data.cwe.hashmap.serialized Maven / Gradle / Ivy

Show more of this group Show more artifacts with this name
Show all versions of dependency-check-core Show documentation
dependency-check-core is the engine and reporting tool used to identify and report if there are any known, publicly disclosed vulnerabilities in the scanned project's dependencies. The engine extracts meta-data from the dependencies and uses this to do fuzzy key-word matching against the Common Platfrom Enumeration (CPE), if any CPE identifiers are found the associated Common Vulnerability and Exposure (CVE) entries are added to the generated report.
There is a newer version: 9.1.0
Show newest version
??srjava.util.HashMap???`?F
loadFactorI	thresholdxp?@w?tCWE-114tProcess ControltCWE-356t/Product UI does not Warn User of Unsafe ActionstCWE-598t9Information Exposure Through Query Strings in GET RequesttCWE-115tMisinterpretation of InputtCWE-357t/Insufficient UI Warning of Dangerous OperationstCWE-599t)Missing Validation of OpenSSL CertificatetCWE-116t'Improper Encoding or Escaping of OutputtCWE-358t2Improperly Implemented Security Check for StandardtCWE-117t'Improper Output Neutralization for LogstCWE-359t5Exposure of Private Information ('Privacy Violation')tCWE-118t6Incorrect Access of Indexable Resource ('Range Error')tCWE-119tGImproper Restriction of Operations within the Bounds of a Memory BuffertCWE-590tFree of Memory not on the HeaptCWE-591t2Sensitive Data Storage in Improperly Locked MemorytCWE-350tAReliance on Reverse DNS Resolution for a Security-Critical ActiontCWE-351tInsufficient Type DistinctiontCWE-593tPAuthentication Bypass: OpenSSL CTX Object Modified after SSL Objects are CreatedtCWE-110t$Struts: Validator Without Form FieldtCWE-352t!Cross-Site Request Forgery (CSRF)tCWE-594t5J2EE Framework: Saving Unserializable Objects to DisktCWE-111tDirect Use of Unsafe JNItCWE-353t#Missing Support for Integrity ChecktCWE-595t:Comparison of Object References Instead of Object ContentstCWE-112tMissing XML ValidationtCWE-354t,Improper Validation of Integrity Check ValuetCWE-113tUImproper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')tCWE-597t*Use of Wrong Operator in String ComparisontCWE-355tUser Interface Security IssuestCWE-125tOut-of-bounds ReadtCWE-367t1Time-of-check Time-of-use (TOCTOU) Race ConditiontCWE-126tBuffer Over-readtCWE-368t Context Switching Race ConditiontCWE-127tBuffer Under-readtCWE-369tDivide By ZerotCWE-128tWrap-around ErrortCWE-129t"Improper Validation of Array IndextCWE-360tTrust of System Event DatatCWE-361t7PK - Time and StatetCWE-120tFBuffer Copy without Checking Size of Input ('Classic Buffer Overflow')tCWE-362t[Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')tCWE-121tStack-based Buffer OverflowtCWE-363t&Race Condition Enabling Link FollowingtCWE-122tHeap-based Buffer OverflowtCWE-364tSignal Handler Race ConditiontCWE-123tWrite-what-where ConditiontCWE-365tRace Condition in SwitchtCWE-124t&Buffer Underwrite ('Buffer Underflow')tCWE-366tRace Condition within a ThreadtCWE-378t4Creation of Temporary File With Insecure PermissionstCWE-136tType ErrorstCWE-379tBCreation of Temporary File in Directory with Incorrect PermissionstCWE-137tRepresentation ErrorstCWE-138t+Improper Neutralization of Special ElementstCWE-370tJ2EE Misconfiguration: Weak Access Permissions for EJB MethodstCWE-381tJ2EE Time and State IssuestCWE-140t%Improper Neutralization of DelimiterstCWE-382t(J2EE Bad Practices: Use of System.exit()tCWE-141t8Improper Neutralization of Parameter/Argument DelimiterstCWE-383t)J2EE Bad Practices: Direct Use of ThreadstCWE-142t+Improper Neutralization of Value DelimiterstCWE-384tSession FixationtCWE-143t,Improper Neutralization of Record DelimiterstCWE-385tCovert Timing ChanneltCWE-144t*Improper Neutralization of Line DelimiterstCWE-386t+Symbolic Name not Mapping to Correct ObjecttCWE-145t-Improper Neutralization of Section DelimiterstCWE-387t
Signal ErrorstCWE-2t7PK - EnvironmenttCWE-146t8Improper Neutralization of Expression/Command DelimiterstCWE-380t)Technology-Specific Time and State IssuestCWE-312t*Cleartext Storage of Sensitive InformationtCWE-554t>ASP.NET Misconfiguration: Not Using Input Validation FrameworktCWE-796t4Only Filtering Special Elements Relative to a MarkertCWE-313t&Cleartext Storage in a File or on DisktCWE-555t?J2EE Misconfiguration: Plaintext Password in Configuration FiletCWE-797t7Only Filtering Special Elements at an Absolute PositiontCWE-314t!Cleartext Storage in the RegistrytCWE-556t7ASP.NET Misconfiguration: Use of Identity ImpersonationtCWE-798tUse of Hard-coded CredentialstCWE-315t6Cleartext Storage of Sensitive Information in a CookietCWE-799t)Improper Control of Interaction FrequencytCWE-557tConcurrency IssuestCWE-316t4Cleartext Storage of Sensitive Information in MemorytCWE-558t.Use of getlogin() in Multithreaded ApplicationtCWE-317t1Cleartext Storage of Sensitive Information in GUItCWE-559t'Often Misused: Arguments and ParameterstCWE-318t8Cleartext Storage of Sensitive Information in ExecutabletCWE-319t/Cleartext Transmission of Sensitive InformationtCWE-790t&Improper Filtering of Special ElementstCWE-791t(Incomplete Filtering of Special ElementstCWE-550t1Information Exposure Through Server Error MessagetCWE-792tAIncomplete Filtering of One or More Instances of Special ElementstCWE-551tKIncorrect Behavior Order: Authorization Before Parsing and CanonicalizationtCWE-793t0Only Filtering One Instance of a Special ElementtCWE-552t3Files or Directories Accessible to External PartiestCWE-794t>Incomplete Filtering of Multiple Instances of Special ElementstCWE-310tCryptographic IssuestCWE-311t$Missing Encryption of Sensitive DatatCWE-553t0Command Shell in Externally Accessible DirectorytCWE-795t7Only Filtering Special Elements at a Specified LocationtCWE-309t1Use of Password System for Primary AuthenticationtCWE-323t'Reusing a Nonce, Key Pair in EncryptiontCWE-565t=Reliance on Cookies without Validation and Integrity CheckingtCWE-324t%Use of a Key Past its Expiration DatetCWE-566tReliance on File Name or Extension of Externally-Supplied FiletCWE-97tGImproper Neutralization of Server-Side Includes (SSI) Within a Web PagetCWE-405t/Asymmetric Resource Consumption (Amplification)tCWE-647t:Use of Non-Canonical URL Paths for Authorization DecisionstCWE-98tgImproper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')tCWE-889t)SFP Primary Cluster: Exception ManagementtCWE-406tFInsufficient Control of Network Message Volume (Network Amplification)tCWE-648t Incorrect Use of Privileged APIstCWE-95tVImproper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')tCWE-407tAlgorithmic ComplexitytCWE-649t\Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity CheckingtCWE-96tXImproper Neutralization of Directives in Statically Saved Code ('Static Code Injection')tCWE-93tCERT Java Secure Coding Section 15 - Runtime Environment (ENV)tCWE-861t8CERT Java Secure Coding Section 49 - Miscellaneous (MSC)tCWE-617tReachable AssertiontCWE-859tImproper Link Resolution Before File Access ('Link Following')tCWE-202t/Exposure of Sensitive Data Through Data QueriestCWE-444tGInconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')tCWE-57t/Path Equivalence: 'fakedir/../realdir/filename'tCWE-686t*Function Call With Incorrect Argument TypetCWE-203t(Information Exposure Through DiscrepancytCWE-58t&Path Equivalence: Windows 8.3 FilenametCWE-687t7Function Call With Incorrectly Specified Argument ValuetCWE-204t)Response Discrepancy Information ExposuretCWE-446t#UI Discrepancy for Security FeaturetCWE-55t.Path Equivalence: '/./' (Single Dot Directory)tCWE-688t>Function Call With Incorrect Variable or Reference as ArgumenttCWE-205t3Information Exposure Through Behavioral DiscrepancytCWE-447t*Unimplemented or Unsupported Feature in UItCWE-56t'Path Equivalence: 'filedir*' (Wildcard)tCWE-689t.Permission Race Condition During Resource CopytCWE-206tGInformation Exposure of Internal State Through Behavioral InconsistencytCWE-448tObsolete Feature in UItCWE-53t1Path Equivalence: '\multiple\\internal\backslash'tCWE-207tAInformation Exposure Through an External Behavioral InconsistencytCWE-449t The UI Performs the Wrong ActiontCWE-54t1Path Equivalence: 'filedir\' (Trailing Backslash)tCWE-208t/Information Exposure Through Timing DiscrepancytCWE-51t-Path Equivalence: '/multiple//internal/slash'tCWE-209t-Information Exposure Through an Error MessagetCWE-52t.Path Equivalence: '/multiple/trailing/slash//'tCWE-50t,Path Equivalence: '//multiple/leading/slash'tCWE-680t#Integer Overflow to Buffer OverflowtCWE-681t*Incorrect Conversion between Numeric TypestCWE-440tExpected Behavior ViolationtCWE-682tIncorrect CalculationtCWE-441t4Unintended Proxy or Intermediary ('Confused Deputy')tCWE-683t/Function Call With Incorrect Order of ArgumentstCWE-200tInformation ExposuretCWE-684t.Incorrect Provision of Specified FunctionalitytCWE-442tWeb ProblemstCWE-201t&Information Exposure Through Sent DatatCWE-685t0Function Call With Incorrect Number of ArgumentstCWE-1038t Insecure Automated OptimizationstCWE-1039thAutomated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input PerturbationstCWE-48t3Path Equivalence: 'file name' (Internal Whitespace)tCWE-49t.Path Equivalence: 'filename/' (Trailing Slash)tCWE-213t Intentional Information ExposuretCWE-455t!Non-exit on Failed InitializationtCWE-697tIncorrect ComparisontCWE-1034t9OWASP Top Ten 2017 Category A8 - Insecure DeserializationtCWE-214t0Information Exposure Through Process EnvironmenttCWE-456t$Missing Initialization of a VariabletCWE-698tExecution After Redirect (EAR)tCWE-1035tLOWASP Top Ten 2017 Category A9 - Using Components with Known VulnerabilitiestCWE-215t.Information Exposure Through Debug InformationtCWE-457tUse of Uninitialized VariabletCWE-88t"Argument Injection or ModificationtCWE-1036tCOWASP Top Ten 2017 Category A10 - Insufficient Logging & MonitoringtCWE-1037tHProcessor Optimization Removal or Modification of Security-critical CodetCWE-216t%Containment Errors (Container Errors)tCWE-89tTImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')tCWE-459tIncomplete CleanuptCWE-86tIImproper Neutralization of Invalid Characters in Identifiers in Web PagestCWE-1030tImproper Neutralization of Script in an Error Message Web PagetCWE-451t=User Interface (UI) Misrepresentation of Critical InformationtCWE-693tProtection Mechanism FailuretCWE-210t9Information Exposure Through Self-generated Error MessagetCWE-694t3Use of Multiple Resources with Duplicate IdentifiertCWE-452t!Initialization and Cleanup ErrorstCWE-211t?Information Exposure Through Externally-Generated Error MessagetCWE-453t(Insecure Default Variable InitializationtCWE-695tUse of Low-Level FunctionalitytCWE-212t1Improper Cross-boundary Removal of Sensitive DatatCWE-454t;External Initialization of Trusted Variables or Data StorestCWE-696tIncorrect Behavior OrdertCWE-1027t*OWASP Top Ten 2017 Category A1 - InjectiontCWE-1028t6OWASP Top Ten 2017 Category A2 - Broken AuthenticationtCWE-1029t8OWASP Top Ten 2017 Category A3 - Sensitive Data ExposuretCWE-1023t*Incomplete Comparison with Missing FactorstCWE-224t8Obscured Security-relevant Information by Alternate NametCWE-466t1Return of Pointer Value Outside of Expected RangetCWE-79tTImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')tCWE-1024t Comparison of Incompatible TypestCWE-467t!Use of sizeof() on a Pointer TypetCWE-1025tComparison Using Wrong FactorstCWE-226t.Sensitive Information Uncleared Before ReleasetCWE-468tIncorrect Pointer ScalingtCWE-77tSImproper Neutralization of Special Elements used in a Command ('Command Injection')tCWE-469t,Use of Pointer Subtraction to Determine SizetCWE-78tZImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')tCWE-227t7PK - API AbusetCWE-228t4Improper Handling of Syntactically Invalid StructuretCWE-75tWFailure to Sanitize Special Elements into a Different Plane (Special Element Injection)tCWE-229tImproper Handling of ValuestCWE-76t6Improper Neutralization of Equivalent Special ElementstCWE-1020tVerify Message IntegritytCWE-1021t4Improper Restriction of Rendered UI Layers or FramestCWE-73t%External Control of File Name or PathtCWE-1022t=Use of Web Link to Untrusted Target with window.opener AccesstCWE-74tbImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')tCWE-72t:Improper Handling of Apple HFS+ Alternate Data Stream PathtCWE-460t$Improper Cleanup on Thrown ExceptiontCWE-461tData Structure IssuestCWE-220tSensitive Data Under FTP RoottCWE-462t)Duplicate Key in Associative List (Alist)tCWE-221tInformation Loss or OmissiontCWE-463t#Deletion of Data Structure SentineltCWE-222t+Truncation of Security-relevant InformationtCWE-464t#Addition of Data Structure SentineltCWE-223t)Omission of Security-relevant InformationtCWE-465tPointer IssuestCWE-1016tLimit ExposuretCWE-1017t
Lock ComputertCWE-1018tManage User SessionstCWE-1019tValidate InputstCWE-279t(Incorrect Execution-Assigned PermissionstCWE-271t$Privilege Dropping / Lowering ErrorstCWE-272tLeast Privilege ViolationtCWE-273t%Improper Check for Dropped PrivilegestCWE-274t,Improper Handling of Insufficient PrivilegestCWE-275tPermission IssuestCWE-276tIncorrect Default PermissionstCWE-277tInsecure Inherited PermissionstCWE-278t(Insecure Preserved Inherited PermissionstCWE-270t!Privilege Context Switching ErrortCWE-282tImproper Ownership ManagementtCWE-283tUnverified OwnershiptCWE-284tImproper Access ControltCWE-285tImproper AuthorizationtCWE-286tIncorrect User ManagementtCWE-287tImproper AuthenticationtCWE-288t8Authentication Bypass Using an Alternate Path or ChanneltCWE-289t'Authentication Bypass by Alternate NametCWE-280tUse of Path Manipulation Function without Maximum-sized BuffertCWE-302t/Authentication Bypass by Assumed-Immutable DatatCWE-544t-Missing Standardized Error Handling MechanismtCWE-786t0Access of Memory Location Before Start of BuffertCWE-303t4Incorrect Implementation of Authentication AlgorithmtCWE-787tOut-of-bounds WritetCWE-304t'Missing Critical Step in AuthenticationtCWE-546tSuspicious CommenttCWE-788t-Access of Memory Location After End of BuffertCWE-305t)Authentication Bypass by Primary WeaknesstCWE-547t.Use of Hard-coded, Security-relevant ConstantstCWE-789tUncontrolled Memory AllocationtCWE-306t,Missing Authentication for Critical FunctiontCWE-548t.Information Exposure Through Directory ListingtCWE-307t9Improper Restriction of Excessive Authentication AttemptstCWE-549tMissing Password Field MaskingtCWE-308t#Use of Single-factor AuthenticationtCWE-780t!Use of RSA Algorithm without OAEPtCWE-781tIImproper Address Validation in IOCTL with METHOD_NEITHER I/O Control CodetCWE-540t(Information Exposure Through Source CodetCWE-782t.Exposed IOCTL with Insufficient Access ControltCWE-541t0Information Exposure Through Include Source CodetCWE-783tOperator Precedence Logic ErrortCWE-300t8Channel Accessible by Non-Endpoint ('Man-in-the-Middle')tCWE-784tTReliance on Cookies without Validation and Integrity Checking in a Security DecisiontCWE-950t/SFP Secondary Cluster: Hardcoded Sensitive DatatCWE-951t5SFP Secondary Cluster: Insecure Authentication PolicytCWE-710t&Improper Adherence to Coding StandardstCWE-952t-SFP Secondary Cluster: Missing AuthenticationtCWE-953t6SFP Secondary Cluster: Missing Endpoint AuthenticationtCWE-954t6SFP Secondary Cluster: Multiple Binds to the Same PorttCWE-712t;OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS)tCWE-955t2SFP Secondary Cluster: Unrestricted AuthenticationtCWE-713t0OWASP Top Ten 2007 Category A2 - Injection FlawstCWE-956t%SFP Secondary Cluster: Channel AttacktCWE-714t9OWASP Top Ten 2007 Category A3 - Malicious File ExecutiontCWE-957t%SFP Secondary Cluster: Protocol ErrortCWE-715tAOWASP Top Ten 2007 Category A4 - Insecure Direct Object ReferencetCWE-705tIncorrect Control Flow ScopingtCWE-947t,SFP Secondary Cluster: Authentication BypasstCWE-706t-Use of Incorrectly-Resolved Name or ReferencetCWE-948t*SFP Secondary Cluster: Digital CertificatetCWE-707t1Improper Enforcement of Message or Data StructuretCWE-949t5SFP Secondary Cluster: Faulty Endpoint AuthenticationtCWE-708tIncorrect Ownership AssignmenttCWE-961t3SFP Secondary Cluster: Incorrect Exception BehaviortCWE-962t1SFP Secondary Cluster: Unchecked Status ConditiontCWE-720t8OWASP Top Ten 2007 Category A9 - Insecure CommunicationstCWE-963t#SFP Secondary Cluster: Exposed DatatCWE-721t@OWASP Top Ten 2007 Category A10 - Failure to Restrict URL AccesstCWE-964t.SFP Secondary Cluster: Exposure Temporary FiletCWE-722t2OWASP Top Ten 2004 Category A1 - Unvalidated InputtCWE-965t2SFP Secondary Cluster: Insecure Session ManagementtCWE-723t6OWASP Top Ten 2004 Category A2 - Broken Access ControltCWE-966t&SFP Secondary Cluster: Other ExposurestCWE-724tMOWASP Top Ten 2004 Category A3 - Broken Authentication and Session ManagementtCWE-967t'SFP Secondary Cluster: State DisclosuretCWE-725tAOWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) FlawstCWE-968t%SFP Secondary Cluster: Covert ChanneltCWE-726t1OWASP Top Ten 2004 Category A5 - Buffer OverflowstCWE-960t/SFP Secondary Cluster: Ambiguous Exception TypetCWE-958t*SFP Secondary Cluster: Broken CryptographytCWE-716tBOWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF)tCWE-959t(SFP Secondary Cluster: Weak CryptographytCWE-717tPOWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error HandlingtCWE-718tMOWASP Top Ten 2007 Category A7 - Broken Authentication and Session ManagementtCWE-719t?OWASP Top Ten 2007 Category A8 - Insecure Cryptographic StoragetCWE-972t.SFP Secondary Cluster: Faulty String ExpansiontCWE-730t2OWASP Top Ten 2004 Category A9 - Denial of ServicetCWE-973t0SFP Secondary Cluster: Improper NULL TerminationtCWE-731tCOWASP Top Ten 2004 Category A10 - Insecure Configuration ManagementtCWE-732t5Incorrect Permission Assignment for Critical ResourcetCWE-974t:SFP Secondary Cluster: Incorrect Buffer Length ComputationtCWE-733tGCompiler Optimization Removal or Modification of Security-critical CodetCWE-975t#SFP Secondary Cluster: ArchitecturetCWE-976tSFP Secondary Cluster: CompilertCWE-735tCCERT C Secure Coding (2008 Version) Section 01 - Preprocessor (PRE)tCWE-977tSFP Secondary Cluster: DesigntCWE-736tVCERT C Secure Coding (2008 Version) Section 02 - Declarations and Initialization (DCL)tCWE-978t%SFP Secondary Cluster: ImplementationtCWE-737tBCERT C Secure Coding (2008 Version) Section 03 - Expressions (EXP)tCWE-979t)SFP Secondary Cluster: Failed Chroot JailtCWE-970t+SFP Secondary Cluster: Faulty Buffer AccesstCWE-971t)SFP Secondary Cluster: Faulty Pointer UsetCWE-969t,SFP Secondary Cluster: Faulty Memory ReleasetCWE-727t0OWASP Top Ten 2004 Category A6 - Injection FlawstCWE-728t8OWASP Top Ten 2004 Category A7 - Improper Error HandlingtCWE-729t1OWASP Top Ten 2004 Category A8 - Insecure StoragetCWE-741tMCERT C Secure Coding (2008 Version) Section 07 - Characters and Strings (STR)tCWE-983t*SFP Secondary Cluster: Faulty Resource UsetCWE-500t$Public Static Field Not Marked FinaltCWE-742tHCERT C Secure Coding (2008 Version) Section 08 - Memory Management (MEM)tCWE-984t!SFP Secondary Cluster: Life CycletCWE-501tTrust Boundary ViolationtCWE-743tCCERT C Secure Coding (2008 Version) Section 09 - Input Output (FIO)tCWE-985t/SFP Secondary Cluster: Unrestricted ConsumptiontCWE-502t!Deserialization of Untrusted DatatCWE-744tBCERT C Secure Coding (2008 Version) Section 10 - Environment (ENV)tCWE-986t#SFP Secondary Cluster: Missing LocktCWE-745t>CERT C Secure Coding (2008 Version) Section 11 - Signals (SIG)tCWE-987t-SFP Secondary Cluster: Multiple Locks/UnlockstCWE-746tECERT C Secure Coding (2008 Version) Section 12 - Error Handling (ERR)tCWE-988t,SFP Secondary Cluster: Race Condition WindowtCWE-747tDCERT C Secure Coding (2008 Version) Section 49 - Miscellaneous (MSC)tCWE-989t(SFP Secondary Cluster: Unrestricted LocktCWE-506tEmbedded Malicious CodetCWE-748t