20 |
Improper Input Validation |
|
Major |
Relationships |
|
Minor |
None |
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
Major |
Relationships |
|
Minor |
None |
74 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
|
Major |
Relationships |
|
Minor |
None |
78 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
|
Major |
Relationships |
|
Minor |
None |
79 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
|
Major |
Relationships |
|
Minor |
None |
88 |
Improper Delimitation of Arguments in a Command ('Argument Injection') |
|
Major |
Description, Name, References, Relationships |
|
Minor |
None |
89 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
|
Major |
Relationships |
|
Minor |
None |
94 |
Improper Control of Generation of Code ('Code Injection') |
|
Major |
Relationships |
|
Minor |
None |
119 |
Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
Major |
References, Relationships |
|
Minor |
None |
121 |
Stack-based Buffer Overflow |
|
Major |
References |
|
Minor |
None |
123 |
Write-what-where Condition |
|
Major |
Relationships |
|
Minor |
None |
125 |
Out-of-bounds Read |
|
Major |
Common_Consequences, Observed_Examples, Potential_Mitigations, References, Relationships |
|
Minor |
None |
126 |
Buffer Over-read |
|
Major |
Common_Consequences, References |
|
Minor |
None |
127 |
Buffer Under-read |
|
Major |
Common_Consequences, References |
|
Minor |
None |
129 |
Improper Validation of Array Index |
|
Major |
Potential_Mitigations |
|
Minor |
None |
134 |
Use of Externally-Controlled Format String |
|
Major |
Relationships |
|
Minor |
None |
190 |
Integer Overflow or Wraparound |
|
Major |
Relationships |
|
Minor |
None |
192 |
Integer Coercion Error |
|
Major |
Type |
|
Minor |
None |
194 |
Unexpected Sign Extension |
|
Major |
Type |
|
Minor |
None |
200 |
Information Exposure |
|
Major |
Demonstrative_Examples, Observed_Examples, Relationships |
|
Minor |
None |
209 |
Information Exposure Through an Error Message |
|
Major |
Demonstrative_Examples, Observed_Examples |
|
Minor |
None |
250 |
Execution with Unnecessary Privileges |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
267 |
Privilege Defined With Unsafe Actions |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
268 |
Privilege Chaining |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
269 |
Improper Privilege Management |
|
Major |
Demonstrative_Examples, Maintenance_Notes, Observed_Examples, Relationships |
|
Minor |
None |
282 |
Improper Ownership Management |
|
Major |
Maintenance_Notes |
|
Minor |
None |
287 |
Improper Authentication |
|
Major |
Relationships |
|
Minor |
None |
295 |
Improper Certificate Validation |
|
Major |
Demonstrative_Examples, Relationships |
|
Minor |
None |
296 |
Improper Following of a Certificate's Chain of Trust |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
297 |
Improper Validation of Certificate with Host Mismatch |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
298 |
Improper Validation of Certificate Expiration |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
299 |
Improper Check for Certificate Revocation |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
352 |
Cross-Site Request Forgery (CSRF) |
|
Major |
Relationships |
|
Minor |
None |
400 |
Uncontrolled Resource Consumption |
|
Major |
Description, Relationships |
|
Minor |
None |
416 |
Use After Free |
|
Major |
Relationships |
|
Minor |
None |
426 |
Untrusted Search Path |
|
Major |
Relationships |
|
Minor |
None |
434 |
Unrestricted Upload of File with Dangerous Type |
|
Major |
Relationships |
|
Minor |
None |
476 |
NULL Pointer Dereference |
|
Major |
References, Relationships |
|
Minor |
None |
502 |
Deserialization of Untrusted Data |
|
Major |
Relationships |
|
Minor |
None |
532 |
Inclusion of Sensitive Information in Log Files |
|
Major |
Demonstrative_Examples, Observed_Examples |
|
Minor |
None |
599 |
Missing Validation of OpenSSL Certificate |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
611 |
Improper Restriction of XML External Entity Reference |
|
Major |
Relationships |
|
Minor |
None |
617 |
Reachable Assertion |
|
Major |
Alternate_Terms |
|
Minor |
None |
667 |
Improper Locking |
|
Major |
Relationships |
|
Minor |
None |
697 |
Incorrect Comparison |
|
Major |
Relationships |
|
Minor |
None |
732 |
Incorrect Permission Assignment for Critical Resource |
|
Major |
Maintenance_Notes, Relationships |
|
Minor |
None |
772 |
Missing Release of Resource after Effective Lifetime |
|
Major |
Description, Relationships |
|
Minor |
None |
787 |
Out-of-bounds Write |
|
Major |
Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Observed_Examples, Potential_Mitigations, References, Relationships, Time_of_Introduction |
|
Minor |
None |
798 |
Use of Hard-coded Credentials |
|
Major |
Relationships |
|
Minor |
None |
1003 |
Weaknesses for Simplified Mapping of Published Vulnerabilities |
|
Major |
Description, Maintenance_Notes, Relationships |
|
Minor |
None |