CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > Reports > Differences between Version 4.11 and Version 4.12  
ID

Differences between Version 4.11 and Version 4.12

Summary
Summary
Total weaknesses/chains/composites (Version 4.12) 933
Total weaknesses/chains/composites (Version 4.11) 933
Total new 1
Total deprecated 0
Total with major changes 1419
Total with only minor changes
Total unchanged 0

Summary of Entry Types

Type Version 4.11 Version 4.12
Weakness 933 933
Category 374 374
View 48 49
Deprecated 64 64
Total 1419 1420

Field Change Summary
Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field Major Minor
Name 0 0
Description 3 0
Relationships 73 0
Common_Consequences 0 0
Applicable_Platforms 0 0
Modes_of_Introduction 0 0
Detection_Factors 0 0
Potential_Mitigations 0 0
Demonstrative_Examples 4 0
Observed_Examples 0 0
Related_Attack_Patterns 0 0
Weakness_Ordinalities 0 0
Time_of_Introduction 0 0
Likelihood_of_Exploit 0 0
References 3 0
Mapping_Notes 1419 0
Terminology_Notes 0 0
Alternate_Terms 0 0
Relationship_Notes 0 0
Taxonomy_Mappings 10 0
Maintenance_Notes 0 0
Research_Gaps 3 0
Background_Details 0 0
Theoretical_Notes 0 0
Other_Notes 0 0
View_Type 0 0
View_Structure 0 0
View_Filter 0 0
View_Audience 0 0
Type 0 0
Source_Taxonomy 0 0

Form and Abstraction Changes

From To Total CWE IDs
Unchanged 1419

Status Changes

From To Total
Unchanged 1419

Relationship Changes

The "Version 4.12 Total" lists the total number of relationships in Version 4.12. The "Shared" value is the total number of relationships in entries that were in both Version 4.12 and Version 4.11. The "New" value is the total number of relationships involving entries that did not exist in Version 4.11. Thus, the total number of relationships in Version 4.12 would combine stats from Shared entries and New entries.

Relationship Version 4.12 Total Version 4.11 Total Version 4.12 Shared Unchanged Added to Version 4.12 Removed from Version 4.11 Version 4.12 New
ALL 12418 12270 12368 12254 114 16 50
ChildOf 5268 5220 5268 5212 56 8
ParentOf 5268 5220 5268 5212 56 8
MemberOf 690 665 665 665 25
HasMember 690 665 665 665 25
CanPrecede 137 136 137 136 1
CanFollow 137 136 137 136 1
StartsWith 3 3 3 3
Requires 13 13 13 13
RequiredBy 13 13 13 13
CanAlsoBe 27 27 27 27
PeerOf 172 172 172 172

Nodes Removed from Version 4.11

CWE-ID CWE Name
None.

Nodes Added to Version 4.12

CWE-ID CWE Name
1425 Weaknesses in the 2023 CWE Top 25 Most Dangerous Software Weaknesses

Nodes Deprecated in Version 4.12

CWE-ID CWE Name
None.
Important Changes
Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D Description
N Name
R Relationships

R 20 Improper Input Validation
R 22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
R 77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
R 78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
R 79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
R 89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
R 94 Improper Control of Generation of Code ('Code Injection')
D 101 DEPRECATED: Struts Validation Problems
R 119 Improper Restriction of Operations within the Bounds of a Memory Buffer
R 121 Stack-based Buffer Overflow
R 125 Out-of-bounds Read
R 184 Incomplete List of Disallowed Inputs
R 190 Integer Overflow or Wraparound
R 248 Uncaught Exception
R 252 Unchecked Return Value
R 268 Privilege Chaining
R 269 Improper Privilege Management
R 276 Incorrect Default Permissions
R 287 Improper Authentication
R 288 Authentication Bypass Using an Alternate Path or Channel
R 306 Missing Authentication for Critical Function
R 308 Use of Single-factor Authentication
R 311 Missing Encryption of Sensitive Data
R 312 Cleartext Storage of Sensitive Information
D R 319 Cleartext Transmission of Sensitive Information
R 327 Use of a Broken or Risky Cryptographic Algorithm
R 328 Use of Weak Hash
R 330 Use of Insufficiently Random Values
R 336 Same Seed in Pseudo-Random Number Generator (PRNG)
R 337 Predictable Seed in Pseudo-Random Number Generator (PRNG)
R 341 Predictable from Observable State
R 346 Origin Validation Error
R 349 Acceptance of Extraneous Untrusted Data With Trusted Data
R 352 Cross-Site Request Forgery (CSRF)
R 362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
R 377 Insecure Temporary File
R 384 Session Fixation
R 392 Missing Report of Error Condition
R 400 Uncontrolled Resource Consumption
R 405 Asymmetric Resource Consumption (Amplification)
R 416 Use After Free
R 434 Unrestricted Upload of File with Dangerous Type
R 476 NULL Pointer Dereference
R 501 Trust Boundary Violation
R 502 Deserialization of Untrusted Data
R 603 Use of Client-Side Authentication
D 646 Reliance on File Name or Extension of Externally-Supplied File
R 648 Incorrect Use of Privileged APIs
R 664 Improper Control of a Resource Through its Lifetime
R 680 Integer Overflow to Buffer Overflow
R 690 Unchecked Return Value to NULL Pointer Dereference
R 692 Incomplete Denylist to Cross-Site Scripting
R 703 Improper Check or Handling of Exceptional Conditions
R 732 Incorrect Permission Assignment for Critical Resource
R 755 Improper Handling of Exceptional Conditions
R 766 Critical Data Element Declared Public
R 787 Out-of-bounds Write
R 789 Memory Allocation with Excessive Size Value
R 798 Use of Hard-coded Credentials
R 807 Reliance on Untrusted Inputs in a Security Decision
R 862 Missing Authorization
R 863 Incorrect Authorization
R 916 Use of Password Hash With Insufficient Computational Effort
R 918 Server-Side Request Forgery (SSRF)
R 940 Improper Verification of Source of a Communication Channel
R 942 Permissive Cross-domain Policy with Untrusted Domains
R 1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
R 1263 Improper Physical Access Control
R 1284 Improper Validation of Specified Quantity in Input
R 1303 Non-Transparent Sharing of Microarchitectural Resources
R 1364 ICS Communications: Zone Boundary Failures
R 1365 ICS Communications: Unreliability
R 1366 ICS Communications: Frail Security in Protocols
R 1368 ICS Dependencies (& Architecture): External Digital Systems
R 1393 Use of Default Password
Detailed Difference Report
Detailed Difference Report
1 DEPRECATED: Location
Major Mapping_Notes
Minor None
2 7PK - Environment
Major Mapping_Notes
Minor None
3 DEPRECATED: Technology-specific Environment Issues
Major Mapping_Notes
Minor None
4 DEPRECATED: J2EE Environment Issues
Major Mapping_Notes
Minor None
5 J2EE Misconfiguration: Data Transmission Without Encryption
Major Mapping_Notes
Minor None
6 J2EE Misconfiguration: Insufficient Session-ID Length
Major Mapping_Notes
Minor None
7 J2EE Misconfiguration: Missing Custom Error Page
Major Mapping_Notes
Minor None
8 J2EE Misconfiguration: Entity Bean Declared Remote
Major Mapping_Notes
Minor None
9 J2EE Misconfiguration: Weak Access Permissions for EJB Methods
Major Mapping_Notes
Minor None
10 DEPRECATED: ASP.NET Environment Issues
Major Mapping_Notes
Minor None
11 ASP.NET Misconfiguration: Creating Debug Binary
Major Mapping_Notes
Minor None
12 ASP.NET Misconfiguration: Missing Custom Error Page
Major Mapping_Notes
Minor None
13 ASP.NET Misconfiguration: Password in Configuration File
Major Mapping_Notes
Minor None
14 Compiler Removal of Code to Clear Buffers
Major Mapping_Notes
Minor None
15 External Control of System or Configuration Setting
Major Mapping_Notes
Minor None
16 Configuration
Major Mapping_Notes
Minor None
17 DEPRECATED: Code
Major Mapping_Notes
Minor None
18 DEPRECATED: Source Code
Major Mapping_Notes
Minor None
19 Data Processing Errors
Major Mapping_Notes
Minor None
20 Improper Input Validation
Major Mapping_Notes, Relationships
Minor None
21 DEPRECATED: Pathname Traversal and Equivalence Errors
Major Mapping_Notes
Minor None
22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Major Mapping_Notes, Relationships
Minor None
23 Relative Path Traversal
Major Mapping_Notes
Minor None
24 Path Traversal: '../filedir'
Major Mapping_Notes
Minor None
25 Path Traversal: '/../filedir'
Major Mapping_Notes
Minor None
26 Path Traversal: '/dir/../filename'
Major Mapping_Notes
Minor None
27 Path Traversal: 'dir/../../filename'
Major Mapping_Notes
Minor None
28 Path Traversal: '..\filedir'
Major Mapping_Notes
Minor None
29 Path Traversal: '\..\filename'
Major Mapping_Notes
Minor None
30 Path Traversal: '\dir\..\filename'
Major Mapping_Notes
Minor None
31 Path Traversal: 'dir\..\..\filename'
Major Mapping_Notes
Minor None
32 Path Traversal: '...' (Triple Dot)
Major Mapping_Notes
Minor None
33 Path Traversal: '....' (Multiple Dot)
Major Mapping_Notes
Minor None
34 Path Traversal: '....//'
Major Mapping_Notes
Minor None
35 Path Traversal: '.../...//'
Major Mapping_Notes
Minor None
36 Absolute Path Traversal
Major Mapping_Notes
Minor None
37 Path Traversal: '/absolute/pathname/here'
Major Mapping_Notes
Minor None
38 Path Traversal: '\absolute\pathname\here'
Major Mapping_Notes
Minor None
39 Path Traversal: 'C:dirname'
Major Mapping_Notes
Minor None
40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
Major Mapping_Notes
Minor None
41 Improper Resolution of Path Equivalence
Major Mapping_Notes
Minor None
42 Path Equivalence: 'filename.' (Trailing Dot)
Major Mapping_Notes
Minor None
43 Path Equivalence: 'filename....' (Multiple Trailing Dot)
Major Mapping_Notes
Minor None
44 Path Equivalence: 'file.name' (Internal Dot)
Major Mapping_Notes
Minor None
45 Path Equivalence: 'file...name' (Multiple Internal Dot)
Major Mapping_Notes
Minor None
46 Path Equivalence: 'filename ' (Trailing Space)
Major Mapping_Notes
Minor None
47 Path Equivalence: ' filename' (Leading Space)
Major Mapping_Notes
Minor None
48 Path Equivalence: 'file name' (Internal Whitespace)
Major Mapping_Notes
Minor None
49 Path Equivalence: 'filename/' (Trailing Slash)
Major Mapping_Notes
Minor None
50 Path Equivalence: '//multiple/leading/slash'
Major Mapping_Notes
Minor None
51 Path Equivalence: '/multiple//internal/slash'
Major Mapping_Notes
Minor None
52 Path Equivalence: '/multiple/trailing/slash//'
Major Mapping_Notes
Minor None
53 Path Equivalence: '\multiple\\internal\backslash'
Major Mapping_Notes
Minor None
54 Path Equivalence: 'filedir\' (Trailing Backslash)
Major Mapping_Notes
Minor None
55 Path Equivalence: '/./' (Single Dot Directory)
Major Mapping_Notes
Minor None
56 Path Equivalence: 'filedir*' (Wildcard)
Major Mapping_Notes
Minor None
57 Path Equivalence: 'fakedir/../realdir/filename'
Major Mapping_Notes
Minor None
58 Path Equivalence: Windows 8.3 Filename
Major Mapping_Notes
Minor None
59 Improper Link Resolution Before File Access ('Link Following')
Major Mapping_Notes
Minor None
60 DEPRECATED: UNIX Path Link Problems
Major Mapping_Notes
Minor None
61 UNIX Symbolic Link (Symlink) Following
Major Mapping_Notes
Minor None
62 UNIX Hard Link
Major Mapping_Notes
Minor None
63 DEPRECATED: Windows Path Link Problems
Major Mapping_Notes
Minor None
64 Windows Shortcut Following (.LNK)
Major Mapping_Notes
Minor None
65 Windows Hard Link
Major Mapping_Notes
Minor None
66 Improper Handling of File Names that Identify Virtual Resources
Major Mapping_Notes
Minor None
67 Improper Handling of Windows Device Names
Major Mapping_Notes
Minor None
68 DEPRECATED: Windows Virtual File Problems
Major Mapping_Notes
Minor None
69 Improper Handling of Windows ::DATA Alternate Data Stream
Major Mapping_Notes
Minor None
70 DEPRECATED: Mac Virtual File Problems
Major Mapping_Notes
Minor None
71 DEPRECATED: Apple '.DS_Store'
Major Mapping_Notes
Minor None
72 Improper Handling of Apple HFS+ Alternate Data Stream Path
Major Mapping_Notes
Minor None
73 External Control of File Name or Path
Major Mapping_Notes
Minor None
74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Major Mapping_Notes
Minor None
75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Major Mapping_Notes
Minor None
76 Improper Neutralization of Equivalent Special Elements
Major Mapping_Notes
Minor None
77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Major Mapping_Notes, Relationships
Minor None
78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Major Mapping_Notes, Relationships
Minor None
79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Major Mapping_Notes, Relationships
Minor None
80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Major Mapping_Notes
Minor None
81 Improper Neutralization of Script in an Error Message Web Page
Major Mapping_Notes
Minor None
82 Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
Major Mapping_Notes
Minor None
83 Improper Neutralization of Script in Attributes in a Web Page
Major Mapping_Notes
Minor None
84 Improper Neutralization of Encoded URI Schemes in a Web Page
Major Mapping_Notes
Minor None
85 Doubled Character XSS Manipulations
Major Mapping_Notes
Minor None
86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages
Major Mapping_Notes
Minor None
87 Improper Neutralization of Alternate XSS Syntax
Major Mapping_Notes
Minor None
88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Major Mapping_Notes
Minor None
89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Major Mapping_Notes, Relationships
Minor None
90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Major Mapping_Notes
Minor None
91 XML Injection (aka Blind XPath Injection)
Major Mapping_Notes
Minor None
92 DEPRECATED: Improper Sanitization of Custom Special Characters
Major Mapping_Notes
Minor None
93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
Major Mapping_Notes
Minor None
94 Improper Control of Generation of Code ('Code Injection')
Major Mapping_Notes, Relationships, Taxonomy_Mappings
Minor None
95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Major Mapping_Notes
Minor None
96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Major Mapping_Notes
Minor None
97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
Major Mapping_Notes
Minor None
98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Major Mapping_Notes
Minor None
99 Improper Control of Resource Identifiers ('Resource Injection')
Major Mapping_Notes
Minor None
100 DEPRECATED: Technology-Specific Input Validation Problems
Major Mapping_Notes
Minor None
101 DEPRECATED: Struts Validation Problems
Major Description, Mapping_Notes
Minor None
102 Struts: Duplicate Validation Forms
Major Mapping_Notes
Minor None
103 Struts: Incomplete validate() Method Definition
Major Mapping_Notes
Minor None
104 Struts: Form Bean Does Not Extend Validation Class
Major Mapping_Notes
Minor None
105 Struts: Form Field Without Validator
Major Mapping_Notes
Minor None
106 Struts: Plug-in Framework not in Use
Major Mapping_Notes
Minor None
107 Struts: Unused Validation Form
Major Mapping_Notes
Minor None
108 Struts: Unvalidated Action Form
Major Mapping_Notes
Minor None
109 Struts: Validator Turned Off
Major Mapping_Notes
Minor None
110 Struts: Validator Without Form Field
Major Mapping_Notes
Minor None
111 Direct Use of Unsafe JNI
Major Mapping_Notes
Minor None
112 Missing XML Validation
Major Mapping_Notes
Minor None
113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Major Mapping_Notes
Minor None
114 Process Control
Major Mapping_Notes
Minor None
115 Misinterpretation of Input
Major Mapping_Notes
Minor None
116 Improper Encoding or Escaping of Output
Major Mapping_Notes
Minor None
117 Improper Output Neutralization for Logs
Major Mapping_Notes
Minor None
118 Incorrect Access of Indexable Resource ('Range Error')
Major Mapping_Notes
Minor None
119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Major Mapping_Notes, Relationships
Minor None
120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Major Mapping_Notes
Minor None
121 Stack-based Buffer Overflow
Major Mapping_Notes, Relationships
Minor None
122 Heap-based Buffer Overflow
Major Mapping_Notes
Minor None
123 Write-what-where Condition
Major Mapping_Notes
Minor None
124 Buffer Underwrite ('Buffer Underflow')
Major Mapping_Notes
Minor None
125 Out-of-bounds Read
Major Mapping_Notes, Relationships
Minor None
126 Buffer Over-read
Major Mapping_Notes
Minor None
127 Buffer Under-read
Major Mapping_Notes
Minor None
128 Wrap-around Error
Major Mapping_Notes
Minor None
129 Improper Validation of Array Index
Major Mapping_Notes
Minor None
130 Improper Handling of Length Parameter Inconsistency
Major Mapping_Notes
Minor None
131 Incorrect Calculation of Buffer Size
Major Mapping_Notes
Minor None
132 DEPRECATED: Miscalculated Null Termination
Major Mapping_Notes
Minor None
133 String Errors
Major Mapping_Notes
Minor None
134 Use of Externally-Controlled Format String
Major Mapping_Notes
Minor None
135 Incorrect Calculation of Multi-Byte String Length
Major Mapping_Notes
Minor None
136 Type Errors
Major Mapping_Notes
Minor None
137 Data Neutralization Issues
Major Mapping_Notes
Minor None
138 Improper Neutralization of Special Elements
Major Mapping_Notes
Minor None
139 DEPRECATED: General Special Element Problems
Major Mapping_Notes
Minor None
140 Improper Neutralization of Delimiters
Major Mapping_Notes
Minor None
141 Improper Neutralization of Parameter/Argument Delimiters
Major Mapping_Notes
Minor None
142 Improper Neutralization of Value Delimiters
Major Mapping_Notes
Minor None
143 Improper Neutralization of Record Delimiters
Major Mapping_Notes
Minor None
144 Improper Neutralization of Line Delimiters
Major Mapping_Notes
Minor None
145 Improper Neutralization of Section Delimiters
Major Mapping_Notes
Minor None
146 Improper Neutralization of Expression/Command Delimiters
Major Mapping_Notes
Minor None
147 Improper Neutralization of Input Terminators
Major Mapping_Notes
Minor None
148 Improper Neutralization of Input Leaders
Major Mapping_Notes
Minor None
149 Improper Neutralization of Quoting Syntax
Major Mapping_Notes
Minor None
150 Improper Neutralization of Escape, Meta, or Control Sequences
Major Mapping_Notes
Minor None
151 Improper Neutralization of Comment Delimiters
Major Mapping_Notes
Minor None
152 Improper Neutralization of Macro Symbols
Major Mapping_Notes
Minor None
153 Improper Neutralization of Substitution Characters
Major Mapping_Notes
Minor None
154 Improper Neutralization of Variable Name Delimiters
Major Mapping_Notes
Minor None
155 Improper Neutralization of Wildcards or Matching Symbols
Major Mapping_Notes
Minor None
156 Improper Neutralization of Whitespace
Major Mapping_Notes
Minor None
157 Failure to Sanitize Paired Delimiters
Major Mapping_Notes
Minor None
158 Improper Neutralization of Null Byte or NUL Character
Major Mapping_Notes
Minor None
159 Improper Handling of Invalid Use of Special Elements
Major Mapping_Notes
Minor None
160 Improper Neutralization of Leading Special Elements
Major Mapping_Notes
Minor None
161 Improper Neutralization of Multiple Leading Special Elements
Major Mapping_Notes
Minor None
162 Improper Neutralization of Trailing Special Elements
Major Mapping_Notes
Minor None
163 Improper Neutralization of Multiple Trailing Special Elements
Major Mapping_Notes
Minor None
164 Improper Neutralization of Internal Special Elements
Major Mapping_Notes
Minor None
165 Improper Neutralization of Multiple Internal Special Elements
Major Mapping_Notes
Minor None
166 Improper Handling of Missing Special Element
Major Mapping_Notes
Minor None
167 Improper Handling of Additional Special Element
Major Mapping_Notes
Minor None
168 Improper Handling of Inconsistent Special Elements
Major Mapping_Notes
Minor None
169 DEPRECATED: Technology-Specific Special Elements
Major Mapping_Notes
Minor None
170 Improper Null Termination
Major Mapping_Notes
Minor None
171 DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
Major Mapping_Notes
Minor None
172 Encoding Error
Major Mapping_Notes
Minor None
173 Improper Handling of Alternate Encoding
Major Mapping_Notes
Minor None
174 Double Decoding of the Same Data
Major Mapping_Notes
Minor None
175 Improper Handling of Mixed Encoding
Major Mapping_Notes
Minor None
176 Improper Handling of Unicode Encoding
Major Mapping_Notes
Minor None
177 Improper Handling of URL Encoding (Hex Encoding)
Major Mapping_Notes
Minor None
178 Improper Handling of Case Sensitivity
Major Mapping_Notes
Minor None
179 Incorrect Behavior Order: Early Validation
Major Mapping_Notes
Minor None
180 Incorrect Behavior Order: Validate Before Canonicalize
Major Mapping_Notes
Minor None
181 Incorrect Behavior Order: Validate Before Filter
Major Mapping_Notes
Minor None
182 Collapse of Data into Unsafe Value
Major Mapping_Notes
Minor None
183 Permissive List of Allowed Inputs
Major Mapping_Notes
Minor None
184 Incomplete List of Disallowed Inputs
Major Mapping_Notes, Relationships
Minor None
185 Incorrect Regular Expression
Major Mapping_Notes
Minor None
186 Overly Restrictive Regular Expression
Major Mapping_Notes
Minor None
187 Partial String Comparison
Major Mapping_Notes
Minor None
188 Reliance on Data/Memory Layout
Major Mapping_Notes
Minor None
189 Numeric Errors
Major Mapping_Notes
Minor None
190 Integer Overflow or Wraparound
Major Mapping_Notes, Relationships
Minor None
191 Integer Underflow (Wrap or Wraparound)
Major Mapping_Notes
Minor None
192 Integer Coercion Error
Major Mapping_Notes
Minor None
193 Off-by-one Error
Major Mapping_Notes
Minor None
194 Unexpected Sign Extension
Major Mapping_Notes
Minor None
195 Signed to Unsigned Conversion Error
Major Mapping_Notes
Minor None
196 Unsigned to Signed Conversion Error
Major Mapping_Notes
Minor None
197 Numeric Truncation Error
Major Mapping_Notes
Minor None
198 Use of Incorrect Byte Ordering
Major Mapping_Notes
Minor None
199 Information Management Errors
Major Mapping_Notes
Minor None
200 Exposure of Sensitive Information to an Unauthorized Actor
Major Mapping_Notes
Minor None
201 Insertion of Sensitive Information Into Sent Data
Major Mapping_Notes
Minor None
202 Exposure of Sensitive Information Through Data Queries
Major Mapping_Notes
Minor None
203 Observable Discrepancy
Major Mapping_Notes
Minor None
204 Observable Response Discrepancy
Major Mapping_Notes
Minor None
205 Observable Behavioral Discrepancy
Major Mapping_Notes
Minor None
206 Observable Internal Behavioral Discrepancy
Major Mapping_Notes
Minor None
207 Observable Behavioral Discrepancy With Equivalent Products
Major Mapping_Notes
Minor None
208 Observable Timing Discrepancy
Major Mapping_Notes
Minor None
209 Generation of Error Message Containing Sensitive Information
Major Mapping_Notes
Minor None
210 Self-generated Error Message Containing Sensitive Information
Major Mapping_Notes
Minor None
211 Externally-Generated Error Message Containing Sensitive Information
Major Mapping_Notes
Minor None
212 Improper Removal of Sensitive Information Before Storage or Transfer
Major Mapping_Notes
Minor None
213 Exposure of Sensitive Information Due to Incompatible Policies
Major Mapping_Notes
Minor None
214 Invocation of Process Using Visible Sensitive Information
Major Mapping_Notes
Minor None
215 Insertion of Sensitive Information Into Debugging Code
Major Mapping_Notes
Minor None
216 DEPRECATED: Containment Errors (Container Errors)
Major Mapping_Notes
Minor None
217 DEPRECATED: Failure to Protect Stored Data from Modification
Major Mapping_Notes
Minor None
218 DEPRECATED: Failure to provide confidentiality for stored data
Major Mapping_Notes
Minor None
219 Storage of File with Sensitive Data Under Web Root
Major Mapping_Notes
Minor None
220 Storage of File With Sensitive Data Under FTP Root
Major Mapping_Notes
Minor None
221 Information Loss or Omission
Major Mapping_Notes
Minor None
222 Truncation of Security-relevant Information
Major Mapping_Notes
Minor None
223 Omission of Security-relevant Information
Major Mapping_Notes
Minor None
224 Obscured Security-relevant Information by Alternate Name
Major Mapping_Notes
Minor None
225 DEPRECATED: General Information Management Problems
Major Mapping_Notes
Minor None
226 Sensitive Information in Resource Not Removed Before Reuse
Major Mapping_Notes
Minor None
227 7PK - API Abuse
Major Mapping_Notes
Minor None
228 Improper Handling of Syntactically Invalid Structure
Major Mapping_Notes
Minor None
229 Improper Handling of Values
Major Mapping_Notes
Minor None
230 Improper Handling of Missing Values
Major Mapping_Notes
Minor None
231 Improper Handling of Extra Values
Major Mapping_Notes
Minor None
232 Improper Handling of Undefined Values
Major Mapping_Notes
Minor None
233 Improper Handling of Parameters
Major Mapping_Notes
Minor None
234 Failure to Handle Missing Parameter
Major Mapping_Notes
Minor None
235 Improper Handling of Extra Parameters
Major Mapping_Notes
Minor None
236 Improper Handling of Undefined Parameters
Major Mapping_Notes
Minor None
237 Improper Handling of Structural Elements
Major Mapping_Notes
Minor None
238 Improper Handling of Incomplete Structural Elements
Major Mapping_Notes
Minor None
239 Failure to Handle Incomplete Element
Major Mapping_Notes
Minor None
240 Improper Handling of Inconsistent Structural Elements
Major Mapping_Notes
Minor None
241 Improper Handling of Unexpected Data Type
Major Mapping_Notes
Minor None
242 Use of Inherently Dangerous Function
Major Mapping_Notes
Minor None
243 Creation of chroot Jail Without Changing Working Directory
Major Mapping_Notes
Minor None
244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Major Mapping_Notes
Minor None
245 J2EE Bad Practices: Direct Management of Connections
Major Mapping_Notes
Minor None
246 J2EE Bad Practices: Direct Use of Sockets
Major Mapping_Notes
Minor None
247 DEPRECATED: Reliance on DNS Lookups in a Security Decision
Major Mapping_Notes
Minor None
248 Uncaught Exception
Major Mapping_Notes, Relationships
Minor None
249 DEPRECATED: Often Misused: Path Manipulation
Major Mapping_Notes
Minor None
250 Execution with Unnecessary Privileges
Major Mapping_Notes
Minor None
251 Often Misused: String Management
Major Mapping_Notes
Minor None
252 Unchecked Return Value
Major Mapping_Notes, Relationships
Minor None
253 Incorrect Check of Function Return Value
Major Mapping_Notes
Minor None
254 7PK - Security Features
Major Mapping_Notes
Minor None
255 Credentials Management Errors
Major Mapping_Notes
Minor None
256 Plaintext Storage of a Password
Major Mapping_Notes
Minor None
257 Storing Passwords in a Recoverable Format
Major Mapping_Notes
Minor None
258 Empty Password in Configuration File
Major Mapping_Notes
Minor None
259 Use of Hard-coded Password
Major Mapping_Notes
Minor None
260 Password in Configuration File
Major Mapping_Notes
Minor None
261 Weak Encoding for Password
Major Mapping_Notes
Minor None
262 Not Using Password Aging
Major Mapping_Notes
Minor None
263 Password Aging with Long Expiration
Major Mapping_Notes
Minor None
264 Permissions, Privileges, and Access Controls
Major Mapping_Notes
Minor None
265 Privilege Issues
Major Mapping_Notes
Minor None
266 Incorrect Privilege Assignment
Major Mapping_Notes
Minor None
267 Privilege Defined With Unsafe Actions
Major Mapping_Notes
Minor None
268 Privilege Chaining
Major Mapping_Notes, Relationships
Minor None
269 Improper Privilege Management
Major Mapping_Notes, Relationships, Taxonomy_Mappings
Minor None
270 Privilege Context Switching Error
Major Mapping_Notes
Minor None
271 Privilege Dropping / Lowering Errors
Major Mapping_Notes
Minor None
272 Least Privilege Violation
Major Mapping_Notes
Minor None
273 Improper Check for Dropped Privileges
Major Mapping_Notes
Minor None
274 Improper Handling of Insufficient Privileges
Major Mapping_Notes
Minor None
275 Permission Issues
Major Mapping_Notes
Minor None
276 Incorrect Default Permissions
Major Mapping_Notes, Relationships
Minor None
277 Insecure Inherited Permissions
Major Mapping_Notes
Minor None
278 Insecure Preserved Inherited Permissions
Major Mapping_Notes
Minor None
279 Incorrect Execution-Assigned Permissions
Major Mapping_Notes
Minor None
280 Improper Handling of Insufficient Permissions or Privileges
Major Mapping_Notes
Minor None
281 Improper Preservation of Permissions
Major Mapping_Notes
Minor None
282 Improper Ownership Management
Major Mapping_Notes
Minor None
283 Unverified Ownership
Major Mapping_Notes
Minor None
284 Improper Access Control
Major Mapping_Notes
Minor None
285 Improper Authorization
Major Mapping_Notes
Minor None
286 Incorrect User Management
Major Mapping_Notes
Minor None
287 Improper Authentication
Major Mapping_Notes, Relationships
Minor None
288 Authentication Bypass Using an Alternate Path or Channel
Major Mapping_Notes, Relationships
Minor None
289 Authentication Bypass by Alternate Name
Major Mapping_Notes
Minor None
290 Authentication Bypass by Spoofing
Major Mapping_Notes
Minor None
291 Reliance on IP Address for Authentication
Major Mapping_Notes
Minor None
292 DEPRECATED: Trusting Self-reported DNS Name
Major Mapping_Notes
Minor None
293 Using Referer Field for Authentication
Major Mapping_Notes
Minor None
294 Authentication Bypass by Capture-replay
Major Mapping_Notes
Minor None
295 Improper Certificate Validation
Major Mapping_Notes
Minor None
296 Improper Following of a Certificate's Chain of Trust
Major Mapping_Notes
Minor None
297 Improper Validation of Certificate with Host Mismatch
Major Mapping_Notes
Minor None
298 Improper Validation of Certificate Expiration
Major Mapping_Notes
Minor None
299 Improper Check for Certificate Revocation
Major Mapping_Notes
Minor None
300 Channel Accessible by Non-Endpoint
Major Mapping_Notes
Minor None
301 Reflection Attack in an Authentication Protocol
Major Mapping_Notes
Minor None
302 Authentication Bypass by Assumed-Immutable Data
Major Mapping_Notes
Minor None
303 Incorrect Implementation of Authentication Algorithm
Major Mapping_Notes
Minor None
304 Missing Critical Step in Authentication
Major Mapping_Notes
Minor None
305 Authentication Bypass by Primary Weakness
Major Mapping_Notes
Minor None
306 Missing Authentication for Critical Function
Major Mapping_Notes, Relationships
Minor None
307 Improper Restriction of Excessive Authentication Attempts
Major Mapping_Notes
Minor None
308 Use of Single-factor Authentication
Major Mapping_Notes, Relationships
Minor None
309 Use of Password System for Primary Authentication
Major Mapping_Notes
Minor None
310 Cryptographic Issues
Major Mapping_Notes
Minor None
311 Missing Encryption of Sensitive Data
Major Mapping_Notes, Relationships
Minor None
312 Cleartext Storage of Sensitive Information
Major Mapping_Notes, Relationships
Minor None
313 Cleartext Storage in a File or on Disk
Major Mapping_Notes
Minor None
314 Cleartext Storage in the Registry
Major Mapping_Notes
Minor None
315 Cleartext Storage of Sensitive Information in a Cookie
Major Mapping_Notes
Minor None
316 Cleartext Storage of Sensitive Information in Memory
Major Mapping_Notes
Minor None
317 Cleartext Storage of Sensitive Information in GUI
Major Mapping_Notes
Minor None
318 Cleartext Storage of Sensitive Information in Executable
Major Mapping_Notes
Minor None
319 Cleartext Transmission of Sensitive Information
Major Description, Mapping_Notes, Relationships
Minor None
320 Key Management Errors
Major Mapping_Notes
Minor None
321 Use of Hard-coded Cryptographic Key
Major Mapping_Notes, Taxonomy_Mappings
Minor None
322 Key Exchange without Entity Authentication
Major Mapping_Notes
Minor None
323 Reusing a Nonce, Key Pair in Encryption
Major Mapping_Notes
Minor None
324 Use of a Key Past its Expiration Date
Major Mapping_Notes
Minor None
325 Missing Cryptographic Step
Major Mapping_Notes
Minor None
326 Inadequate Encryption Strength
Major Mapping_Notes
Minor None
327 Use of a Broken or Risky Cryptographic Algorithm
Major Mapping_Notes, Relationships
Minor None
328 Use of Weak Hash
Major Mapping_Notes, Relationships
Minor None
329 Generation of Predictable IV with CBC Mode
Major Mapping_Notes
Minor None
330 Use of Insufficiently Random Values
Major Mapping_Notes, Relationships
Minor None
331 Insufficient Entropy
Major Mapping_Notes
Minor None
332 Insufficient Entropy in PRNG
Major Mapping_Notes
Minor None
333 Improper Handling of Insufficient Entropy in TRNG
Major Mapping_Notes
Minor None
334 Small Space of Random Values
Major Mapping_Notes
Minor None
335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
Major Mapping_Notes
Minor None
336 Same Seed in Pseudo-Random Number Generator (PRNG)
Major Mapping_Notes, Relationships
Minor None
337 Predictable Seed in Pseudo-Random Number Generator (PRNG)
Major Mapping_Notes, Relationships
Minor None
338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Major Mapping_Notes
Minor None
339 Small Seed Space in PRNG
Major Mapping_Notes
Minor None
340 Generation of Predictable Numbers or Identifiers
Major Mapping_Notes
Minor None
341 Predictable from Observable State
Major Mapping_Notes, Relationships
Minor None
342 Predictable Exact Value from Previous Values
Major Mapping_Notes
Minor None
343 Predictable Value Range from Previous Values
Major Mapping_Notes
Minor None
344 Use of Invariant Value in Dynamically Changing Context
Major Mapping_Notes
Minor None
345 Insufficient Verification of Data Authenticity
Major Mapping_Notes
Minor None
346 Origin Validation Error
Major Mapping_Notes, Relationships
Minor None
347 Improper Verification of Cryptographic Signature
Major Mapping_Notes
Minor None
348 Use of Less Trusted Source
Major Mapping_Notes
Minor None
349 Acceptance of Extraneous Untrusted Data With Trusted Data
Major Mapping_Notes, Relationships
Minor None
350 Reliance on Reverse DNS Resolution for a Security-Critical Action
Major Mapping_Notes
Minor None
351 Insufficient Type Distinction
Major Mapping_Notes
Minor None
352 Cross-Site Request Forgery (CSRF)
Major Mapping_Notes, Relationships
Minor None
353 Missing Support for Integrity Check
Major Mapping_Notes
Minor None
354 Improper Validation of Integrity Check Value
Major Mapping_Notes
Minor None
355 User Interface Security Issues
Major Mapping_Notes
Minor None
356 Product UI does not Warn User of Unsafe Actions
Major Mapping_Notes
Minor None
357 Insufficient UI Warning of Dangerous Operations
Major Mapping_Notes
Minor None
358 Improperly Implemented Security Check for Standard
Major Mapping_Notes
Minor None
359 Exposure of Private Personal Information to an Unauthorized Actor
Major Mapping_Notes
Minor None
360 Trust of System Event Data
Major Mapping_Notes
Minor None
361 7PK - Time and State
Major Mapping_Notes
Minor None
362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Major Mapping_Notes, Relationships
Minor None
363 Race Condition Enabling Link Following
Major Mapping_Notes
Minor None
364 Signal Handler Race Condition
Major Mapping_Notes
Minor None
365 DEPRECATED: Race Condition in Switch
Major Mapping_Notes
Minor None
366 Race Condition within a Thread
Major Mapping_Notes
Minor None
367 Time-of-check Time-of-use (TOCTOU) Race Condition
Major Mapping_Notes
Minor None
368 Context Switching Race Condition
Major Mapping_Notes
Minor None
369 Divide By Zero
Major Mapping_Notes
Minor None
370 Missing Check for Certificate Revocation after Initial Check
Major Mapping_Notes
Minor None
371 State Issues
Major Mapping_Notes
Minor None
372 Incomplete Internal State Distinction
Major Mapping_Notes
Minor None
373 DEPRECATED: State Synchronization Error
Major Mapping_Notes
Minor None
374 Passing Mutable Objects to an Untrusted Method
Major Mapping_Notes
Minor None
375 Returning a Mutable Object to an Untrusted Caller
Major Mapping_Notes
Minor None
376 DEPRECATED: Temporary File Issues
Major Mapping_Notes
Minor None
377 Insecure Temporary File
Major Mapping_Notes, Relationships
Minor None
378 Creation of Temporary File With Insecure Permissions
Major Mapping_Notes
Minor None
379 Creation of Temporary File in Directory with Insecure Permissions
Major Mapping_Notes
Minor None
380 DEPRECATED: Technology-Specific Time and State Issues
Major Mapping_Notes
Minor None
381 DEPRECATED: J2EE Time and State Issues
Major Mapping_Notes
Minor None
382 J2EE Bad Practices: Use of System.exit()
Major Mapping_Notes
Minor None
383 J2EE Bad Practices: Direct Use of Threads
Major Mapping_Notes
Minor None
384 Session Fixation
Major Mapping_Notes, Relationships
Minor None
385 Covert Timing Channel
Major Mapping_Notes
Minor None
386 Symbolic Name not Mapping to Correct Object
Major Mapping_Notes
Minor None
387 Signal Errors
Major Mapping_Notes
Minor None
388 7PK - Errors
Major Mapping_Notes
Minor None
389 Error Conditions, Return Values, Status Codes
Major Mapping_Notes
Minor None
390 Detection of Error Condition Without Action
Major Mapping_Notes
Minor None
391 Unchecked Error Condition
Major Mapping_Notes
Minor None
392 Missing Report of Error Condition
Major Mapping_Notes, Relationships
Minor None
393 Return of Wrong Status Code
Major Mapping_Notes
Minor None
394 Unexpected Status Code or Return Value
Major Mapping_Notes
Minor None
395 Use of NullPointerException Catch to Detect NULL Pointer Dereference
Major Mapping_Notes
Minor None
396 Declaration of Catch for Generic Exception
Major Mapping_Notes
Minor None
397 Declaration of Throws for Generic Exception
Major Mapping_Notes
Minor None
398 7PK - Code Quality
Major Mapping_Notes
Minor None
399 Resource Management Errors
Major Mapping_Notes
Minor None
400 Uncontrolled Resource Consumption
Major Mapping_Notes, Relationships
Minor None
401 Missing Release of Memory after Effective Lifetime
Major Mapping_Notes
Minor None
402 Transmission of Private Resources into a New Sphere ('Resource Leak')
Major Mapping_Notes
Minor None
403 Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
Major Mapping_Notes
Minor None
404 Improper Resource Shutdown or Release
Major Mapping_Notes
Minor None
405 Asymmetric Resource Consumption (Amplification)
Major Mapping_Notes, Relationships
Minor None
406 Insufficient Control of Network Message Volume (Network Amplification)
Major Mapping_Notes
Minor None
407 Inefficient Algorithmic Complexity
Major Mapping_Notes
Minor None
408 Incorrect Behavior Order: Early Amplification
Major Mapping_Notes
Minor None
409 Improper Handling of Highly Compressed Data (Data Amplification)
Major Mapping_Notes
Minor None
410 Insufficient Resource Pool
Major Mapping_Notes
Minor None
411 Resource Locking Problems
Major Mapping_Notes
Minor None
412 Unrestricted Externally Accessible Lock
Major Mapping_Notes
Minor None
413 Improper Resource Locking
Major Mapping_Notes
Minor None
414 Missing Lock Check
Major Mapping_Notes
Minor None
415 Double Free
Major Mapping_Notes
Minor None
416 Use After Free
Major Mapping_Notes, Relationships
Minor None
417 Communication Channel Errors
Major Mapping_Notes
Minor None
418 DEPRECATED: Channel Errors
Major Mapping_Notes
Minor None
419 Unprotected Primary Channel
Major Mapping_Notes
Minor None
420 Unprotected Alternate Channel
Major Mapping_Notes
Minor None
421 Race Condition During Access to Alternate Channel
Major Mapping_Notes
Minor None
422 Unprotected Windows Messaging Channel ('Shatter')
Major Mapping_Notes
Minor None
423 DEPRECATED: Proxied Trusted Channel
Major Mapping_Notes
Minor None
424 Improper Protection of Alternate Path
Major Mapping_Notes
Minor None
425 Direct Request ('Forced Browsing')
Major Mapping_Notes
Minor None
426 Untrusted Search Path
Major Mapping_Notes
Minor None
427 Uncontrolled Search Path Element
Major Mapping_Notes
Minor None
428 Unquoted Search Path or Element
Major Mapping_Notes
Minor None
429 Handler Errors
Major Mapping_Notes
Minor None
430 Deployment of Wrong Handler
Major Mapping_Notes
Minor None
431 Missing Handler
Major Mapping_Notes
Minor None
432 Dangerous Signal Handler not Disabled During Sensitive Operations
Major Mapping_Notes
Minor None
433 Unparsed Raw Web Content Delivery
Major Mapping_Notes
Minor None
434 Unrestricted Upload of File with Dangerous Type
Major Mapping_Notes, Relationships
Minor None
435 Improper Interaction Between Multiple Correctly-Behaving Entities
Major Mapping_Notes, Research_Gaps
Minor None
436 Interpretation Conflict
Major Mapping_Notes
Minor None
437 Incomplete Model of Endpoint Features
Major Mapping_Notes
Minor None
438 Behavioral Problems
Major Mapping_Notes
Minor None
439 Behavioral Change in New Version or Environment
Major Mapping_Notes
Minor None
440 Expected Behavior Violation
Major Mapping_Notes
Minor None
441 Unintended Proxy or Intermediary ('Confused Deputy')
Major Mapping_Notes
Minor None
442 DEPRECATED: Web Problems
Major Mapping_Notes
Minor None
443 DEPRECATED: HTTP response splitting
Major Mapping_Notes
Minor None
444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Major Mapping_Notes
Minor None
445 DEPRECATED: User Interface Errors
Major Mapping_Notes
Minor None
446 UI Discrepancy for Security Feature
Major Mapping_Notes
Minor None
447 Unimplemented or Unsupported Feature in UI
Major Mapping_Notes
Minor None
448 Obsolete Feature in UI
Major Mapping_Notes
Minor None
449 The UI Performs the Wrong Action
Major Mapping_Notes
Minor None
450 Multiple Interpretations of UI Input
Major Mapping_Notes
Minor None
451 User Interface (UI) Misrepresentation of Critical Information
Major Mapping_Notes
Minor None
452 Initialization and Cleanup Errors
Major Mapping_Notes
Minor None
453 Insecure Default Variable Initialization
Major Mapping_Notes
Minor None
454 External Initialization of Trusted Variables or Data Stores
Major Mapping_Notes
Minor None
455 Non-exit on Failed Initialization
Major Mapping_Notes
Minor None
456 Missing Initialization of a Variable
Major Mapping_Notes
Minor None
457 Use of Uninitialized Variable
Major Mapping_Notes
Minor None
458 DEPRECATED: Incorrect Initialization
Major Mapping_Notes
Minor None
459 Incomplete Cleanup
Major Mapping_Notes
Minor None
460 Improper Cleanup on Thrown Exception
Major Mapping_Notes
Minor None
461 DEPRECATED: Data Structure Issues
Major Mapping_Notes
Minor None
462 Duplicate Key in Associative List (Alist)
Major Mapping_Notes
Minor None
463 Deletion of Data Structure Sentinel
Major Mapping_Notes
Minor None
464 Addition of Data Structure Sentinel
Major Mapping_Notes
Minor None
465 Pointer Issues
Major Mapping_Notes
Minor None
466 Return of Pointer Value Outside of Expected Range
Major Mapping_Notes
Minor None
467 Use of sizeof() on a Pointer Type
Major Mapping_Notes
Minor None
468 Incorrect Pointer Scaling
Major Mapping_Notes
Minor None
469 Use of Pointer Subtraction to Determine Size
Major Mapping_Notes
Minor None
470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Major Mapping_Notes
Minor None
471 Modification of Assumed-Immutable Data (MAID)
Major Mapping_Notes
Minor None
472 External Control of Assumed-Immutable Web Parameter
Major Mapping_Notes
Minor None
473 PHP External Variable Modification
Major Mapping_Notes
Minor None
474 Use of Function with Inconsistent Implementations
Major Mapping_Notes
Minor None
475 Undefined Behavior for Input to API
Major Mapping_Notes
Minor None
476 NULL Pointer Dereference
Major Mapping_Notes, Relationships
Minor None
477 Use of Obsolete Function
Major Mapping_Notes
Minor None
478 Missing Default Case in Multiple Condition Expression
Major Mapping_Notes
Minor None
479 Signal Handler Use of a Non-reentrant Function
Major Mapping_Notes
Minor None
480 Use of Incorrect Operator
Major Mapping_Notes
Minor None
481 Assigning instead of Comparing
Major Mapping_Notes
Minor None
482 Comparing instead of Assigning
Major Mapping_Notes
Minor None
483 Incorrect Block Delimitation
Major Mapping_Notes
Minor None
484 Omitted Break Statement in Switch
Major Mapping_Notes
Minor None
485 7PK - Encapsulation
Major Mapping_Notes
Minor None
486 Comparison of Classes by Name
Major Mapping_Notes
Minor None
487 Reliance on Package-level Scope
Major Mapping_Notes
Minor None
488 Exposure of Data Element to Wrong Session
Major Mapping_Notes
Minor None
489 Active Debug Code
Major Mapping_Notes
Minor None
490 DEPRECATED: Mobile Code Issues
Major Mapping_Notes
Minor None
491 Public cloneable() Method Without Final ('Object Hijack')
Major Mapping_Notes
Minor None
492 Use of Inner Class Containing Sensitive Data
Major Mapping_Notes
Minor None
493 Critical Public Variable Without Final Modifier
Major Mapping_Notes
Minor None
494 Download of Code Without Integrity Check
Major Mapping_Notes
Minor None
495 Private Data Structure Returned From A Public Method
Major Mapping_Notes
Minor None
496 Public Data Assigned to Private Array-Typed Field
Major Mapping_Notes
Minor None
497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
Major Mapping_Notes
Minor None
498 Cloneable Class Containing Sensitive Information
Major Mapping_Notes
Minor None
499 Serializable Class Containing Sensitive Data
Major Mapping_Notes
Minor None
500 Public Static Field Not Marked Final
Major Mapping_Notes
Minor None
501 Trust Boundary Violation
Major Mapping_Notes, Relationships
Minor None
502 Deserialization of Untrusted Data
Major Mapping_Notes, Relationships
Minor None
503 DEPRECATED: Byte/Object Code
Major Mapping_Notes
Minor None
504 DEPRECATED: Motivation/Intent
Major Mapping_Notes
Minor None
505 DEPRECATED: Intentionally Introduced Weakness
Major Mapping_Notes
Minor None
506 Embedded Malicious Code
Major Mapping_Notes
Minor None
507 Trojan Horse
Major Mapping_Notes
Minor None
508 Non-Replicating Malicious Code
Major Mapping_Notes
Minor None
509 Replicating Malicious Code (Virus or Worm)
Major Mapping_Notes
Minor None
510 Trapdoor
Major Mapping_Notes
Minor None
511 Logic/Time Bomb
Major Mapping_Notes
Minor None
512 Spyware
Major Mapping_Notes
Minor None
513 DEPRECATED: Intentionally Introduced Nonmalicious Weakness
Major Mapping_Notes
Minor None
514 Covert Channel
Major Mapping_Notes
Minor None
515 Covert Storage Channel
Major Mapping_Notes
Minor None
516 DEPRECATED: Covert Timing Channel
Major Mapping_Notes
Minor None
517 DEPRECATED: Other Intentional, Nonmalicious Weakness
Major Mapping_Notes
Minor None
518 DEPRECATED: Inadvertently Introduced Weakness
Major Mapping_Notes
Minor None
519 DEPRECATED: .NET Environment Issues
Major Mapping_Notes
Minor None
520 .NET Misconfiguration: Use of Impersonation
Major Mapping_Notes
Minor None
521 Weak Password Requirements
Major Mapping_Notes
Minor None
522 Insufficiently Protected Credentials
Major Mapping_Notes
Minor None
523 Unprotected Transport of Credentials
Major Mapping_Notes
Minor None
524 Use of Cache Containing Sensitive Information
Major Mapping_Notes
Minor None
525 Use of Web Browser Cache Containing Sensitive Information
Major Mapping_Notes
Minor None
526 Cleartext Storage of Sensitive Information in an Environment Variable
Major Mapping_Notes
Minor None
527 Exposure of Version-Control Repository to an Unauthorized Control Sphere
Major Mapping_Notes
Minor None
528 Exposure of Core Dump File to an Unauthorized Control Sphere
Major Mapping_Notes
Minor None
529 Exposure of Access Control List Files to an Unauthorized Control Sphere
Major Mapping_Notes
Minor None
530 Exposure of Backup File to an Unauthorized Control Sphere
Major Mapping_Notes
Minor None
531 Inclusion of Sensitive Information in Test Code
Major Mapping_Notes
Minor None
532 Insertion of Sensitive Information into Log File
Major Mapping_Notes
Minor None
533 DEPRECATED: Information Exposure Through Server Log Files
Major Mapping_Notes
Minor None
534 DEPRECATED: Information Exposure Through Debug Log Files
Major Mapping_Notes
Minor None
535 Exposure of Information Through Shell Error Message
Major Mapping_Notes
Minor None
536 Servlet Runtime Error Message Containing Sensitive Information
Major Mapping_Notes
Minor None
537 Java Runtime Error Message Containing Sensitive Information
Major Mapping_Notes
Minor None
538 Insertion of Sensitive Information into Externally-Accessible File or Directory
Major Mapping_Notes
Minor None
539 Use of Persistent Cookies Containing Sensitive Information
Major Mapping_Notes
Minor None
540 Inclusion of Sensitive Information in Source Code
Major Mapping_Notes
Minor None
541 Inclusion of Sensitive Information in an Include File
Major Mapping_Notes
Minor None
542 DEPRECATED: Information Exposure Through Cleanup Log Files
Major Mapping_Notes
Minor None
543 Use of Singleton Pattern Without Synchronization in a Multithreaded Context
Major Mapping_Notes
Minor None
544 Missing Standardized Error Handling Mechanism
Major Mapping_Notes
Minor None
545 DEPRECATED: Use of Dynamic Class Loading
Major Mapping_Notes
Minor None
546 Suspicious Comment
Major Mapping_Notes
Minor None
547 Use of Hard-coded, Security-relevant Constants
Major Demonstrative_Examples, Mapping_Notes
Minor None
548 Exposure of Information Through Directory Listing
Major Mapping_Notes
Minor None
549 Missing Password Field Masking
Major Mapping_Notes
Minor None
550 Server-generated Error Message Containing Sensitive Information
Major Mapping_Notes
Minor None
551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
Major Mapping_Notes
Minor None
552 Files or Directories Accessible to External Parties
Major Mapping_Notes
Minor None
553 Command Shell in Externally Accessible Directory
Major Mapping_Notes
Minor None
554 ASP.NET Misconfiguration: Not Using Input Validation Framework
Major Mapping_Notes
Minor None
555 J2EE Misconfiguration: Plaintext Password in Configuration File
Major Mapping_Notes
Minor None
556 ASP.NET Misconfiguration: Use of Identity Impersonation
Major Mapping_Notes
Minor None
557 Concurrency Issues
Major Mapping_Notes
Minor None
558 Use of getlogin() in Multithreaded Application
Major Mapping_Notes
Minor None
559 DEPRECATED: Often Misused: Arguments and Parameters
Major Mapping_Notes
Minor None
560 Use of umask() with chmod-style Argument
Major Mapping_Notes
Minor None
561 Dead Code
Major Mapping_Notes
Minor None
562 Return of Stack Variable Address
Major Mapping_Notes
Minor None
563 Assignment to Variable without Use
Major Mapping_Notes
Minor None
564 SQL Injection: Hibernate
Major Mapping_Notes
Minor None
565 Reliance on Cookies without Validation and Integrity Checking
Major Mapping_Notes
Minor None
566 Authorization Bypass Through User-Controlled SQL Primary Key
Major Mapping_Notes
Minor None
567 Unsynchronized Access to Shared Data in a Multithreaded Context
Major Mapping_Notes
Minor None
568 finalize() Method Without super.finalize()
Major Mapping_Notes
Minor None
569 Expression Issues
Major Mapping_Notes
Minor None
570 Expression is Always False
Major Mapping_Notes
Minor None
571 Expression is Always True
Major Mapping_Notes
Minor None
572 Call to Thread run() instead of start()
Major Mapping_Notes
Minor None
573 Improper Following of Specification by Caller
Major Mapping_Notes
Minor None
574 EJB Bad Practices: Use of Synchronization Primitives
Major Mapping_Notes
Minor None
575 EJB Bad Practices: Use of AWT Swing
Major Mapping_Notes
Minor None
576 EJB Bad Practices: Use of Java I/O
Major Mapping_Notes
Minor None
577 EJB Bad Practices: Use of Sockets
Major Mapping_Notes
Minor None
578 EJB Bad Practices: Use of Class Loader
Major Mapping_Notes
Minor None
579 J2EE Bad Practices: Non-serializable Object Stored in Session
Major Mapping_Notes
Minor None
580 clone() Method Without super.clone()
Major Mapping_Notes
Minor None
581 Object Model Violation: Just One of Equals and Hashcode Defined
Major Mapping_Notes
Minor None
582 Array Declared Public, Final, and Static
Major Mapping_Notes
Minor None
583 finalize() Method Declared Public
Major Mapping_Notes
Minor None
584 Return Inside Finally Block
Major Mapping_Notes
Minor None
585 Empty Synchronized Block
Major Mapping_Notes
Minor None
586 Explicit Call to Finalize()
Major Mapping_Notes
Minor None
587 Assignment of a Fixed Address to a Pointer
Major Mapping_Notes
Minor None
588 Attempt to Access Child of a Non-structure Pointer
Major Mapping_Notes
Minor None
589 Call to Non-ubiquitous API
Major Mapping_Notes
Minor None
590 Free of Memory not on the Heap
Major Mapping_Notes
Minor None
591 Sensitive Data Storage in Improperly Locked Memory
Major Mapping_Notes
Minor None
592 DEPRECATED: Authentication Bypass Issues
Major Mapping_Notes
Minor None
593 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
Major Mapping_Notes
Minor None
594 J2EE Framework: Saving Unserializable Objects to Disk
Major Mapping_Notes
Minor None
595 Comparison of Object References Instead of Object Contents
Major Mapping_Notes
Minor None
596 DEPRECATED: Incorrect Semantic Object Comparison
Major Mapping_Notes
Minor None
597 Use of Wrong Operator in String Comparison
Major Mapping_Notes
Minor None
598 Use of GET Request Method With Sensitive Query Strings
Major Mapping_Notes
Minor None
599 Missing Validation of OpenSSL Certificate
Major Mapping_Notes
Minor None
600 Uncaught Exception in Servlet
Major Mapping_Notes
Minor None
601 URL Redirection to Untrusted Site ('Open Redirect')
Major Mapping_Notes
Minor None
602 Client-Side Enforcement of Server-Side Security
Major Mapping_Notes
Minor None
603 Use of Client-Side Authentication
Major Mapping_Notes, Relationships
Minor None
604 Deprecated Entries
Major Mapping_Notes
Minor None
605 Multiple Binds to the Same Port
Major Mapping_Notes
Minor None
606 Unchecked Input for Loop Condition
Major Mapping_Notes
Minor None
607 Public Static Final Field References Mutable Object
Major Mapping_Notes
Minor None
608 Struts: Non-private Field in ActionForm Class
Major Mapping_Notes
Minor None
609 Double-Checked Locking
Major Mapping_Notes
Minor None
610 Externally Controlled Reference to a Resource in Another Sphere
Major Mapping_Notes
Minor None
611 Improper Restriction of XML External Entity Reference
Major Mapping_Notes
Minor None
612 Improper Authorization of Index Containing Sensitive Information
Major Mapping_Notes
Minor None
613 Insufficient Session Expiration
Major Mapping_Notes
Minor None
614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Major Mapping_Notes
Minor None
615 Inclusion of Sensitive Information in Source Code Comments
Major Mapping_Notes
Minor None
616 Incomplete Identification of Uploaded File Variables (PHP)
Major Mapping_Notes
Minor None
617 Reachable Assertion
Major Mapping_Notes
Minor None
618 Exposed Unsafe ActiveX Method
Major Mapping_Notes
Minor None
619 Dangling Database Cursor ('Cursor Injection')
Major Mapping_Notes
Minor None
620 Unverified Password Change
Major Mapping_Notes
Minor None
621 Variable Extraction Error
Major Mapping_Notes
Minor None
622 Improper Validation of Function Hook Arguments
Major Mapping_Notes
Minor None
623 Unsafe ActiveX Control Marked Safe For Scripting
Major Mapping_Notes
Minor None
624 Executable Regular Expression Error
Major Mapping_Notes
Minor None
625 Permissive Regular Expression
Major Mapping_Notes
Minor None
626 Null Byte Interaction Error (Poison Null Byte)
Major Mapping_Notes
Minor None
627 Dynamic Variable Evaluation
Major Mapping_Notes
Minor None
628 Function Call with Incorrectly Specified Arguments
Major Mapping_Notes
Minor None
629 Weaknesses in OWASP Top Ten (2007)
Major Mapping_Notes
Minor None
630 DEPRECATED: Weaknesses Examined by SAMATE
Major Mapping_Notes
Minor None
631 DEPRECATED: Resource-specific Weaknesses
Major Mapping_Notes
Minor None
632 DEPRECATED: Weaknesses that Affect Files or Directories
Major Mapping_Notes
Minor None
633 DEPRECATED: Weaknesses that Affect Memory
Major Mapping_Notes
Minor None
634 DEPRECATED: Weaknesses that Affect System Processes
Major Mapping_Notes
Minor None
635 Weaknesses Originally Used by NVD from 2008 to 2016
Major Mapping_Notes
Minor None
636 Not Failing Securely ('Failing Open')
Major Mapping_Notes
Minor None
637 Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
Major Mapping_Notes
Minor None
638 Not Using Complete Mediation
Major Mapping_Notes
Minor None
639 Authorization Bypass Through User-Controlled Key
Major Mapping_Notes
Minor None
640 Weak Password Recovery Mechanism for Forgotten Password
Major Mapping_Notes
Minor None
641 Improper Restriction of Names for Files and Other Resources
Major Mapping_Notes
Minor None
642 External Control of Critical State Data
Major Mapping_Notes
Minor None
643 Improper Neutralization of Data within XPath Expressions ('XPath Injection')
Major Mapping_Notes
Minor None
644 Improper Neutralization of HTTP Headers for Scripting Syntax
Major Mapping_Notes
Minor None
645 Overly Restrictive Account Lockout Mechanism
Major Mapping_Notes
Minor None
646 Reliance on File Name or Extension of Externally-Supplied File
Major Description, Mapping_Notes
Minor None
647 Use of Non-Canonical URL Paths for Authorization Decisions
Major Mapping_Notes
Minor None
648 Incorrect Use of Privileged APIs
Major Mapping_Notes, Relationships
Minor None
649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
Major Mapping_Notes
Minor None
650 Trusting HTTP Permission Methods on the Server Side
Major Mapping_Notes
Minor None
651 Exposure of WSDL File Containing Sensitive Information
Major Mapping_Notes
Minor None
652 Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
Major Mapping_Notes
Minor None
653 Improper Isolation or Compartmentalization
Major Mapping_Notes
Minor None
654 Reliance on a Single Factor in a Security Decision
Major Mapping_Notes
Minor None
655 Insufficient Psychological Acceptability
Major Mapping_Notes
Minor None
656 Reliance on Security Through Obscurity
Major Mapping_Notes
Minor None
657 Violation of Secure Design Principles
Major Mapping_Notes
Minor None
658 Weaknesses in Software Written in C
Major Mapping_Notes
Minor None
659 Weaknesses in Software Written in C++
Major Mapping_Notes
Minor None
660 Weaknesses in Software Written in Java
Major Mapping_Notes
Minor None
661 Weaknesses in Software Written in PHP
Major Mapping_Notes
Minor None
662 Improper Synchronization
Major Mapping_Notes
Minor None
663 Use of a Non-reentrant Function in a Concurrent Context
Major Mapping_Notes
Minor None
664 Improper Control of a Resource Through its Lifetime
Major Mapping_Notes, Relationships
Minor None
665 Improper Initialization
Major Mapping_Notes
Minor None
666 Operation on Resource in Wrong Phase of Lifetime
Major Mapping_Notes
Minor None
667 Improper Locking
Major Mapping_Notes
Minor None
668 Exposure of Resource to Wrong Sphere
Major Mapping_Notes
Minor None
669 Incorrect Resource Transfer Between Spheres
Major Mapping_Notes
Minor None
670 Always-Incorrect Control Flow Implementation
Major Mapping_Notes
Minor None
671 Lack of Administrator Control over Security
Major Mapping_Notes
Minor None
672 Operation on a Resource after Expiration or Release
Major Mapping_Notes
Minor None
673 External Influence of Sphere Definition
Major Mapping_Notes
Minor None
674 Uncontrolled Recursion
Major Mapping_Notes
Minor None
675 Multiple Operations on Resource in Single-Operation Context
Major Mapping_Notes
Minor None
676 Use of Potentially Dangerous Function
Major Mapping_Notes
Minor None
677 Weakness Base Elements
Major Mapping_Notes
Minor None
678 Composites
Major Mapping_Notes
Minor None
679 DEPRECATED: Chain Elements
Major Mapping_Notes
Minor None
680 Integer Overflow to Buffer Overflow
Major Mapping_Notes, Relationships
Minor None
681 Incorrect Conversion between Numeric Types
Major Mapping_Notes
Minor None
682 Incorrect Calculation
Major Mapping_Notes, Research_Gaps
Minor None
683 Function Call With Incorrect Order of Arguments
Major Mapping_Notes
Minor None
684 Incorrect Provision of Specified Functionality
Major Mapping_Notes
Minor None
685 Function Call With Incorrect Number of Arguments
Major Mapping_Notes
Minor None
686 Function Call With Incorrect Argument Type
Major Mapping_Notes
Minor None
687 Function Call With Incorrectly Specified Argument Value
Major Mapping_Notes
Minor None
688 Function Call With Incorrect Variable or Reference as Argument
Major Mapping_Notes
Minor None
689 Permission Race Condition During Resource Copy
Major Mapping_Notes
Minor None
690 Unchecked Return Value to NULL Pointer Dereference
Major Mapping_Notes, Relationships
Minor None
691 Insufficient Control Flow Management
Major Mapping_Notes
Minor None
692 Incomplete Denylist to Cross-Site Scripting
Major Mapping_Notes, Relationships
Minor None
693 Protection Mechanism Failure
Major Mapping_Notes
Minor None
694 Use of Multiple Resources with Duplicate Identifier
Major Mapping_Notes
Minor None
695 Use of Low-Level Functionality
Major Mapping_Notes
Minor None
696 Incorrect Behavior Order
Major Mapping_Notes
Minor None
697 Incorrect Comparison
Major Mapping_Notes, Research_Gaps
Minor None
698 Execution After Redirect (EAR)
Major Mapping_Notes
Minor None
699 Software Development
Major Mapping_Notes
Minor None
700 Seven Pernicious Kingdoms
Major Mapping_Notes
Minor None
701 Weaknesses Introduced During Design
Major Mapping_Notes
Minor None
702 Weaknesses Introduced During Implementation
Major Mapping_Notes
Minor None
703 Improper Check or Handling of Exceptional Conditions
Major Mapping_Notes, Relationships
Minor None
704 Incorrect Type Conversion or Cast
Major Mapping_Notes
Minor None
705 Incorrect Control Flow Scoping
Major Mapping_Notes
Minor None
706 Use of Incorrectly-Resolved Name or Reference
Major Mapping_Notes
Minor None
707 Improper Neutralization
Major Mapping_Notes
Minor None
708 Incorrect Ownership Assignment
Major Mapping_Notes
Minor None
709 Named Chains
Major Mapping_Notes
Minor None
710 Improper Adherence to Coding Standards
Major Mapping_Notes
Minor None
711 Weaknesses in OWASP Top Ten (2004)
Major Mapping_Notes
Minor None
712 OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS)
Major Mapping_Notes
Minor None
713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Major Mapping_Notes
Minor None
714 OWASP Top Ten 2007 Category A3 - Malicious File Execution
Major Mapping_Notes
Minor None
715 OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference
Major Mapping_Notes
Minor None
716 OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF)
Major Mapping_Notes
Minor None
717 OWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error Handling
Major Mapping_Notes
Minor None
718 OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management
Major Mapping_Notes
Minor None
719 OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
Major Mapping_Notes
Minor None
720 OWASP Top Ten 2007 Category A9 - Insecure Communications
Major Mapping_Notes
Minor None
721 OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
Major Mapping_Notes
Minor None
722 OWASP Top Ten 2004 Category A1 - Unvalidated Input
Major Mapping_Notes
Minor None
723 OWASP Top Ten 2004 Category A2 - Broken Access Control
Major Mapping_Notes
Minor None
724 OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
Major Mapping_Notes
Minor None
725 OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws
Major Mapping_Notes
Minor None
726 OWASP Top Ten 2004 Category A5 - Buffer Overflows
Major Mapping_Notes
Minor None
727 OWASP Top Ten 2004 Category A6 - Injection Flaws
Major Mapping_Notes
Minor None
728 OWASP Top Ten 2004 Category A7 - Improper Error Handling
Major Mapping_Notes
Minor None
729 OWASP Top Ten 2004 Category A8 - Insecure Storage
Major Mapping_Notes
Minor None
730 OWASP Top Ten 2004 Category A9 - Denial of Service
Major Mapping_Notes
Minor None
731 OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
Major Mapping_Notes
Minor None
732 Incorrect Permission Assignment for Critical Resource
Major Mapping_Notes, Relationships
Minor None
733 Compiler Optimization Removal or Modification of Security-critical Code
Major Mapping_Notes
Minor None
734 Weaknesses Addressed by the CERT C Secure Coding Standard (2008)
Major Mapping_Notes
Minor None
735 CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE)
Major Mapping_Notes
Minor None
736 CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL)
Major Mapping_Notes
Minor None
737 CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP)
Major Mapping_Notes
Minor None
738 CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT)
Major Mapping_Notes
Minor None
739 CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP)
Major Mapping_Notes
Minor None
740 CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR)
Major Mapping_Notes
Minor None
741 CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR)
Major Mapping_Notes
Minor None
742 CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM)
Major Mapping_Notes
Minor None
743 CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO)
Major Mapping_Notes
Minor None
744 CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV)
Major Mapping_Notes
Minor None
745 CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG)
Major Mapping_Notes
Minor None
746 CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR)
Major Mapping_Notes
Minor None
747 CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC)
Major Mapping_Notes
Minor None
748 CERT C Secure Coding Standard (2008) Appendix - POSIX (POS)
Major Mapping_Notes
Minor None
749 Exposed Dangerous Method or Function
Major Mapping_Notes
Minor None
750 Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors
Major Mapping_Notes
Minor None
751 2009 Top 25 - Insecure Interaction Between Components
Major Mapping_Notes
Minor None
752 2009 Top 25 - Risky Resource Management
Major Mapping_Notes
Minor None
753 2009 Top 25 - Porous Defenses
Major Mapping_Notes
Minor None
754 Improper Check for Unusual or Exceptional Conditions
Major Mapping_Notes
Minor None
755 Improper Handling of Exceptional Conditions
Major Mapping_Notes, Relationships
Minor None
756 Missing Custom Error Page
Major Mapping_Notes
Minor None
757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Major Mapping_Notes
Minor None
758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Major Mapping_Notes
Minor None
759 Use of a One-Way Hash without a Salt
Major Mapping_Notes
Minor None
760 Use of a One-Way Hash with a Predictable Salt
Major Mapping_Notes
Minor None
761 Free of Pointer not at Start of Buffer
Major Mapping_Notes
Minor None
762 Mismatched Memory Management Routines
Major Mapping_Notes
Minor None
763 Release of Invalid Pointer or Reference
Major Mapping_Notes
Minor None
764 Multiple Locks of a Critical Resource
Major Mapping_Notes
Minor None
765 Multiple Unlocks of a Critical Resource
Major Mapping_Notes
Minor None
766 Critical Data Element Declared Public
Major Mapping_Notes, Relationships
Minor None
767 Access to Critical Private Variable via Public Method
Major Mapping_Notes
Minor None
768 Incorrect Short Circuit Evaluation
Major Mapping_Notes
Minor None
769 DEPRECATED: Uncontrolled File Descriptor Consumption
Major Mapping_Notes
Minor None
770 Allocation of Resources Without Limits or Throttling
Major Mapping_Notes
Minor None
771 Missing Reference to Active Allocated Resource
Major Mapping_Notes
Minor None
772 Missing Release of Resource after Effective Lifetime
Major Mapping_Notes
Minor None
773 Missing Reference to Active File Descriptor or Handle
Major Mapping_Notes
Minor None
774 Allocation of File Descriptors or Handles Without Limits or Throttling
Major Mapping_Notes
Minor None
775 Missing Release of File Descriptor or Handle after Effective Lifetime
Major Mapping_Notes
Minor None
776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Major Mapping_Notes
Minor None
777 Regular Expression without Anchors
Major Mapping_Notes
Minor None
778 Insufficient Logging
Major Mapping_Notes
Minor None
779 Logging of Excessive Data
Major Mapping_Notes
Minor None
780 Use of RSA Algorithm without OAEP
Major Mapping_Notes
Minor None
781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
Major Mapping_Notes
Minor None
782 Exposed IOCTL with Insufficient Access Control
Major Mapping_Notes
Minor None
783 Operator Precedence Logic Error
Major Mapping_Notes
Minor None
784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Major Mapping_Notes
Minor None
785 Use of Path Manipulation Function without Maximum-sized Buffer
Major Mapping_Notes
Minor None
786 Access of Memory Location Before Start of Buffer
Major Mapping_Notes
Minor None
787 Out-of-bounds Write
Major Mapping_Notes, Relationships, Taxonomy_Mappings
Minor None
788 Access of Memory Location After End of Buffer
Major Mapping_Notes
Minor None
789 Memory Allocation with Excessive Size Value
Major Mapping_Notes, Relationships
Minor None
790 Improper Filtering of Special Elements
Major Mapping_Notes
Minor None
791 Incomplete Filtering of Special Elements
Major Mapping_Notes
Minor None
792 Incomplete Filtering of One or More Instances of Special Elements
Major Mapping_Notes
Minor None
793 Only Filtering One Instance of a Special Element
Major Mapping_Notes
Minor None
794 Incomplete Filtering of Multiple Instances of Special Elements
Major Mapping_Notes
Minor None
795 Only Filtering Special Elements at a Specified Location
Major Mapping_Notes
Minor None
796 Only Filtering Special Elements Relative to a Marker
Major Mapping_Notes
Minor None
797 Only Filtering Special Elements at an Absolute Position
Major Mapping_Notes
Minor None
798 Use of Hard-coded Credentials
Major Mapping_Notes, Relationships
Minor None
799 Improper Control of Interaction Frequency
Major Mapping_Notes
Minor None
800 Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
Major Mapping_Notes
Minor None
801 2010 Top 25 - Insecure Interaction Between Components
Major Mapping_Notes
Minor None
802 2010 Top 25 - Risky Resource Management
Major Mapping_Notes
Minor None
803 2010 Top 25 - Porous Defenses
Major Mapping_Notes
Minor None
804 Guessable CAPTCHA
Major Mapping_Notes
Minor None
805 Buffer Access with Incorrect Length Value
Major Mapping_Notes
Minor None
806 Buffer Access Using Size of Source Buffer
Major Mapping_Notes
Minor None
807 Reliance on Untrusted Inputs in a Security Decision
Major Mapping_Notes, Relationships
Minor None
808 2010 Top 25 - Weaknesses On the Cusp
Major Mapping_Notes
Minor None
809 Weaknesses in OWASP Top Ten (2010)
Major Mapping_Notes
Minor None
810 OWASP Top Ten 2010 Category A1 - Injection
Major Mapping_Notes
Minor None
811 OWASP Top Ten 2010 Category A2 - Cross-Site Scripting (XSS)
Major Mapping_Notes
Minor None
812 OWASP Top Ten 2010 Category A3 - Broken Authentication and Session Management
Major Mapping_Notes
Minor None
813 OWASP Top Ten 2010 Category A4 - Insecure Direct Object References
Major Mapping_Notes
Minor None
814 OWASP Top Ten 2010 Category A5 - Cross-Site Request Forgery(CSRF)
Major Mapping_Notes
Minor None
815 OWASP Top Ten 2010 Category A6 - Security Misconfiguration
Major Mapping_Notes
Minor None
816 OWASP Top Ten 2010 Category A7 - Insecure Cryptographic Storage
Major Mapping_Notes
Minor None
817 OWASP Top Ten 2010 Category A8 - Failure to Restrict URL Access
Major Mapping_Notes
Minor None
818 OWASP Top Ten 2010 Category A9 - Insufficient Transport Layer Protection
Major Mapping_Notes
Minor None
819 OWASP Top Ten 2010 Category A10 - Unvalidated Redirects and Forwards
Major Mapping_Notes
Minor None
820 Missing Synchronization
Major Mapping_Notes
Minor None
821 Incorrect Synchronization
Major Mapping_Notes
Minor None
822 Untrusted Pointer Dereference
Major Mapping_Notes
Minor None
823 Use of Out-of-range Pointer Offset
Major Mapping_Notes
Minor None
824 Access of Uninitialized Pointer
Major Mapping_Notes
Minor None
825 Expired Pointer Dereference
Major Mapping_Notes
Minor None
826 Premature Release of Resource During Expected Lifetime
Major Mapping_Notes
Minor None
827 Improper Control of Document Type Definition
Major Mapping_Notes
Minor None
828 Signal Handler with Functionality that is not Asynchronous-Safe
Major Mapping_Notes
Minor None
829 Inclusion of Functionality from Untrusted Control Sphere
Major Mapping_Notes
Minor None
830 Inclusion of Web Functionality from an Untrusted Source
Major Mapping_Notes
Minor None
831 Signal Handler Function Associated with Multiple Signals
Major Mapping_Notes
Minor None
832 Unlock of a Resource that is not Locked
Major Mapping_Notes
Minor None
833 Deadlock
Major Mapping_Notes
Minor None
834 Excessive Iteration
Major Mapping_Notes
Minor None
835 Loop with Unreachable Exit Condition ('Infinite Loop')
Major Mapping_Notes
Minor None
836 Use of Password Hash Instead of Password for Authentication
Major Mapping_Notes
Minor None
837 Improper Enforcement of a Single, Unique Action
Major Mapping_Notes
Minor None
838 Inappropriate Encoding for Output Context
Major Mapping_Notes
Minor None
839 Numeric Range Comparison Without Minimum Check
Major Mapping_Notes
Minor None
840 Business Logic Errors
Major Mapping_Notes
Minor None
841 Improper Enforcement of Behavioral Workflow
Major Mapping_Notes
Minor None
842 Placement of User into Incorrect Group
Major Mapping_Notes
Minor None
843 Access of Resource Using Incompatible Type ('Type Confusion')
Major Mapping_Notes
Minor None
844 Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)
Major Mapping_Notes
Minor None
845 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 2 - Input Validation and Data Sanitization (IDS)
Major Mapping_Notes
Minor None
846 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 3 - Declarations and Initialization (DCL)
Major Mapping_Notes
Minor None
847 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP)
Major Mapping_Notes
Minor None
848 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 5 - Numeric Types and Operations (NUM)
Major Mapping_Notes
Minor None
849 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 6 - Object Orientation (OBJ)
Major Mapping_Notes
Minor None
850 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET)
Major Mapping_Notes
Minor None
851 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR)
Major Mapping_Notes
Minor None
852 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA)
Major Mapping_Notes
Minor None
853 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK)
Major Mapping_Notes
Minor None
854 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 11 - Thread APIs (THI)
Major Mapping_Notes
Minor None
855 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS)
Major Mapping_Notes
Minor None
856 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 13 - Thread-Safety Miscellaneous (TSM)
Major Mapping_Notes
Minor None
857 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO)
Major Mapping_Notes
Minor None
858 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER)
Major Mapping_Notes
Minor None
859 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC)
Major Mapping_Notes
Minor None
860 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV)
Major Mapping_Notes
Minor None
861 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC)
Major Mapping_Notes
Minor None
862 Missing Authorization
Major Mapping_Notes, Relationships, Taxonomy_Mappings
Minor None
863 Incorrect Authorization
Major Mapping_Notes, Relationships
Minor None
864 2011 Top 25 - Insecure Interaction Between Components
Major Mapping_Notes
Minor None
865 2011 Top 25 - Risky Resource Management
Major Mapping_Notes
Minor None
866 2011 Top 25 - Porous Defenses
Major Mapping_Notes
Minor None
867 2011 Top 25 - Weaknesses On the Cusp
Major Mapping_Notes
Minor None
868 Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)
Major Mapping_Notes
Minor None
869 CERT C++ Secure Coding Section 01 - Preprocessor (PRE)
Major Mapping_Notes
Minor None
870 CERT C++ Secure Coding Section 02 - Declarations and Initialization (DCL)
Major Mapping_Notes
Minor None
871 CERT C++ Secure Coding Section 03 - Expressions (EXP)
Major Mapping_Notes
Minor None
872 CERT C++ Secure Coding Section 04 - Integers (INT)
Major Mapping_Notes
Minor None
873 CERT C++ Secure Coding Section 05 - Floating Point Arithmetic (FLP)
Major Mapping_Notes
Minor None
874 CERT C++ Secure Coding Section 06 - Arrays and the STL (ARR)
Major Mapping_Notes
Minor None
875 CERT C++ Secure Coding Section 07 - Characters and Strings (STR)
Major Mapping_Notes
Minor None
876 CERT C++ Secure Coding Section 08 - Memory Management (MEM)
Major Mapping_Notes
Minor None
877 CERT C++ Secure Coding Section 09 - Input Output (FIO)
Major Mapping_Notes
Minor None
878 CERT C++ Secure Coding Section 10 - Environment (ENV)
Major Mapping_Notes
Minor None
879 CERT C++ Secure Coding Section 11 - Signals (SIG)
Major Mapping_Notes
Minor None
880 CERT C++ Secure Coding Section 12 - Exceptions and Error Handling (ERR)
Major Mapping_Notes
Minor None
881 CERT C++ Secure Coding Section 13 - Object Oriented Programming (OOP)
Major Mapping_Notes
Minor None
882 CERT C++ Secure Coding Section 14 - Concurrency (CON)
Major Mapping_Notes
Minor None
883 CERT C++ Secure Coding Section 49 - Miscellaneous (MSC)
Major Mapping_Notes
Minor None
884 CWE Cross-section
Major Mapping_Notes
Minor None
885 SFP Primary Cluster: Risky Values
Major Mapping_Notes
Minor None
886 SFP Primary Cluster: Unused entities
Major Mapping_Notes
Minor None
887 SFP Primary Cluster: API
Major Mapping_Notes
Minor None
888 Software Fault Pattern (SFP) Clusters
Major Mapping_Notes
Minor None
889 SFP Primary Cluster: Exception Management
Major Mapping_Notes
Minor None
890 SFP Primary Cluster: Memory Access
Major Mapping_Notes
Minor None
891 SFP Primary Cluster: Memory Management
Major Mapping_Notes
Minor None
892 SFP Primary Cluster: Resource Management
Major Mapping_Notes
Minor None
893 SFP Primary Cluster: Path Resolution
Major Mapping_Notes
Minor None
894 SFP Primary Cluster: Synchronization
Major Mapping_Notes
Minor None
895 SFP Primary Cluster: Information Leak
Major Mapping_Notes
Minor None
896 SFP Primary Cluster: Tainted Input
Major Mapping_Notes
Minor None
897 SFP Primary Cluster: Entry Points
Major Mapping_Notes
Minor None
898 SFP Primary Cluster: Authentication
Major Mapping_Notes
Minor None
899 SFP Primary Cluster: Access Control
Major Mapping_Notes
Minor None
900 Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors
Major Mapping_Notes
Minor None
901 SFP Primary Cluster: Privilege
Major Mapping_Notes
Minor None
902 SFP Primary Cluster: Channel
Major Mapping_Notes
Minor None
903 SFP Primary Cluster: Cryptography
Major Mapping_Notes
Minor None
904 SFP Primary Cluster: Malware
Major Mapping_Notes
Minor None
905 SFP Primary Cluster: Predictability
Major Mapping_Notes
Minor None
906 SFP Primary Cluster: UI
Major Mapping_Notes
Minor None
907 SFP Primary Cluster: Other
Major Mapping_Notes
Minor None
908 Use of Uninitialized Resource
Major Mapping_Notes
Minor None
909 Missing Initialization of Resource
Major Mapping_Notes
Minor None
910 Use of Expired File Descriptor
Major Mapping_Notes
Minor None
911 Improper Update of Reference Count
Major Mapping_Notes
Minor None
912 Hidden Functionality
Major Mapping_Notes
Minor None
913 Improper Control of Dynamically-Managed Code Resources
Major Mapping_Notes
Minor None
914 Improper Control of Dynamically-Identified Variables
Major Mapping_Notes
Minor None
915 Improperly Controlled Modification of Dynamically-Determined Object Attributes
Major Mapping_Notes
Minor None
916 Use of Password Hash With Insufficient Computational Effort
Major Mapping_Notes, Relationships
Minor None
917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Major Mapping_Notes
Minor None
918 Server-Side Request Forgery (SSRF)
Major Mapping_Notes, Relationships
Minor None
919 Weaknesses in Mobile Applications
Major Mapping_Notes
Minor None
920 Improper Restriction of Power Consumption
Major Mapping_Notes
Minor None
921 Storage of Sensitive Data in a Mechanism without Access Control
Major Mapping_Notes
Minor None
922 Insecure Storage of Sensitive Information
Major Mapping_Notes
Minor None
923 Improper Restriction of Communication Channel to Intended Endpoints
Major Mapping_Notes
Minor None
924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Major Mapping_Notes
Minor None
925 Improper Verification of Intent by Broadcast Receiver
Major Mapping_Notes
Minor None
926 Improper Export of Android Application Components
Major Mapping_Notes
Minor None
927 Use of Implicit Intent for Sensitive Communication
Major Mapping_Notes
Minor None
928 Weaknesses in OWASP Top Ten (2013)
Major Mapping_Notes
Minor None
929 OWASP Top Ten 2013 Category A1 - Injection
Major Mapping_Notes
Minor None
930 OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management
Major Mapping_Notes
Minor None
931 OWASP Top Ten 2013 Category A3 - Cross-Site Scripting (XSS)
Major Mapping_Notes
Minor None
932 OWASP Top Ten 2013 Category A4 - Insecure Direct Object References
Major Mapping_Notes
Minor None
933 OWASP Top Ten 2013 Category A5 - Security Misconfiguration
Major Mapping_Notes
Minor None
934 OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure
Major Mapping_Notes
Minor None
935 OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control
Major Mapping_Notes
Minor None
936 OWASP Top Ten 2013 Category A8 - Cross-Site Request Forgery (CSRF)
Major Mapping_Notes
Minor None
937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
Major Mapping_Notes
Minor None
938 OWASP Top Ten 2013 Category A10 - Unvalidated Redirects and Forwards
Major Mapping_Notes
Minor None
939 Improper Authorization in Handler for Custom URL Scheme
Major Mapping_Notes
Minor None
940 Improper Verification of Source of a Communication Channel
Major Mapping_Notes, Relationships
Minor None
941 Incorrectly Specified Destination in a Communication Channel
Major Mapping_Notes
Minor None
942 Permissive Cross-domain Policy with Untrusted Domains
Major Mapping_Notes, Relationships
Minor None
943 Improper Neutralization of Special Elements in Data Query Logic
Major Mapping_Notes
Minor None
944 SFP Secondary Cluster: Access Management
Major Mapping_Notes
Minor None
945 SFP Secondary Cluster: Insecure Resource Access
Major Mapping_Notes
Minor None
946 SFP Secondary Cluster: Insecure Resource Permissions
Major Mapping_Notes
Minor None
947 SFP Secondary Cluster: Authentication Bypass
Major Mapping_Notes
Minor None
948 SFP Secondary Cluster: Digital Certificate
Major Mapping_Notes
Minor None
949 SFP Secondary Cluster: Faulty Endpoint Authentication
Major Mapping_Notes
Minor None
950 SFP Secondary Cluster: Hardcoded Sensitive Data
Major Mapping_Notes
Minor None
951 SFP Secondary Cluster: Insecure Authentication Policy
Major Mapping_Notes
Minor None
952 SFP Secondary Cluster: Missing Authentication
Major Mapping_Notes
Minor None
953 SFP Secondary Cluster: Missing Endpoint Authentication
Major Mapping_Notes
Minor None
954 SFP Secondary Cluster: Multiple Binds to the Same Port
Major Mapping_Notes
Minor None
955 SFP Secondary Cluster: Unrestricted Authentication
Major Mapping_Notes
Minor None
956 SFP Secondary Cluster: Channel Attack
Major Mapping_Notes
Minor None
957 SFP Secondary Cluster: Protocol Error
Major Mapping_Notes
Minor None
958 SFP Secondary Cluster: Broken Cryptography
Major Mapping_Notes
Minor None
959 SFP Secondary Cluster: Weak Cryptography
Major Mapping_Notes
Minor None
960 SFP Secondary Cluster: Ambiguous Exception Type
Major Mapping_Notes
Minor None
961 SFP Secondary Cluster: Incorrect Exception Behavior
Major Mapping_Notes
Minor None
962 SFP Secondary Cluster: Unchecked Status Condition
Major Mapping_Notes
Minor None
963 SFP Secondary Cluster: Exposed Data
Major Mapping_Notes
Minor None
964 SFP Secondary Cluster: Exposure Temporary File
Major Mapping_Notes
Minor None
965 SFP Secondary Cluster: Insecure Session Management
Major Mapping_Notes
Minor None
966 SFP Secondary Cluster: Other Exposures
Major Mapping_Notes
Minor None
967 SFP Secondary Cluster: State Disclosure
Major Mapping_Notes
Minor None
968 SFP Secondary Cluster: Covert Channel
Major Mapping_Notes
Minor None
969 SFP Secondary Cluster: Faulty Memory Release
Major Mapping_Notes
Minor None
970 SFP Secondary Cluster: Faulty Buffer Access
Major Mapping_Notes
Minor None
971 SFP Secondary Cluster: Faulty Pointer Use
Major Mapping_Notes
Minor None
972 SFP Secondary Cluster: Faulty String Expansion
Major Mapping_Notes
Minor None
973 SFP Secondary Cluster: Improper NULL Termination
Major Mapping_Notes
Minor None
974 SFP Secondary Cluster: Incorrect Buffer Length Computation
Major Mapping_Notes
Minor None
975 SFP Secondary Cluster: Architecture
Major Mapping_Notes
Minor None
976 SFP Secondary Cluster: Compiler
Major Mapping_Notes
Minor None
977 SFP Secondary Cluster: Design
Major Mapping_Notes
Minor None
978 SFP Secondary Cluster: Implementation
Major Mapping_Notes
Minor None
979 SFP Secondary Cluster: Failed Chroot Jail
Major Mapping_Notes
Minor None
980 SFP Secondary Cluster: Link in Resource Name Resolution
Major Mapping_Notes
Minor None
981 SFP Secondary Cluster: Path Traversal
Major Mapping_Notes
Minor None
982 SFP Secondary Cluster: Failure to Release Resource
Major Mapping_Notes
Minor None
983 SFP Secondary Cluster: Faulty Resource Use
Major Mapping_Notes
Minor None
984 SFP Secondary Cluster: Life Cycle
Major Mapping_Notes
Minor None
985 SFP Secondary Cluster: Unrestricted Consumption
Major Mapping_Notes
Minor None
986 SFP Secondary Cluster: Missing Lock
Major Mapping_Notes
Minor None
987 SFP Secondary Cluster: Multiple Locks/Unlocks
Major Mapping_Notes
Minor None
988 SFP Secondary Cluster: Race Condition Window
Major Mapping_Notes
Minor None
989 SFP Secondary Cluster: Unrestricted Lock
Major Mapping_Notes
Minor None
990 SFP Secondary Cluster: Tainted Input to Command
Major Mapping_Notes
Minor None
991 SFP Secondary Cluster: Tainted Input to Environment
Major Mapping_Notes
Minor None
992 SFP Secondary Cluster: Faulty Input Transformation
Major Mapping_Notes
Minor None
993 SFP Secondary Cluster: Incorrect Input Handling
Major Mapping_Notes
Minor None
994 SFP Secondary Cluster: Tainted Input to Variable
Major Mapping_Notes
Minor None
995 SFP Secondary Cluster: Feature
Major Mapping_Notes
Minor None
996 SFP Secondary Cluster: Security
Major Mapping_Notes
Minor None
997 SFP Secondary Cluster: Information Loss
Major Mapping_Notes
Minor None
998 SFP Secondary Cluster: Glitch in Computation
Major Mapping_Notes
Minor None
999 DEPRECATED: Weaknesses without Software Fault Patterns
Major Mapping_Notes
Minor None
1000 Research Concepts
Major Mapping_Notes
Minor None
1001 SFP Secondary Cluster: Use of an Improper API
Major Mapping_Notes
Minor None
1002 SFP Secondary Cluster: Unexpected Entry Points
Major Mapping_Notes
Minor None
1003 Weaknesses for Simplified Mapping of Published Vulnerabilities
Major Mapping_Notes
Minor None
1004 Sensitive Cookie Without 'HttpOnly' Flag
Major Mapping_Notes
Minor None
1005 7PK - Input Validation and Representation
Major Mapping_Notes
Minor None
1006 Bad Coding Practices
Major Mapping_Notes
Minor None
1007 Insufficient Visual Distinction of Homoglyphs Presented to User
Major Mapping_Notes
Minor None
1008 Architectural Concepts
Major Mapping_Notes
Minor None
1009 Audit
Major Mapping_Notes
Minor None
1010 Authenticate Actors
Major Mapping_Notes
Minor None
1011 Authorize Actors
Major Mapping_Notes
Minor None
1012 Cross Cutting
Major Mapping_Notes
Minor None
1013 Encrypt Data
Major Mapping_Notes
Minor None
1014 Identify Actors
Major Mapping_Notes
Minor None
1015 Limit Access
Major Mapping_Notes
Minor None
1016 Limit Exposure
Major Mapping_Notes
Minor None
1017 Lock Computer
Major Mapping_Notes
Minor None
1018 Manage User Sessions
Major Mapping_Notes
Minor None
1019 Validate Inputs
Major Mapping_Notes
Minor None
1020 Verify Message Integrity
Major Mapping_Notes
Minor None
1021 Improper Restriction of Rendered UI Layers or Frames
Major Mapping_Notes
Minor None
1022 Use of Web Link to Untrusted Target with window.opener Access
Major Mapping_Notes
Minor None
1023 Incomplete Comparison with Missing Factors
Major Mapping_Notes
Minor None
1024 Comparison of Incompatible Types
Major Mapping_Notes
Minor None
1025 Comparison Using Wrong Factors
Major Mapping_Notes
Minor None
1026 Weaknesses in OWASP Top Ten (2017)
Major Mapping_Notes
Minor None
1027 OWASP Top Ten 2017 Category A1 - Injection
Major Mapping_Notes
Minor None
1028 OWASP Top Ten 2017 Category A2 - Broken Authentication
Major Mapping_Notes
Minor None
1029 OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure
Major Mapping_Notes
Minor None
1030 OWASP Top Ten 2017 Category A4 - XML External Entities (XXE)
Major Mapping_Notes
Minor None
1031 OWASP Top Ten 2017 Category A5 - Broken Access Control
Major Mapping_Notes
Minor None
1032 OWASP Top Ten 2017 Category A6 - Security Misconfiguration
Major Mapping_Notes
Minor None
1033 OWASP Top Ten 2017 Category A7 - Cross-Site Scripting (XSS)
Major Mapping_Notes
Minor None
1034 OWASP Top Ten 2017 Category A8 - Insecure Deserialization
Major Mapping_Notes
Minor None
1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Major Mapping_Notes
Minor None
1036 OWASP Top Ten 2017 Category A10 - Insufficient Logging & Monitoring
Major Mapping_Notes
Minor None
1037 Processor Optimization Removal or Modification of Security-critical Code
Major Mapping_Notes
Minor None
1038 Insecure Automated Optimizations
Major Mapping_Notes
Minor None
1039 Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations
Major Mapping_Notes
Minor None
1040 Quality Weaknesses with Indirect Security Impacts
Major Mapping_Notes
Minor None
1041 Use of Redundant Code
Major Mapping_Notes
Minor None
1042 Static Member Data Element outside of a Singleton Class Element
Major Mapping_Notes
Minor None
1043 Data Element Aggregating an Excessively Large Number of Non-Primitive Elements
Major Mapping_Notes
Minor None
1044 Architecture with Number of Horizontal Layers Outside of Expected Range
Major Mapping_Notes
Minor None
1045 Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor
Major Mapping_Notes
Minor None
1046 Creation of Immutable Text Using String Concatenation
Major Mapping_Notes
Minor None
1047 Modules with Circular Dependencies
Major Mapping_Notes
Minor None
1048 Invokable Control Element with Large Number of Outward Calls
Major Mapping_Notes
Minor None
1049 Excessive Data Query Operations in a Large Data Table
Major Mapping_Notes
Minor None
1050 Excessive Platform Resource Consumption within a Loop
Major Mapping_Notes
Minor None
1051 Initialization with Hard-Coded Network Resource Configuration Data
Major Mapping_Notes
Minor None
1052 Excessive Use of Hard-Coded Literals in Initialization
Major Mapping_Notes
Minor None
1053 Missing Documentation for Design
Major Mapping_Notes
Minor None
1054 Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer
Major Mapping_Notes
Minor None
1055 Multiple Inheritance from Concrete Classes
Major Mapping_Notes
Minor None
1056 Invokable Control Element with Variadic Parameters
Major Mapping_Notes
Minor None
1057 Data Access Operations Outside of Expected Data Manager Component
Major Mapping_Notes
Minor None
1058 Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element
Major Mapping_Notes
Minor None
1059 Insufficient Technical Documentation
Major Mapping_Notes, Taxonomy_Mappings
Minor None
1060 Excessive Number of Inefficient Server-Side Data Accesses
Major Mapping_Notes
Minor None
1061 Insufficient Encapsulation
Major Mapping_Notes
Minor None
1062 Parent Class with References to Child Class
Major Mapping_Notes
Minor None
1063 Creation of Class Instance within a Static Code Block
Major Mapping_Notes
Minor None
1064 Invokable Control Element with Signature Containing an Excessive Number of Parameters
Major Mapping_Notes
Minor None
1065 Runtime Resource Management Control Element in a Component Built to Run on Application Servers
Major Mapping_Notes
Minor None
1066 Missing Serialization Control Element
Major Mapping_Notes
Minor None
1067 Excessive Execution of Sequential Searches of Data Resource
Major Mapping_Notes
Minor None
1068 Inconsistency Between Implementation and Documented Design
Major Mapping_Notes
Minor None
1069 Empty Exception Block
Major Mapping_Notes
Minor None
1070 Serializable Data Element Containing non-Serializable Item Elements
Major Mapping_Notes
Minor None
1071 Empty Code Block
Major Mapping_Notes
Minor None
1072 Data Resource Access without Use of Connection Pooling
Major Mapping_Notes
Minor None
1073 Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
Major Mapping_Notes
Minor None
1074 Class with Excessively Deep Inheritance
Major Mapping_Notes
Minor None
1075 Unconditional Control Flow Transfer outside of Switch Block
Major Mapping_Notes
Minor None
1076 Insufficient Adherence to Expected Conventions
Major Mapping_Notes
Minor None
1077 Floating Point Comparison with Incorrect Operator
Major Mapping_Notes
Minor None
1078 Inappropriate Source Code Style or Formatting
Major Mapping_Notes
Minor None
1079 Parent Class without Virtual Destructor Method
Major Mapping_Notes
Minor None
1080 Source Code File with Excessive Number of Lines of Code
Major Mapping_Notes
Minor None
1081 Entries with Maintenance Notes
Major Mapping_Notes
Minor None
1082 Class Instance Self Destruction Control Element
Major Mapping_Notes
Minor None
1083 Data Access from Outside Expected Data Manager Component
Major Mapping_Notes
Minor None
1084 Invokable Control Element with Excessive File or Data Access Operations
Major Mapping_Notes
Minor None
1085 Invokable Control Element with Excessive Volume of Commented-out Code
Major Mapping_Notes
Minor None
1086 Class with Excessive Number of Child Classes
Major Mapping_Notes
Minor None
1087 Class with Virtual Method without a Virtual Destructor
Major Mapping_Notes
Minor None
1088 Synchronous Access of Remote Resource without Timeout
Major Mapping_Notes
Minor None
1089 Large Data Table with Excessive Number of Indices
Major Mapping_Notes
Minor None
1090 Method Containing Access of a Member Element from Another Class
Major Mapping_Notes
Minor None
1091 Use of Object without Invoking Destructor Method
Major Mapping_Notes
Minor None
1092 Use of Same Invokable Control Element in Multiple Architectural Layers
Major Mapping_Notes
Minor None
1093 Excessively Complex Data Representation
Major Mapping_Notes
Minor None
1094 Excessive Index Range Scan for a Data Resource
Major Mapping_Notes
Minor None
1095 Loop Condition Value Update within the Loop
Major Mapping_Notes
Minor None
1096 Singleton Class Instance Creation without Proper Locking or Synchronization
Major Mapping_Notes
Minor None
1097 Persistent Storable Data Element without Associated Comparison Control Element
Major Mapping_Notes
Minor None
1098 Data Element containing Pointer Item without Proper Copy Control Element
Major Mapping_Notes
Minor None
1099 Inconsistent Naming Conventions for Identifiers
Major Mapping_Notes
Minor None
1100 Insufficient Isolation of System-Dependent Functions
Major Mapping_Notes
Minor None
1101 Reliance on Runtime Component in Generated Code
Major Mapping_Notes
Minor None
1102 Reliance on Machine-Dependent Data Representation
Major Mapping_Notes
Minor None
1103 Use of Platform-Dependent Third Party Components
Major Mapping_Notes
Minor None
1104 Use of Unmaintained Third Party Components
Major Mapping_Notes
Minor None
1105 Insufficient Encapsulation of Machine-Dependent Functionality
Major Mapping_Notes
Minor None
1106 Insufficient Use of Symbolic Constants
Major Mapping_Notes
Minor None
1107 Insufficient Isolation of Symbolic Constant Definitions
Major Mapping_Notes
Minor None
1108 Excessive Reliance on Global Variables
Major Mapping_Notes
Minor None
1109 Use of Same Variable for Multiple Purposes
Major Mapping_Notes
Minor None
1110 Incomplete Design Documentation
Major Mapping_Notes
Minor None
1111 Incomplete I/O Documentation
Major Mapping_Notes
Minor None
1112 Incomplete Documentation of Program Execution
Major Mapping_Notes
Minor None
1113 Inappropriate Comment Style
Major Mapping_Notes
Minor None
1114 Inappropriate Whitespace Style
Major Mapping_Notes
Minor None
1115 Source Code Element without Standard Prologue
Major Mapping_Notes
Minor None
1116 Inaccurate Comments
Major Mapping_Notes
Minor None
1117 Callable with Insufficient Behavioral Summary
Major Mapping_Notes
Minor None
1118 Insufficient Documentation of Error Handling Techniques
Major Mapping_Notes
Minor None
1119 Excessive Use of Unconditional Branching
Major Mapping_Notes
Minor None
1120 Excessive Code Complexity
Major Mapping_Notes
Minor None
1121 Excessive McCabe Cyclomatic Complexity
Major Mapping_Notes
Minor None
1122 Excessive Halstead Complexity
Major Mapping_Notes
Minor None
1123 Excessive Use of Self-Modifying Code
Major Mapping_Notes
Minor None
1124 Excessively Deep Nesting
Major Mapping_Notes
Minor None
1125 Excessive Attack Surface
Major Mapping_Notes
Minor None
1126 Declaration of Variable with Unnecessarily Wide Scope
Major Mapping_Notes
Minor None
1127 Compilation with Insufficient Warnings or Errors
Major Mapping_Notes
Minor None
1128 CISQ Quality Measures (2016)
Major Mapping_Notes
Minor None
1129 CISQ Quality Measures (2016) - Reliability
Major Mapping_Notes
Minor None
1130 CISQ Quality Measures (2016) - Maintainability
Major Mapping_Notes
Minor None
1131 CISQ Quality Measures (2016) - Security
Major Mapping_Notes
Minor None
1132 CISQ Quality Measures (2016) - Performance Efficiency
Major Mapping_Notes
Minor None
1133 Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java
Major Mapping_Notes
Minor None
1134 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 00. Input Validation and Data Sanitization (IDS)
Major Mapping_Notes
Minor None
1135 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 01. Declarations and Initialization (DCL)
Major Mapping_Notes
Minor None
1136 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 02. Expressions (EXP)
Major Mapping_Notes
Minor None
1137 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM)
Major Mapping_Notes
Minor None
1138 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 04. Characters and Strings (STR)
Major Mapping_Notes
Minor None
1139 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 05. Object Orientation (OBJ)
Major Mapping_Notes
Minor None
1140 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 06. Methods (MET)
Major Mapping_Notes
Minor None
1141 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 07. Exceptional Behavior (ERR)
Major Mapping_Notes
Minor None
1142 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 08. Visibility and Atomicity (VNA)
Major Mapping_Notes
Minor None
1143 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 09. Locking (LCK)
Major Mapping_Notes
Minor None
1144 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 10. Thread APIs (THI)
Major Mapping_Notes
Minor None
1145 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 11. Thread Pools (TPS)
Major Mapping_Notes
Minor None
1146 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 12. Thread-Safety Miscellaneous (TSM)
Major Mapping_Notes
Minor None
1147 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)
Major Mapping_Notes
Minor None
1148 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 14. Serialization (SER)
Major Mapping_Notes
Minor None
1149 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 15. Platform Security (SEC)
Major Mapping_Notes
Minor None
1150 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 16. Runtime Environment (ENV)
Major Mapping_Notes
Minor None
1151 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 17. Java Native Interface (JNI)
Major Mapping_Notes
Minor None
1152 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 49. Miscellaneous (MSC)
Major Mapping_Notes
Minor None
1153 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 50. Android (DRD)
Major Mapping_Notes
Minor None
1154 Weaknesses Addressed by the SEI CERT C Coding Standard
Major Mapping_Notes
Minor None
1155 SEI CERT C Coding Standard - Guidelines 01. Preprocessor (PRE)
Major Mapping_Notes
Minor None
1156 SEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL)
Major Mapping_Notes
Minor None
1157 SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP)
Major Mapping_Notes
Minor None
1158 SEI CERT C Coding Standard - Guidelines 04. Integers (INT)
Major Mapping_Notes
Minor None
1159 SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP)
Major Mapping_Notes
Minor None
1160 SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR)
Major Mapping_Notes
Minor None
1161 SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR)
Major Mapping_Notes
Minor None
1162 SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM)
Major Mapping_Notes
Minor None
1163 SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO)
Major Mapping_Notes
Minor None
1164 Irrelevant Code
Major Mapping_Notes
Minor None
1165 SEI CERT C Coding Standard - Guidelines 10. Environment (ENV)
Major Mapping_Notes
Minor None
1166 SEI CERT C Coding Standard - Guidelines 11. Signals (SIG)
Major Mapping_Notes
Minor None
1167 SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR)
Major Mapping_Notes
Minor None
1168 SEI CERT C Coding Standard - Guidelines 13. Application Programming Interfaces (API)
Major Mapping_Notes
Minor None
1169 SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON)
Major Mapping_Notes
Minor None
1170 SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC)
Major Mapping_Notes
Minor None
1171 SEI CERT C Coding Standard - Guidelines 50. POSIX (POS)
Major Mapping_Notes
Minor None
1172 SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN)
Major Mapping_Notes
Minor None
1173 Improper Use of Validation Framework
Major Mapping_Notes
Minor None
1174 ASP.NET Misconfiguration: Improper Model Validation
Major Mapping_Notes
Minor None
1175 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 18. Concurrency (CON)
Major Mapping_Notes
Minor None
1176 Inefficient CPU Computation
Major Mapping_Notes
Minor None
1177 Use of Prohibited Code
Major Mapping_Notes
Minor None
1178 Weaknesses Addressed by the SEI CERT Perl Coding Standard
Major Mapping_Notes
Minor None
1179 SEI CERT Perl Coding Standard - Guidelines 01. Input Validation and Data Sanitization (IDS)
Major Mapping_Notes
Minor None
1180 SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL)
Major Mapping_Notes
Minor None
1181 SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP)
Major Mapping_Notes
Minor None
1182 SEI CERT Perl Coding Standard - Guidelines 04. Integers (INT)
Major Mapping_Notes
Minor None
1183 SEI CERT Perl Coding Standard - Guidelines 05. Strings (STR)
Major Mapping_Notes
Minor None
1184 SEI CERT Perl Coding Standard - Guidelines 06. Object-Oriented Programming (OOP)
Major Mapping_Notes
Minor None
1185 SEI CERT Perl Coding Standard - Guidelines 07. File Input and Output (FIO)
Major Mapping_Notes
Minor None
1186 SEI CERT Perl Coding Standard - Guidelines 50. Miscellaneous (MSC)
Major Mapping_Notes
Minor None
1187 DEPRECATED: Use of Uninitialized Resource
Major Mapping_Notes
Minor None
1188 Insecure Default Initialization of Resource
Major Mapping_Notes
Minor None
1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
Major Mapping_Notes, Relationships
Minor None
1190 DMA Device Enabled Too Early in Boot Phase
Major Mapping_Notes
Minor None
1191 On-Chip Debug and Test Interface With Improper Access Control
Major Mapping_Notes
Minor None
1192 System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers
Major Mapping_Notes
Minor None
1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
Major Mapping_Notes
Minor None
1194 Hardware Design
Major Mapping_Notes
Minor None
1195 Manufacturing and Life Cycle Management Concerns
Major Mapping_Notes
Minor None
1196 Security Flow Issues
Major Mapping_Notes
Minor None
1197 Integration Issues
Major Mapping_Notes
Minor None
1198 Privilege Separation and Access Control Issues
Major Mapping_Notes
Minor None
1199 General Circuit and Logic Design Concerns
Major Mapping_Notes
Minor None
1200 Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors
Major Mapping_Notes
Minor None
1201 Core and Compute Issues
Major Mapping_Notes
Minor None
1202 Memory and Storage Issues
Major Mapping_Notes
Minor None
1203 Peripherals, On-chip Fabric, and Interface/IO Problems
Major Mapping_Notes
Minor None
1204 Generation of Weak Initialization Vector (IV)
Major Mapping_Notes
Minor None
1205 Security Primitives and Cryptography Issues
Major Mapping_Notes
Minor None
1206 Power, Clock, Thermal, and Reset Concerns
Major Mapping_Notes
Minor None
1207 Debug and Test Problems
Major Mapping_Notes
Minor None
1208 Cross-Cutting Problems
Major Mapping_Notes
Minor None
1209 Failure to Disable Reserved Bits
Major Mapping_Notes
Minor None
1210 Audit / Logging Errors
Major Mapping_Notes
Minor None
1211 Authentication Errors
Major Mapping_Notes
Minor None
1212 Authorization Errors
Major Mapping_Notes
Minor None
1213 Random Number Issues
Major Mapping_Notes
Minor None
1214 Data Integrity Issues
Major Mapping_Notes
Minor None
1215 Data Validation Issues
Major Mapping_Notes
Minor None
1216 Lockout Mechanism Errors
Major Mapping_Notes
Minor None
1217 User Session Errors
Major Mapping_Notes
Minor None
1218 Memory Buffer Errors
Major Mapping_Notes
Minor None
1219 File Handling Issues
Major Mapping_Notes
Minor None
1220 Insufficient Granularity of Access Control
Major Mapping_Notes
Minor None
1221 Incorrect Register Defaults or Module Parameters
Major Mapping_Notes
Minor None
1222 Insufficient Granularity of Address Regions Protected by Register Locks
Major Mapping_Notes
Minor None
1223 Race Condition for Write-Once Attributes
Major Mapping_Notes
Minor None
1224 Improper Restriction of Write-Once Bit Fields
Major Mapping_Notes
Minor None
1225 Documentation Issues
Major Mapping_Notes
Minor None
1226 Complexity Issues
Major Mapping_Notes
Minor None
1227 Encapsulation Issues
Major Mapping_Notes
Minor None
1228 API / Function Errors
Major Mapping_Notes
Minor None
1229 Creation of Emergent Resource
Major Mapping_Notes
Minor None
1230 Exposure of Sensitive Information Through Metadata
Major Mapping_Notes
Minor None
1231 Improper Prevention of Lock Bit Modification
Major Mapping_Notes
Minor None
1232 Improper Lock Behavior After Power State Transition
Major Mapping_Notes
Minor None
1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection
Major Mapping_Notes
Minor None
1234 Hardware Internal or Debug Modes Allow Override of Locks
Major Mapping_Notes
Minor None
1235 Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations
Major Mapping_Notes
Minor None
1236 Improper Neutralization of Formula Elements in a CSV File
Major Mapping_Notes
Minor None
1237 SFP Primary Cluster: Faulty Resource Release
Major Mapping_Notes
Minor None
1238 SFP Primary Cluster: Failure to Release Memory
Major Mapping_Notes
Minor None
1239 Improper Zeroization of Hardware Register
Major Mapping_Notes
Minor None
1240 Use of a Cryptographic Primitive with a Risky Implementation
Major Mapping_Notes
Minor None
1241 Use of Predictable Algorithm in Random Number Generator
Major Mapping_Notes
Minor None
1242 Inclusion of Undocumented Features or Chicken Bits
Major Mapping_Notes, Taxonomy_Mappings
Minor None
1243 Sensitive Non-Volatile Information Not Protected During Debug
Major Mapping_Notes
Minor None
1244 Internal Asset Exposed to Unsafe Debug Access Level or State
Major Mapping_Notes
Minor None
1245 Improper Finite State Machines (FSMs) in Hardware Logic
Major Mapping_Notes
Minor None
1246 Improper Write Handling in Limited-write Non-Volatile Memories
Major Mapping_Notes
Minor None
1247 Improper Protection Against Voltage and Clock Glitches
Major Mapping_Notes
Minor None
1248 Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
Major Mapping_Notes
Minor None
1249 Application-Level Admin Tool with Inconsistent View of Underlying Operating System
Major Mapping_Notes
Minor None
1250 Improper Preservation of Consistency Between Independent Representations of Shared State
Major Mapping_Notes
Minor None
1251 Mirrored Regions with Different Values
Major Mapping_Notes
Minor None
1252 CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
Major Mapping_Notes
Minor None
1253 Incorrect Selection of Fuse Values
Major Mapping_Notes
Minor None
1254 Incorrect Comparison Logic Granularity
Major Mapping_Notes
Minor None
1255 Comparison Logic is Vulnerable to Power Side-Channel Attacks
Major Mapping_Notes
Minor None
1256 Improper Restriction of Software Interfaces to Hardware Features
Major Mapping_Notes
Minor None
1257 Improper Access Control Applied to Mirrored or Aliased Memory Regions
Major Mapping_Notes
Minor None
1258 Exposure of Sensitive System Information Due to Uncleared Debug Information
Major Mapping_Notes
Minor None
1259 Improper Restriction of Security Token Assignment
Major Mapping_Notes
Minor None
1260 Improper Handling of Overlap Between Protected Memory Ranges
Major Demonstrative_Examples, Mapping_Notes, References
Minor None
1261 Improper Handling of Single Event Upsets
Major Mapping_Notes
Minor None
1262 Improper Access Control for Register Interface
Major Demonstrative_Examples, Mapping_Notes, References
Minor None
1263 Improper Physical Access Control
Major Mapping_Notes, Relationships
Minor None
1264 Hardware Logic with Insecure De-Synchronization between Control and Data Channels
Major Mapping_Notes
Minor None
1265 Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
Major Mapping_Notes
Minor None
1266 Improper Scrubbing of Sensitive Data from Decommissioned Device
Major Mapping_Notes
Minor None
1267 Policy Uses Obsolete Encoding
Major Mapping_Notes
Minor None
1268 Policy Privileges are not Assigned Consistently Between Control and Data Agents
Major Mapping_Notes
Minor None
1269 Product Released in Non-Release Configuration
Major Mapping_Notes
Minor None
1270 Generation of Incorrect Security Tokens
Major Mapping_Notes
Minor None
1271 Uninitialized Value on Reset for Registers Holding Security Settings
Major Mapping_Notes
Minor None
1272 Sensitive Information Uncleared Before Debug/Power State Transition
Major Mapping_Notes
Minor None
1273 Device Unlock Credential Sharing
Major Mapping_Notes
Minor None
1274 Improper Access Control for Volatile Memory Containing Boot Code
Major Mapping_Notes
Minor None
1275 Sensitive Cookie with Improper SameSite Attribute
Major Mapping_Notes
Minor None
1276 Hardware Child Block Incorrectly Connected to Parent System
Major Mapping_Notes
Minor None
1277 Firmware Not Updateable
Major Mapping_Notes
Minor None
1278 Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
Major Mapping_Notes
Minor None
1279 Cryptographic Operations are run Before Supporting Units are Ready
Major Mapping_Notes
Minor None
1280 Access Control Check Implemented After Asset is Accessed
Major Mapping_Notes
Minor None
1281 Sequence of Processor Instructions Leads to Unexpected Behavior
Major Demonstrative_Examples, Mapping_Notes, References
Minor None
1282 Assumed-Immutable Data is Stored in Writable Memory
Major Mapping_Notes
Minor None
1283 Mutable Attestation or Measurement Reporting Data
Major Mapping_Notes
Minor None
1284 Improper Validation of Specified Quantity in Input
Major Mapping_Notes, Relationships
Minor None
1285 Improper Validation of Specified Index, Position, or Offset in Input
Major Mapping_Notes
Minor None
1286 Improper Validation of Syntactic Correctness of Input
Major Mapping_Notes
Minor None
1287 Improper Validation of Specified Type of Input
Major Mapping_Notes
Minor None
1288 Improper Validation of Consistency within Input
Major Mapping_Notes
Minor None
1289 Improper Validation of Unsafe Equivalence in Input
Major Mapping_Notes
Minor None
1290 Incorrect Decoding of Security Identifiers
Major Mapping_Notes
Minor None
1291 Public Key Re-Use for Signing both Debug and Production Code
Major Mapping_Notes
Minor None
1292 Incorrect Conversion of Security Identifiers
Major Mapping_Notes
Minor None
1293 Missing Source Correlation of Multiple Independent Data
Major Mapping_Notes
Minor None
1294 Insecure Security Identifier Mechanism
Major Mapping_Notes
Minor None
1295 Debug Messages Revealing Unnecessary Information
Major Mapping_Notes
Minor None
1296 Incorrect Chaining or Granularity of Debug Components
Major Mapping_Notes
Minor None
1297 Unprotected Confidential Information on Device is Accessible by OSAT Vendors
Major Mapping_Notes
Minor None
1298 Hardware Logic Contains Race Conditions
Major Mapping_Notes
Minor None
1299 Missing Protection Mechanism for Alternate Hardware Interface
Major Mapping_Notes
Minor None
1300 Improper Protection of Physical Side Channels
Major Mapping_Notes
Minor None
1301 Insufficient or Incomplete Data Removal within Hardware Component
Major Mapping_Notes
Minor None
1302 Missing Security Identifier
Major Mapping_Notes
Minor None
1303 Non-Transparent Sharing of Microarchitectural Resources
Major Mapping_Notes, Relationships
Minor None
1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
Major Mapping_Notes
Minor None
1305 CISQ Quality Measures (2020)
Major Mapping_Notes
Minor None
1306 CISQ Quality Measures - Reliability
Major Mapping_Notes
Minor None
1307 CISQ Quality Measures - Maintainability
Major Mapping_Notes
Minor None
1308 CISQ Quality Measures - Security
Major Mapping_Notes
Minor None
1309 CISQ Quality Measures - Efficiency
Major Mapping_Notes
Minor None
1310 Missing Ability to Patch ROM Code
Major Mapping_Notes
Minor None
1311 Improper Translation of Security Attributes by Fabric Bridge
Major Mapping_Notes
Minor None
1312 Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
Major Mapping_Notes
Minor None
1313 Hardware Allows Activation of Test or Debug Logic at Runtime
Major Mapping_Notes
Minor None
1314 Missing Write Protection for Parametric Data Values
Major Mapping_Notes
Minor None
1315 Improper Setting of Bus Controlling Capability in Fabric End-point
Major Mapping_Notes
Minor None
1316 Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges
Major Mapping_Notes
Minor None
1317 Improper Access Control in Fabric Bridge
Major Mapping_Notes
Minor None
1318 Missing Support for Security Features in On-chip Fabrics or Buses
Major Mapping_Notes
Minor None
1319 Improper Protection against Electromagnetic Fault Injection (EM-FI)
Major Mapping_Notes
Minor None
1320 Improper Protection for Outbound Error Messages and Alert Signals
Major Mapping_Notes
Minor None
1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Major Mapping_Notes
Minor None
1322 Use of Blocking Code in Single-threaded, Non-blocking Context
Major Mapping_Notes
Minor None
1323 Improper Management of Sensitive Trace Data
Major Mapping_Notes
Minor None
1324 DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface
Major Mapping_Notes
Minor None
1325 Improperly Controlled Sequential Memory Allocation
Major Mapping_Notes
Minor None
1326 Missing Immutable Root of Trust in Hardware
Major Mapping_Notes
Minor None
1327 Binding to an Unrestricted IP Address
Major Mapping_Notes
Minor None
1328 Security Version Number Mutable to Older Versions
Major Mapping_Notes
Minor None
1329 Reliance on Component That is Not Updateable
Major Mapping_Notes
Minor None
1330 Remanent Data Readable after Memory Erase
Major Mapping_Notes
Minor None
1331 Improper Isolation of Shared Resources in Network On Chip (NoC)
Major Mapping_Notes
Minor None
1332 Improper Handling of Faults that Lead to Instruction Skips
Major Mapping_Notes
Minor None
1333 Inefficient Regular Expression Complexity
Major Mapping_Notes
Minor None
1334 Unauthorized Error Injection Can Degrade Hardware Redundancy
Major Mapping_Notes
Minor None
1335 Incorrect Bitwise Shift of Integer
Major Mapping_Notes
Minor None
1336 Improper Neutralization of Special Elements Used in a Template Engine
Major Mapping_Notes
Minor None
1337 Weaknesses in the 2021 CWE Top 25 Most Dangerous Software Weaknesses
Major Mapping_Notes
Minor None
1338 Improper Protections Against Hardware Overheating
Major Mapping_Notes
Minor None
1339 Insufficient Precision or Accuracy of a Real Number
Major Mapping_Notes
Minor None
1340 CISQ Data Protection Measures
Major Mapping_Notes
Minor None
1341 Multiple Releases of Same Resource or Handle
Major Mapping_Notes
Minor None
1342 Information Exposure through Microarchitectural State after Transient Execution
Major Mapping_Notes
Minor None
1343 Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List
Major Mapping_Notes
Minor None
1344 Weaknesses in OWASP Top Ten (2021)
Major Mapping_Notes
Minor None
1345 OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
Major Mapping_Notes
Minor None
1346 OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
Major Mapping_Notes
Minor None
1347 OWASP Top Ten 2021 Category A03:2021 - Injection
Major Mapping_Notes
Minor None
1348 OWASP Top Ten 2021 Category A04:2021 - Insecure Design
Major Mapping_Notes
Minor None
1349 OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
Major Mapping_Notes
Minor None
1350 Weaknesses in the 2020 CWE Top 25 Most Dangerous Software Weaknesses
Major Mapping_Notes
Minor None
1351 Improper Handling of Hardware Behavior in Exceptionally Cold Environments
Major Mapping_Notes
Minor None
1352 OWASP Top Ten 2021 Category A06:2021 - Vulnerable and Outdated Components
Major Mapping_Notes
Minor None
1353 OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
Major Mapping_Notes
Minor None
1354 OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures
Major Mapping_Notes
Minor None
1355 OWASP Top Ten 2021 Category A09:2021 - Security Logging and Monitoring Failures
Major Mapping_Notes
Minor None
1356 OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF)
Major Mapping_Notes
Minor None
1357 Reliance on Insufficiently Trustworthy Component
Major Mapping_Notes, Taxonomy_Mappings
Minor None
1358 Weaknesses in SEI ETF Categories of Security Vulnerabilities in ICS
Major Mapping_Notes
Minor None
1359 ICS Communications
Major Mapping_Notes
Minor None
1360 ICS Dependencies (& Architecture)
Major Mapping_Notes
Minor None
1361 ICS Supply Chain
Major Mapping_Notes
Minor None
1362 ICS Engineering (Constructions/Deployment)
Major Mapping_Notes
Minor None
1363 ICS Operations (& Maintenance)
Major Mapping_Notes
Minor None
1364 ICS Communications: Zone Boundary Failures
Major Mapping_Notes, Relationships
Minor None
1365 ICS Communications: Unreliability
Major Mapping_Notes, Relationships
Minor None
1366 ICS Communications: Frail Security in Protocols
Major Mapping_Notes, Relationships
Minor None
1367 ICS Dependencies (& Architecture): External Physical Systems
Major Mapping_Notes
Minor None
1368 ICS Dependencies (& Architecture): External Digital Systems
Major Mapping_Notes, Relationships
Minor None
1369 ICS Supply Chain: IT/OT Convergence/Expansion
Major Mapping_Notes
Minor None
1370 ICS Supply Chain: Common Mode Frailties
Major Mapping_Notes
Minor None
1371 ICS Supply Chain: Poorly Documented or Undocumented Features
Major Mapping_Notes
Minor None
1372 ICS Supply Chain: OT Counterfeit and Malicious Corruption
Major Mapping_Notes
Minor None
1373 ICS Engineering (Construction/Deployment): Trust Model Problems
Major Mapping_Notes
Minor None
1374 ICS Engineering (Construction/Deployment): Maker Breaker Blindness
Major Mapping_Notes
Minor None
1375 ICS Engineering (Construction/Deployment): Gaps in Details/Data
Major Mapping_Notes
Minor None
1376 ICS Engineering (Construction/Deployment): Security Gaps in Commissioning
Major Mapping_Notes
Minor None
1377 ICS Engineering (Construction/Deployment): Inherent Predictability in Design
Major Mapping_Notes
Minor None
1378 ICS Operations (& Maintenance): Gaps in obligations and training
Major Mapping_Notes
Minor None
1379 ICS Operations (& Maintenance): Human factors in ICS environments
Major Mapping_Notes
Minor None
1380 ICS Operations (& Maintenance): Post-analysis changes
Major Mapping_Notes
Minor None
1381 ICS Operations (& Maintenance): Exploitable Standard Operational Procedures
Major Mapping_Notes
Minor None
1382 ICS Operations (& Maintenance): Emerging Energy Technologies
Major Mapping_Notes
Minor None
1383 ICS Operations (& Maintenance): Compliance/Conformance with Regulatory Requirements
Major Mapping_Notes
Minor None
1384 Improper Handling of Physical or Environmental Conditions
Major Mapping_Notes
Minor None
1385 Missing Origin Validation in WebSockets
Major Mapping_Notes
Minor None
1386 Insecure Operation on Windows Junction / Mount Point
Major Mapping_Notes
Minor None
1387 Weaknesses in the 2022 CWE Top 25 Most Dangerous Software Weaknesses
Major Mapping_Notes
Minor None
1388 Physical Access Issues and Concerns
Major Mapping_Notes
Minor None
1389 Incorrect Parsing of Numbers with Different Radices
Major Mapping_Notes
Minor None
1390 Weak Authentication
Major Mapping_Notes
Minor None
1391 Use of Weak Credentials
Major Mapping_Notes, Taxonomy_Mappings
Minor None
1392 Use of Default Credentials
Major Mapping_Notes
Minor None
1393 Use of Default Password
Major Mapping_Notes, Relationships
Minor None
1394 Use of Default Cryptographic Key
Major Mapping_Notes
Minor None
1395 Dependency on Vulnerable Third-Party Component
Major Mapping_Notes, Taxonomy_Mappings
Minor None
1396 Comprehensive Categorization: Access Control
Major Mapping_Notes
Minor None
1397 Comprehensive Categorization: Comparison
Major Mapping_Notes
Minor None
1398 Comprehensive Categorization: Component Interaction
Major Mapping_Notes
Minor None
1399 Comprehensive Categorization: Memory Safety
Major Mapping_Notes
Minor None
1400 Comprehensive Categorization for Software Assurance Trends
Major Mapping_Notes
Minor None
1401 Comprehensive Categorization: Concurrency
Major Mapping_Notes
Minor None
1402 Comprehensive Categorization: Encryption
Major Mapping_Notes
Minor None
1403 Comprehensive Categorization: Exposed Resource
Major Mapping_Notes
Minor None
1404 Comprehensive Categorization: File Handling
Major Mapping_Notes
Minor None
1405 Comprehensive Categorization: Improper Check or Handling of Exceptional Conditions
Major Mapping_Notes
Minor None
1406 Comprehensive Categorization: Improper Input Validation
Major Mapping_Notes
Minor None
1407 Comprehensive Categorization: Improper Neutralization
Major Mapping_Notes
Minor None
1408 Comprehensive Categorization: Incorrect Calculation
Major Mapping_Notes
Minor None
1409 Comprehensive Categorization: Injection
Major Mapping_Notes
Minor None
1410 Comprehensive Categorization: Insufficient Control Flow Management
Major Mapping_Notes
Minor None
1411 Comprehensive Categorization: Insufficient Verification of Data Authenticity
Major Mapping_Notes
Minor None
1412 Comprehensive Categorization: Poor Coding Practices
Major Mapping_Notes
Minor None
1413 Comprehensive Categorization: Protection Mechanism Failure
Major Mapping_Notes
Minor None
1414 Comprehensive Categorization: Randomness
Major Mapping_Notes
Minor None
1415 Comprehensive Categorization: Resource Control
Major Mapping_Notes
Minor None
1416 Comprehensive Categorization: Resource Lifecycle Management
Major Mapping_Notes
Minor None
1417 Comprehensive Categorization: Sensitive Information Exposure
Major Mapping_Notes
Minor None
1418 Comprehensive Categorization: Violation of Secure Design Principles
Major Mapping_Notes
Minor None
2000 Comprehensive CWE Dictionary
Major Mapping_Notes
Minor None
Page Last Updated: June 29, 2023