Page History

CWE-787

Out-of-bounds Write

• CWE.787.ARRAY

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

• CWE.79.SCS0029
• CWE.79.VPPD
• CWE.79.TDRESP
• CWE.79.TDXSS
• CWE.79.AXSSE
• CWE.79.CSP

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

• CWE.89.TDSQL
• CWE.89.TDSQLC

CWE-416

Use After Free

• CWE.416.DISP
• CWE.416.FIN

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

• CWE.78.TDCMD

CWE-20

Improper Input Validation

• CWE.20.ARRAY
• CWE.20.VPPD
• CWE.20.TDNET
• CWE.20.TDFNAMES
• CWE.20.TDCMD
• CWE.20.TDRESP
• CWE.20.TDXSS
• CWE.20.TDSQL
• CWE.20.TDSQLC
• CWE.20.SCS0017
• CWE.20.SCS0021
• CWE.20.SCS0030
• CWE.20.SCS0022

CWE-125

Out-of-bounds Read

• CWE.125.ARRAY

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

• CWE.22.TDFNAMES
• CWE.22.SCS0018

CWE-352

Cross-Site Request Forgery (CSRF)

• CWE.352.VPPD
• CWE.352.TDRESP
• CWE.352.VAFT
• CWE.352.CA3147
• CWE.352.CA5391
• CWE.352.SCS0016

CWE-434

Unrestricted Upload of File with Dangerous Type

• CWE.434.TDFNAMES

CWE-862

Missing Authorization

• CWE.862.UAA
• CWE.862.SCS0019

CWE-476

NULL Pointer Dereference

• CWE.476.NR
• CWE.476.CNFA

CWE-287

Improper Authentication

• CWE.287.TDPASSWD
• CWE.287.AAM
• CWE.287.UAAMC
• CWE.287.LUAFLA
• CWE.287.IIPHEU
• CWE.287.CA5359
• CWE.287.CA5403
• CWE.287.CA5376
• CWE.287.CA5390
• CWE.287.SCS0032
• CWE.287.SCS0033
• CWE.287.SCS0034

CWE-190

Integer Overflow or Wraparound

• CWE.190.AIWIL
• CWE.190.AIOAC
• CWE.190.INTWRAP

CWE-502

Deserialization of Untrusted Data

• CWE.502.IIDC
• CWE.502.UIS
• CWE.502.IDC
• CWE.502.MGODWSPA
• CWE.502.CA2350
• CWE.502.CA2351
• CWE.502.CA2352
• CWE.502.CA2353
• CWE.502.CA2354
• CWE.502.CA2355
• CWE.502.CA2356
• CWE.502.CA2361
• CWE.502.CA2362
• CWE.502.SCS0028

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

• CWE.77.TDCMD

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

• CWE.119.ARRAY

CWE-798

Use of Hard-coded Credentials

• CWE.798.HPWCS
• CWE.798.HARDCONN
• CWE.798.HPW
• CWE.798.SCS0015
• CWE.798.CA5403

CWE-918

Server-Side Request Forgery (SSRF)

• CWE.918.TDNET
• CWE.918.CA3147
• CWE.918.CA5368
• CWE.918.CA5391
• CWE.918.CA5395

CWE-306

Missing Authentication for Critical Function

• N/A

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

• CWE.362.LOCKSETGET
• CWE.362.DIFCS

CWE-269

Improper Privilege Management

• CWE.269.IDENTITY
• CWE.269.CA5375
• CWE.269.CA5377

CWE-94

Improper Control of Generation of Code ('Code Injection')

• CWE.94.TDCODE

CWE-863

Incorrect Authorization

• CWE.863.AAM
• CWE.863.UAAMC
• CWE.863.AUTH

CWE-276

Incorrect Default Permissions

• N/A

CWE-617

Reachable Assertion

• CWE.617.ATA

CWE-427

Uncontrolled Search Path Element

• CWE.427.CA5393

CWE-611

Improper Restriction of XML External Entity Reference

• CWE.611.PDTDP
• CWE.611.USXRS
• CWE.611.CA3061
• CWE.611.CA3075
• CWE.611.CA3077
• CWE.611.CA5366
• CWE.611.CA5369
• CWE.611.CA5370
• CWE.611.CA5371
• CWE.611.CA5372

CWE-770

Allocation of Resources Without Limits or Throttling

• CWE.770.UHCF
• CWE.770.CA2014
• CWE.770.TDALLOC

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

• CWE.200.SELSPLAT
• CWE.200.SDE
• CWE.200.SENS
• CWE.200.PEO
• CWE.200.ACPST
• CWE.200.ALSI
• CWE.200.SENSLOG
• CWE.200.CSG
• CWE.200.CA3004

CWE-732

Incorrect Permission Assignment for Critical Resource

• CWE.732.ADSVSP
• CWE.732.CA5396

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

• CWE.601.TDNET
• CWE.601.TDRESP

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

• N/A

CWE-295

Improper Certificate Validation

• CWE.295.DNICV
• CWE.295.CA5359
• CWE.295.CA5403
• CWE.295.CA5399
• CWE.295.CA5400

CWE-522

Insufficiently Protected Credentials

• CWE.522.TDPASSWD

CWE-401

Missing Release of Memory after Effective Lifetime

• N/A

CWE-400

Uncontrolled Resource Consumption

• CWE.400.CA5362
• CWE.400.UHCF
• CWE.400.CA2014
• CWE.400.TDALLOC
• CWE.400.LEAKS
• CWE.400.TDLOG

CWE-639

Authorization Bypass Through User-Controlled Key

• N/A

CWE-59

Improper Link Resolution Before File Access ('Link Following')

• CWE.59.VLT

CWE-668

Exposure of Resource to Wrong Sphere

• CWE.668.TDINPUT
• CWE.668.TDFNAMES
• CWE.668.PBRTE
• CWE.668.CA5393
• CWE.668.CSG
• CWE.668.CA3004
• CWE.668.SELSPLAT
• CWE.668.SDE
• CWE.668.SENS
• CWE.668.PEO
• CWE.668.ACPST
• CWE.668.ALSI
• CWE.668.SENSLOG
• CWE.668.TDPASSWD
• CWE.668.ADSVSP
• CWE.668.CA5396
• CWE.668.SCS0018
• CWE.668.SCS0024