtCWE-650t3Trusting HTTP Permission Methods on the Server SidetCWE-892t(SFP Primary Cluster: Resource ManagementtCWE-651t6Exposure of WSDL File Containing Sensitive InformationtCWE-893t$SFP Primary Cluster: Path ResolutiontCWE-410tInsufficient Resource PooltCWE-652tNImproper Neutralization of Data within XQuery Expressions ('XQuery Injection')tCWE-894t$SFP Primary Cluster: SynchronizationtCWE-408t-Incorrect Behavior Order: Early AmplificationtCWE-409t@Improper Handling of Highly Compressed Data (Data Amplification)tCWE-422t1Unprotected Windows Messaging Channel ('Shatter')tCWE-664t3Improper Control of a Resource Through its LifetimetCWE-423t#DEPRECATED: Proxied Trusted ChanneltCWE-665tImproper InitializationtCWE-424t%Improper Protection of Alternate PathtCWE-666t0Operation on Resource in Wrong Phase of LifetimetCWE-425t"Direct Request ('Forced Browsing')tCWE-667tImproper LockingtCWE-426tUntrusted Search PathtCWE-668t$Exposure of Resource to Wrong SpheretCWE-427t Uncontrolled Search Path ElementtCWE-669t+Incorrect Resource Transfer Between SpherestCWE-428tUnquoted Search Path or ElementtCWE-429tHandler ErrorstCWE-420tUnprotected Alternate ChanneltCWE-662tImproper SynchronizationtCWE-421t1Race Condition During Access to Alternate ChanneltCWE-663t7Use of a Non-reentrant Function in a Concurrent ContexttCWE-419tUnprotected Primary ChanneltCWE-1331t?Improper Isolation of Shared Resources in Network On Chip (NoC)tCWE-1332t:Improper Handling of Faults that Lead to Instruction SkipstCWE-830t7Inclusion of Web Functionality from an Untrusted SourcetCWE-1333t)Inefficient Regular Expression ComplexitytCWE-831t8Signal Handler Function Associated with Multiple SignalstCWE-1334tImproper Write Handling in Limited-write Non-Volatile MemoriestCWE-249t,DEPRECATED: Often Misused: Path ManipulationtCWE-1240tImproper Link Resolution Before File Access ('Link Following')tCWE-1045tUParent Class with a Virtual Destructor and a Child Class without a Virtual DestructortCWE-1287t.Improper Validation of Specified Type of InputtCWE-202t6Exposure of Sensitive Information Through Data QueriestCWE-444tPInconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')tCWE-57t/Path Equivalence: 'fakedir/../realdir/filename'tCWE-686t*Function Call With Incorrect Argument TypetCWE-1046t5Creation of Immutable Text Using String ConcatenationtCWE-1288t/Improper Validation of Consistency within InputtCWE-203tObservable DiscrepancytCWE-58t&Path Equivalence: Windows 8.3 FilenametCWE-687t7Function Call With Incorrectly Specified Argument ValuetCWE-445t!DEPRECATED: User Interface ErrorstCWE-1047t"Modules with Circular DependenciestCWE-1289t2Improper Validation of Unsafe Equivalence in InputtCWE-204tObservable Response DiscrepancytCWE-446t#UI Discrepancy for Security FeaturetCWE-55t.Path Equivalence: '/./' (Single Dot Directory)tCWE-688t>Function Call With Incorrect Variable or Reference as ArgumenttCWE-1048tExposure of Sensitive Information Due to Incompatible PoliciestCWE-455t!Non-exit on Failed InitializationtCWE-697tIncorrect ComparisontCWE-1034t9OWASP Top Ten 2017 Category A8 - Insecure DeserializationtCWE-1277tFirmware Not UpdateabletCWE-214t9Invocation of Process Using Visible Sensitive InformationtCWE-456t$Missing Initialization of a VariabletCWE-698tExecution After Redirect (EAR)tCWE-1035tLOWASP Top Ten 2017 Category A9 - Using Components with Known VulnerabilitiestCWE-1278thMissing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging TechniquestCWE-215t6Insertion of Sensitive Information Into Debugging CodetCWE-457tUse of Uninitialized VariabletCWE-88tRImproper Neutralization of Argument Delimiters in a Command ('Argument Injection')tCWE-1036tCOWASP Top Ten 2017 Category A10 - Insufficient Logging & MonitoringtCWE-1037tHProcessor Optimization Removal or Modification of Security-critical CodetCWE-1279tBCryptographic Operations are run Before Supporting Units are ReadytCWE-216t1DEPRECATED: Containment Errors (Container Errors)tCWE-458t$DEPRECATED: Incorrect InitializationtCWE-89tTImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')tCWE-1272tCSensitive Information Uncleared Before Debug/Power State TransitiontCWE-217tDEPRECATED: Failure to provide confidentiality for stored datatCWE-87t/Improper Neutralization of Alternate XSS SyntaxtCWE-1031t6OWASP Top Ten 2017 Category A5 - Broken Access ControltCWE-1274t@Improper Access Control for Volatile Memory Containing Boot CodetCWE-219t2Storage of File with Sensitive Data Under Web RoottCWE-84tImproper Neutralization of Script in an Error Message Web PagetCWE-451t=User Interface (UI) Misrepresentation of Critical InformationtCWE-693tProtection Mechanism FailuretCWE-210t=Self-generated Error Message Containing Sensitive InformationtCWE-694t3Use of Multiple Resources with Duplicate IdentifiertCWE-452t!Initialization and Cleanup ErrorstCWE-211tCExternally-Generated Error Message Containing Sensitive InformationtCWE-453t(Insecure Default Variable InitializationtCWE-695tUse of Low-Level FunctionalitytCWE-212tDImproper Removal of Sensitive Information Before Storage or TransfertCWE-454t;External Initialization of Trusted Variables or Data StorestCWE-696tIncorrect Behavior OrdertCWE-1269t-Product Released in Non-Release ConfigurationtCWE-1027t*OWASP Top Ten 2017 Category A1 - InjectiontCWE-1028t6OWASP Top Ten 2017 Category A2 - Broken AuthenticationtCWE-1029t8OWASP Top Ten 2017 Category A3 - Sensitive Data ExposuretCWE-1023t*Incomplete Comparison with Missing FactorstCWE-1265tFUnintended Reentrant Invocation of Non-reentrant Code Via Nested CallstCWE-224t8Obscured Security-relevant Information by Alternate NametCWE-466t1Return of Pointer Value Outside of Expected RangetCWE-79tTImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')tCWE-1024t Comparison of Incompatible TypestCWE-1266t?Improper Scrubbing of Sensitive Data from Decommissioned DevicetCWE-225t3DEPRECATED: General Information Management ProblemstCWE-467t!Use of sizeof() on a Pointer TypetCWE-1025tComparison Using Wrong FactorstCWE-1267tPolicy Uses Obsolete EncodingtCWE-226t:Sensitive Information in Resource Not Removed Before ReusetCWE-468tIncorrect Pointer ScalingtCWE-77tSImproper Neutralization of Special Elements used in a Command ('Command Injection')tCWE-1268tOPolicy Privileges are not Assigned Consistently Between Control and Data AgentstCWE-469t,Use of Pointer Subtraction to Determine SizetCWE-78tZImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')tCWE-227t7PK - API AbusetCWE-1261t(Improper Handling of Single Event UpsetstCWE-228t4Improper Handling of Syntactically Invalid StructuretCWE-75tWFailure to Sanitize Special Elements into a Different Plane (Special Element Injection)tCWE-1262t.Improper Access Control for Register InterfacetCWE-229tImproper Handling of ValuestCWE-76t6Improper Neutralization of Equivalent Special ElementstCWE-1020tVerify Message IntegritytCWE-1021t4Improper Restriction of Rendered UI Layers or FramestCWE-1263t Improper Physical Access ControltCWE-73t%External Control of File Name or PathtCWE-1022t=Use of Web Link to Untrusted Target with window.opener AccesstCWE-1264tQHardware Logic with Insecure De-Synchronization between Control and Data ChannelstCWE-74tbImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')tCWE-71tDEPRECATED: Apple '.DS_Store'tCWE-72t:Improper Handling of Apple HFS+ Alternate Data Stream PathtCWE-460t$Improper Cleanup on Thrown ExceptiontCWE-1260tServlet Runtime Error Message Containing Sensitive InformationtCWE-778tInsufficient LoggingtCWE-537t;Java Runtime Error Message Containing Sensitive InformationtCWE-779tLogging of Excessive DatatCWE-538tOInsertion of Sensitive Information into Externally-Accessible File or DirectorytCWE-539t:Use of Persistent Cookies Containing Sensitive InformationtCWE-770t4Allocation of Resources Without Limits or ThrottlingtCWE-771t.Missing Reference to Active Allocated ResourcetCWE-530t9Exposure of Backup File to an Unauthorized Control SpheretCWE-772t4Missing Release of Resource after Effective LifetimetCWE-531t/Inclusion of Sensitive Information in Test CodetCWE-773t5Missing Reference to Active File Descriptor or HandletCWE-529tGExposure of Access Control List Files to an Unauthorized Control SpheretCWE-301t/Reflection Attack in an Authentication ProtocoltCWE-543tKUse of Singleton Pattern Without Synchronization in a Multithreaded ContexttCWE-785t>Use of Path Manipulation Function without Maximum-sized BuffertCWE-302t/Authentication Bypass by Assumed-Immutable DatatCWE-544t-Missing Standardized Error Handling MechanismtCWE-786t0Access of Memory Location Before Start of BuffertCWE-303t4Incorrect Implementation of Authentication AlgorithmtCWE-545t(DEPRECATED: Use of Dynamic Class LoadingtCWE-787tOut-of-bounds WritetCWE-304t'Missing Critical Step in AuthenticationtCWE-546tSuspicious CommenttCWE-788t-Access of Memory Location After End of BuffertCWE-305t)Authentication Bypass by Primary WeaknesstCWE-547t.Use of Hard-coded, Security-relevant ConstantstCWE-789t+Memory Allocation with Excessive Size ValuetCWE-306t,Missing Authentication for Critical FunctiontCWE-548t1Exposure of Information Through Directory ListingtCWE-307t9Improper Restriction of Excessive Authentication AttemptstCWE-549tMissing Password Field MaskingtCWE-308t#Use of Single-factor AuthenticationtCWE-780t!Use of RSA Algorithm without OAEPtCWE-781tIImproper Address Validation in IOCTL with METHOD_NEITHER I/O Control CodetCWE-540t1Inclusion of Sensitive Information in Source CodetCWE-782t.Exposed IOCTL with Insufficient Access ControltCWE-541t5Inclusion of Sensitive Information in an Include FiletCWE-783tOperator Precedence Logic ErrortCWE-300t"Channel Accessible by Non-EndpointtCWE-542t:DEPRECATED: Information Exposure Through Cleanup Log FilestCWE-784tTReliance on Cookies without Validation and Integrity Checking in a Security DecisiontCWE-1210tAudit / Logging ErrorstCWE-950t/SFP Secondary Cluster: Hardcoded Sensitive DatatCWE-1211tAuthentication ErrorstCWE-951t5SFP Secondary Cluster: Insecure Authentication PolicytCWE-710t&Improper Adherence to Coding StandardstCWE-1212tAuthorization ErrorstCWE-952t-SFP Secondary Cluster: Missing AuthenticationtCWE-1213tRandom Number IssuestCWE-953t6SFP Secondary Cluster: Missing Endpoint AuthenticationtCWE-712t;OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS)tCWE-954t6SFP Secondary Cluster: Multiple Binds to the Same PorttCWE-713t0OWASP Top Ten 2007 Category A2 - Injection FlawstCWE-955t2SFP Secondary Cluster: Unrestricted AuthenticationtCWE-714t9OWASP Top Ten 2007 Category A3 - Malicious File ExecutiontCWE-956t%SFP Secondary Cluster: Channel AttacktCWE-715tAOWASP Top Ten 2007 Category A4 - Insecure Direct Object ReferencetCWE-957t%SFP Secondary Cluster: Protocol ErrortCWE-705tIncorrect Control Flow ScopingtCWE-1207tDebug and Test ProblemstCWE-947t,SFP Secondary Cluster: Authentication BypasstCWE-706t-Use of Incorrectly-Resolved Name or ReferencetCWE-1208tCross-Cutting ProblemstCWE-948t*SFP Secondary Cluster: Digital CertificatetCWE-1209t Failure to Disable Reserved BitstCWE-707tImproper NeutralizationtCWE-949t5SFP Secondary Cluster: Faulty Endpoint AuthenticationtCWE-708tIncorrect Ownership AssignmenttCWE-1203t6Peripherals, On-chip Fabric, and Interface/IO ProblemstCWE-1204t-Generation of Weak Initialization Vector (IV)tCWE-1205t+Security Primitives and Cryptography IssuestCWE-1206t)Power, Clock, Thermal, and Reset ConcernstCWE-961t3SFP Secondary Cluster: Incorrect Exception BehaviortCWE-720t8OWASP Top Ten 2007 Category A9 - Insecure CommunicationstCWE-962t1SFP Secondary Cluster: Unchecked Status ConditiontCWE-1201tCore and Compute IssuestCWE-721t@OWASP Top Ten 2007 Category A10 - Failure to Restrict URL AccesstCWE-963t#SFP Secondary Cluster: Exposed DatatCWE-1202tMemory and Storage IssuestCWE-722t2OWASP Top Ten 2004 Category A1 - Unvalidated InputtCWE-964t.SFP Secondary Cluster: Exposure Temporary FiletCWE-723t6OWASP Top Ten 2004 Category A2 - Broken Access ControltCWE-965t2SFP Secondary Cluster: Insecure Session ManagementtCWE-724tMOWASP Top Ten 2004 Category A3 - Broken Authentication and Session ManagementtCWE-966t&SFP Secondary Cluster: Other ExposurestCWE-725tAOWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) FlawstCWE-967t'SFP Secondary Cluster: State DisclosuretCWE-726t1OWASP Top Ten 2004 Category A5 - Buffer OverflowstCWE-968t%SFP Secondary Cluster: Covert ChanneltCWE-960t/SFP Secondary Cluster: Ambiguous Exception TypetCWE-716tBOWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF)tCWE-958t*SFP Secondary Cluster: Broken CryptographytCWE-717tPOWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error HandlingtCWE-959t(SFP Secondary Cluster: Weak CryptographytCWE-718tMOWASP Top Ten 2007 Category A7 - Broken Authentication and Session ManagementtCWE-719t?OWASP Top Ten 2007 Category A8 - Insecure Cryptographic StoragetCWE-730t2OWASP Top Ten 2004 Category A9 - Denial of ServicetCWE-972t.SFP Secondary Cluster: Faulty String ExpansiontCWE-731tCOWASP Top Ten 2004 Category A10 - Insecure Configuration ManagementtCWE-973t0SFP Secondary Cluster: Improper NULL TerminationtCWE-732t5Incorrect Permission Assignment for Critical ResourcetCWE-974t:SFP Secondary Cluster: Incorrect Buffer Length ComputationtCWE-733tGCompiler Optimization Removal or Modification of Security-critical CodetCWE-975t#SFP Secondary Cluster: ArchitecturetCWE-976tSFP Secondary Cluster: CompilertCWE-735tCCERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE)tCWE-977tSFP Secondary Cluster: DesigntCWE-736tVCERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL)tCWE-978t%SFP Secondary Cluster: ImplementationtCWE-737tBCERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP)tCWE-979t)SFP Secondary Cluster: Failed Chroot JailtCWE-970t+SFP Secondary Cluster: Faulty Buffer AccesstCWE-971t)SFP Secondary Cluster: Faulty Pointer UsetCWE-727t0OWASP Top Ten 2004 Category A6 - Injection FlawstCWE-969t,SFP Secondary Cluster: Faulty Memory ReleasetCWE-728t8OWASP Top Ten 2004 Category A7 - Improper Error HandlingtCWE-729t1OWASP Top Ten 2004 Category A8 - Insecure StoragetCWE-741tMCERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR)tCWE-983t*SFP Secondary Cluster: Faulty Resource UsetCWE-500t$Public Static Field Not Marked FinaltCWE-742tHCERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM)tCWE-984t!SFP Secondary Cluster: Life CycletCWE-501tTrust Boundary ViolationtCWE-743tDCERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO)tCWE-985t/SFP Secondary Cluster: Unrestricted ConsumptiontCWE-502t!Deserialization of Untrusted DatatCWE-744tCCERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV)tCWE-986t#SFP Secondary Cluster: Missing LocktCWE-503tDEPRECATED: Byte/Object CodetCWE-745t?CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG)tCWE-987t-SFP Secondary Cluster: Multiple Locks/UnlockstCWE-504tDEPRECATED: Motivation/IntenttCWE-746tFCERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR)tCWE-988t,SFP Secondary Cluster: Race Condition WindowtCWE-505t-DEPRECATED: Intentionally Introduced WeaknesstCWE-747tECERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC)tCWE-989t(SFP Secondary Cluster: Unrestricted LocktCWE-506tEmbedded Malicious CodetCWE-748t;CERT C Secure Coding Standard (2008) Appendix - POSIX (POS)tCWE-980t7SFP Secondary Cluster: Link in Resource Name ResolutiontCWE-981t%SFP Secondary Cluster: Path TraversaltCWE-740t=CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR)tCWE-982t2SFP Secondary Cluster: Failure to Release ResourcetCWE-738t?CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT)tCWE-739tECERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP)x