...
| Anchor | ||||
|---|---|---|---|---|
|
This section includes lists rule mapping for the CWE standard. The mapping information for other standards is available in the PDF rule mapping files shipped with Compliance Packs.
CWE Top 25 2024 Mapping
ID | Name/description | Parasoft rule ID(s) |
|---|---|---|
CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
|
CWE-787 | Out-of-bounds Write |
|
CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
|
CWE-352 | Cross-Site Request Forgery (CSRF) |
|
CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
CWE-125 | Out-of-bounds Read |
|
CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
|
CWE-416 | Use After Free |
|
CWE-862 | Missing Authorization |
|
CWE-434 | Unrestricted Upload of File with Dangerous Type |
|
CWE-94 | Improper Control of Generation of Code ('Code Injection') |
|
CWE-20 | Improper Input Validation |
|
CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
|
CWE-287 | Improper Authentication |
|
CWE-269 | Improper Privilege Management |
|
CWE-502 | Deserialization of Untrusted Data |
|
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
|
CWE-863 | Incorrect Authorization |
|
CWE-918 | Server-Side Request Forgery (SSRF) |
|
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
CWE-476 | NULL Pointer Dereference |
|
CWE-798 | Use of Hard-coded Credentials |
|
CWE-190 | Integer Overflow or Wraparound |
|
CWE-400 | Uncontrolled Resource Consumption |
|
CWE-306 | Missing Authentication for Critical Function |
|
CWE Top 25 2023 Mapping
...
ID
...
Name/description
...
Parasoft rule ID(s)
...
CWE-787
...
Out-of-bounds Write
...
- CWE.787.ARRAY
- CWE.787.ARRAYSEC
...
CWE-79
...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
...
- CWE.79.EACM
- CWE.79.TDDIG
- CWE.79.TDRESP
- CWE.79.TDXML
- CWE.79.TDXSS
- CWE.79.VPPD
- CWE.79.ARXML
...
CWE-89
...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
...
- CWE.89.TDSQL
- CWE.89.UPS
...
CWE-416
...
Use After Free
...
- CWE.416.FREE
...
CWE-78
...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
...
- CWE.78.TDCMD
...
CWE-20
...
Improper Input Validation
...
- CWE.20.ARRAY
- CWE.20.INTOVERF
- CWE.20.FREE
- CWE.20.ARRAYSEC
- CWE.20.TDINPUT
- CWE.20.TDLIB
- CWE.20.TDLOG
- CWE.20.TDRESP
- CWE.20.TDRFL
- CWE.20.BSA
- CWE.20.CACO
- CWE.20.CLP
- CWE.20.ICO
- CWE.20.IOF
- CWE.20.CAI
- CWE.20.NATV
- CWE.20.SYSP
- CWE.20.AEAF
- CWE.20.CSVFV
- CWE.20.NATIW
- CWE.20.APIBS
- CWE.20.BUSSB
- CWE.20.UCO
- CWE.20.DFV
- CWE.20.EV
- CWE.20.PLUGIN
...
CWE-125
...
Out-of-bounds Read
...
- CWE.125.ARRAY
- CWE.125.ARRAYSEC
...
CWE-22
...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
...
- CWE.22.TDFNAMES
...
CWE-352
...
Cross-Site Request Forgery (CSRF)
...
- CWE.352.EACM
- CWE.352.TDRESP
- CWE.352.TDXSS
- CWE.352.VPPD
- CWE.352.UOSC
- CWE.352.DCSRFJAVA
- CWE.352.DCSRFXML
- CWE.352.REQMAP
...
CWE-434
...
Unrestricted Upload of File with Dangerous Type
...
- CWE.434.TDFNAMES
...
CWE-862
...
Missing Authorization
...
- CWE.862.PERMIT
- CWE.862.LCA
...
CWE-476
...
NULL Pointer Dereference
...
- CWE.476.NP
- CWE.476.DEREF
...
CWE-287
...
Improper Authentication
...
- CWE.287.TDPASSWD
- CWE.287.UPWD
- CWE.287.PLAIN
- CWE.287.PCCF
- CWE.287.PTPT
- CWE.287.PWDPROP
- CWE.287.PWDXML
- CWE.287.UTAX
- CWE.287.WCPWD
- CWE.287.WPWD
- CWE.287.CKTS
- CWE.287.DNSL
- CWE.287.HCCK
- CWE.287.HCCS
- CWE.287.HTTPRHA
- CWE.287.HV
- CWE.287.PBFA
- CWE.287.SSM
- CWE.287.USC
- CWE.287.VSI
- CWE.287.MLVP
...
CWE-190
...
Integer Overflow or Wraparound
...
- CWE.190.INTOVERF
- CWE.190.BSA
- CWE.190.CACO
- CWE.190.CLP
- CWE.190.ICO
- CWE.190.IOF
...
CWE-502
...
Deserialization of Untrusted Data
...
- CWE.502.SSSD
- CWE.502.MASP
- CWE.502.AUXD
- CWE.502.SC
- CWE.502.RWAF
- CWE.502.VOBD
...
CWE-77
...
Improper Neutralization of Special Elements used in a Command ('Command Injection')
...
- CWE.77.TDCMD
...
CWE-119
...
Improper Restriction of Operations within the Bounds of a Memory Buffer
...
- CWE.119.ARRAY
- CWE.119.FREE
- CWE.119.ARRAYSEC
- CWE.119.BUSSB
...
CWE-798
...
Use of Hard-coded Credentials
...
- CWE.798.HCCK
- CWE.798.HCCS
...
CWE-918
...
Server-Side Request Forgery (SSRF)
...
- CWE.918.TDNET
...
CWE-306
...
Missing Authentication for Critical Function
...
- CWE.306.SSM
...
CWE-362
...
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
...
- CWE.362.TOCTOU
- CWE.362.DCL
...
CWE-269
...
Improper Privilege Management
...
- CWE.269.DPANY
- CWE.269.LDP
- CWE.269.PCL
...
CWE-94
...
Improper Control of Generation of Code ('Code Injection')
...
- CWE.94.TDCODE
- CWE.94.DCEMSL
- CWE.94.ASAPI
...
CWE-863
...
Incorrect Authorization
...
- CWE.863.DSR
- CWE.863.SRCD
...
CWE-276
...
Incorrect Default Permissions
...
- CWE.276.ASNF
- CWE.276.CFAP
CWE Weaknesses On the Cusp 2024 Mapping
...
ID
...
Name/description
...
Parasoft rule ID(s)
...
CWE-770
...
Allocation of Resources Without Limits or Throttling
...
- CWE.770.TDALLOC
- CWE.770.ISTART
...
CWE-668
...
Exposure of Resource to Wrong Sphere
...
- CWE.668.SENS
- CWE.668.SENSLOG
- CWE.668.TDINPUT
- CWE.668.TDLIB
- CWE.668.TDPASSWD
- CWE.668.RR
- CWE.668.UPWD
- CWE.668.MFP
- CWE.668.IMM
- CWE.668.PSFA
- CWE.668.PLAIN
- CWE.668.SYSP
- CWE.668.SPFF
- CWE.668.CONSEN
- CWE.668.PEO
- CWE.668.RA
- CWE.668.SIF
- CWE.668.SIO
- CWE.668.ATF
- CWE.668.PCCF
- CWE.668.PTPT
- CWE.668.PWDPROP
- CWE.668.PWDXML
- CWE.668.UTAX
- CWE.668.WCPWD
- CWE.668.WPWD
- CWE.668.ACPST
- CWE.668.APIBS
- CWE.668.ASNF
- CWE.668.CFAP
- CWE.668.CKTS
- CWE.668.CLONE
- CWE.668.EWSSEC
- CWE.668.IDP
- CWE.668.INNER
- CWE.668.PBRTE
- CWE.668.SCHTTP
- CWE.668.SER
- CWE.668.USC
- CWE.668.UCO
...
CWE-74
...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
...
- CWE.74.EACM
- CWE.74.TDCMD
- CWE.74.TDCODE
- CWE.74.TDDIG
- CWE.74.TDJXPATH
- CWE.74.TDLDAP
- CWE.74.TDNET
- CWE.74.TDRESP
- CWE.74.TDSQL
- CWE.74.TDXML
- CWE.74.TDXPATH
- CWE.74.TDXSS
- CWE.74.VPPD
- CWE.74.UPS
- CWE.74.XPIJ
- CWE.74.DCEMSL
- CWE.74.ARXML
- CWE.74.ASAPI
- CWE.74.DFV
...
CWE-427
...
Uncontrolled Search Path Element
...
- CWE.427.PBRTE
...
CWE-639
...
Authorization Bypass Through User-Controlled Key
...
- N/A
...
CWE-532
...
Insertion of Sensitive Information into Log File
...
- CWE.532.SENSLOG
- CWE.532.CONSEN
...
CWE-732
...
Incorrect Permission Assignment for Critical Resource
...
- CWE.732.ASNF
- CWE.732.CFAP
- CWE.732.IDP
- CWE.732.SCHTTP
...
CWE-601
...
URL Redirection to Untrusted Site ('Open Redirect')
...
- CWE.601.TDNET
- CWE.601.TDRESP
- CWE.601.VRD
- CWE.601.UCO
...
CWE-362
...
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
...
- CWE.362.TOCTOU
- CWE.362.DCL
...
CWE-522
...
Insufficiently Protected Credentials
...
- CWE.522.TDPASSWD
- CWE.522.UPWD
- CWE.522.PLAIN
- CWE.522.PCCF
- CWE.522.PTPT
- CWE.522.PWDPROP
- CWE.522.PWDXML
- CWE.522.UTAX
- CWE.522.WCPWD
- CWE.522.WPWD
- CWE.522.CKTS
- CWE.522.USC
...
CWE-276
...
Incorrect Default Permissions
...
- CWE.276.ASNF
- CWE.276.CFAP
...
CWE-203
...
Observable Discrepancy
...
- N/A
...
CWE-59
...
Improper Link Resolution Before File Access ('Link Following')
...
- CWE.59.FOLLOW
- CWE.59.LNK
...
CWE-843
...
Access of Resource Using Incompatible Type ('Type Confusion')
...
- CWE.843.EQUS
...
CWE-312
...
Cleartext Storage of Sensitive Information
...
- CWE.312.PLAIN
- CWE.312.PLC
- CWE.312.PWDPROP
CWE Weaknesses On the Cusp 2023 Mapping
...
ID
...
Name/description
...
Parasoft rule ID(s)
...
CWE-617
...
Reachable Assertion
...
- CWE.617.ASSERT
...
CWE-427
...
Uncontrolled Search Path Element
...
- CWE.427.PBRTE
...
CWE-611
...
Improper Restriction of XML External Entity Reference
...
- CWE.611.XMLVAL
- CWE.611.DXXE
...
CWE-770
...
Allocation of Resources Without Limits or Throttling
...
- CWE.770.TDALLOC
- CWE.770.ISTART
...
CWE-200
...
Exposure of Sensitive Information to an Unauthorized Actor
...
- CWE.200.SENS
- CWE.200.SENSLOG
- CWE.200.CONSEN
- CWE.200.PEO
- CWE.200.SIO
- CWE.200.ACPST
- CWE.200.EWSSEC
...
CWE-732
...
Incorrect Permission Assignment for Critical Resource
...
- CWE.732.ASNF
- CWE.732.CFAP
- CWE.732.IDP
- CWE.732.SCHTTP
...
CWE-601
...
URL Redirection to Untrusted Site ('Open Redirect')
...
- CWE.601.TDNET
- CWE.601.TDRESP
- CWE.601.VRD
- CWE.601.UCO
...
CWE-1321
...
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
...
- N/A
...
CWE-295
...
Improper Certificate Validation
...
- CWE.295.HV
- CWE.295.VSI
...
CWE-522
...
Insufficiently Protected Credentials
...
- CWE.522.TDPASSWD
- CWE.522.UPWD
- CWE.522.PLAIN
- CWE.522.PCCF
- CWE.522.PTPT
- CWE.522.PWDPROP
- CWE.522.PWDXML
- CWE.522.UTAX
- CWE.522.WCPWD
- CWE.522.WPWD
- CWE.522.CKTS
- CWE.522.USC
...
CWE-401
...
Missing Release of Memory after Effective Lifetime
...
- N/A
...
CWE-400
...
Uncontrolled Resource Consumption
...
- CWE.400.LEAKS
- CWE.400.TDALLOC
- CWE.400.USB
- CWE.400.DMDS
- CWE.400.ISTART
...
CWE-639
...
Authorization Bypass Through User-Controlled Key
...
- N/A
...
CWE-59
...
Improper Link Resolution Before File Access ('Link Following')
...
- CWE.59.FOLLOW
- CWE.59.LNK
...
CWE-668
...
Exposure of Resource to Wrong Sphere
...
- CWE.668.ASNF
- CWE.668.CFAP
- CWE.668.SENS
- CWE.668.SENSLOG
- CWE.668.TDFNAMES
- CWE.668.TDINPUT
- CWE.668.TDLIB
- CWE.668.TDPASSWD
- CWE.668.RR
- CWE.668.UPWD
- CWE.668.MFP
- CWE.668.IMM
- CWE.668.PSFA
- CWE.668.PLAIN
- CWE.668.SYSP
- CWE.668.SPFF
- CWE.668.CONSEN
- CWE.668.PEO
- CWE.668.RA
- CWE.668.SIF
- CWE.668.SIO
- CWE.668.ATF
- CWE.668.PCCF
- CWE.668.PTPT
- CWE.668.PWDPROP
- CWE.668.PWDXML
- CWE.668.UTAX
- CWE.668.WCPWD
- CWE.668.WPWD
- CWE.668.ACPST
- CWE.668.APIBS
- CWE.668.CKTS
- CWE.668.CLONE
- CWE.668.EWSSEC
- CWE.668.IDP
- CWE.668.INNER
- CWE.668.PBRTE
- CWE.668.SCHTTP
- CWE.668.SER
- CWE.668.USC
- CWE.668.UCO
CWE 4.17 Mapping
...
ID
...
Name/description
...
Parasoft rule ID(s)
...
CWE-6
...
J2EE Misconfiguration: Insufficient Session-ID Length
...
- CWE.6.SLID
...
CWE-7
...
J2EE Misconfiguration: Missing Custom Error Page
...
- CWE.7.SEP
...
CWE-8
...
J2EE Misconfiguration: Entity Bean Declared Remote
...
- CWE.8.RR
...
CWE-9
...
J2EE Misconfiguration: Weak Access Permissions for EJB Methods
...
- CWE.9.DPANY
...
CWE-15
...
External Control of System or Configuration Setting
...
- CWE.15.SYSP
- CWE.15.UCO
...
CWE-20
...
Improper Input Validation
...
- CWE-111.NATV
- CWE-111.NATIW
- CWE-109.EV
- CWE-106.PLUGIN
- CWE-104.AEAF
- CWE-102.DFV
- CWE-103.CSVFV
- CWE-134.TDINPUT
- CWE-113.TDRESP
- CWE-470.TDRFL
- CWE-470.APIBS
- CWE-190.INTWRAP
- CWE-190.BSA
- CWE-190.CACO
- CWE-190.CLP
- CWE-190.ICO
- CWE-190.IOF
- CWE-114.TDLIB
- CWE-114.APIBS
- CWE-117.TDLOG
- CWE-129.ARRAY
- CWE-129.ARRAYSEC
- CWE-129.CAI
- CWE-15.SYSP
- CWE-15.UCO
...
CWE-22
...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
...
- CWE.22.TDFNAMES
...
CWE-59
...
Improper Link Resolution Before File Access ('Link Following')
...
- CWE-64.LNK
- CWE-61.FOLLOW
...
CWE-61
...
UNIX Symbolic Link (Symlink) Following
...
- CWE.61.FOLLOW
...
CWE-64
...
Windows Shortcut Following (.LNK)
...
- CWE.64.LNK
...
CWE-73
...
External Control of File Name or Path
...
- CWE-114.TDLIB
- CWE-114.APIBS
...
CWE-74
...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
...
- CWE-89.TDSQL
- CWE-89.UPS
- CWE-99.TDNET
- CWE-94.DCEMSL
- CWE-94.ASAPI
- CWE-79.EACM
- CWE-79.TDRESP
- CWE-79.TDXSS
- CWE-79.VPPD
- CWE-78.TDCMD
- CWE-91.TDXML
...
CWE-77
...
Improper Neutralization of Special Elements used in a Command ('Command Injection')
...
- CWE-78.TDCMD
...
CWE-78
...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
...
- CWE.78.TDCMD
...
CWE-79
...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
...
- CWE.79.EACM
- CWE.79.TDRESP
- CWE.79.TDXSS
- CWE.79.VPPD
- CWE-83.ARXML
- CWE-80.TDDIG
- CWE-80.TDXML
- CWE-80.ARXML
- CWE-81.ARXML
...
CWE-80
...
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
...
- CWE.80.TDDIG
- CWE.80.TDXML
- CWE.80.ARXML
...
CWE-81
...
Improper Neutralization of Script in an Error Message Web Page
...
- CWE.81.ARXML
...
CWE-83
...
Improper Neutralization of Script in Attributes in a Web Page
...
- CWE.83.ARXML
...
CWE-89
...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
...
- CWE.89.TDSQL
- CWE.89.UPS
...
CWE-90
...
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
...
- CWE.90.TDLDAP
...
CWE-91
...
XML Injection (aka Blind XPath Injection)
...
- CWE.91.TDXML
- CWE-652.TDXPATH
- CWE-652.XPIJ
- CWE-643.TDJXPATH
- CWE-643.TDXPATH
...
CWE-93
...
Improper Neutralization of CRLF Sequences ('CRLF Injection')
...
- CWE-113.TDRESP
...
CWE-94
...
Improper Control of Generation of Code ('Code Injection')
...
- CWE.94.DCEMSL
- CWE.94.ASAPI
- CWE-95.TDCODE
...
CWE-95
...
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
...
- CWE.95.TDCODE
...
CWE-99
...
Improper Control of Resource Identifiers ('Resource Injection')
...
- CWE.99.TDNET
...
CWE-102
...
Struts: Duplicate Validation Forms
...
- CWE.102.DFV
...
CWE-103
...
Struts: Incomplete validate() Method Definition
...
- CWE.103.CSVFV
...
CWE-104
...
Struts: Form Bean Does Not Extend Validation Class
...
- CWE.104.AEAF
...
CWE-106
...
Struts: Plug-in Framework not in Use
...
- CWE.106.PLUGIN
...
CWE-109
...
Struts: Validator Turned Off
...
- CWE.109.EV
...
CWE-111
...
Direct Use of Unsafe JNI
...
- CWE.111.NATV
- CWE.111.NATIW
...
CWE-113
...
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
...
- CWE.113.TDRESP
...
CWE-114
...
Process Control
...
- CWE.114.TDLIB
- CWE.114.APIBS
...
CWE-116
...
Improper Encoding or Escaping of Output
...
- CWE-644.TDRESP
- CWE-838.SEO
- CWE-117.TDLOG
...
CWE-117
...
Improper Output Neutralization for Logs
...
- CWE.117.TDLOG
...
CWE-119
...
Improper Restriction of Operations within the Bounds of a Memory Buffer
...
- CWE-125.ARRAY
- CWE-125.ARRAYSEC
- CWE-787.ARRAY
- CWE-787.ARRAYSEC
...
CWE-125
...
Out-of-bounds Read
...
- CWE.125.ARRAY
- CWE.125.ARRAYSEC
...
CWE-128
...
Wrap-around Error
...
- CWE.128.CACO
...
CWE-129
...
Improper Validation of Array Index
...
- CWE.129.ARRAY
- CWE.129.ARRAYSEC
- CWE.129.CAI
...
CWE-131
...
Incorrect Calculation of Buffer Size
...
- CWE.131.ARRAY
...
CWE-134
...
Use of Externally-Controlled Format String
...
- CWE.134.TDINPUT
...
CWE-172
...
Encoding Error
...
- CWE-173.SEO
- CWE-176.NCUCP
...
CWE-173
...
Improper Handling of Alternate Encoding
...
- CWE.173.SEO
...
CWE-176
...
Improper Handling of Unicode Encoding
...
- CWE.176.NCUCP
...
CWE-185
...
Incorrect Regular Expression
...
- CWE.185.REP
...
CWE-188
...
Reliance on Data/Memory Layout
...
- CWE-198.PMRWLED
...
CWE-190
...
Integer Overflow or Wraparound
...
- CWE.190.INTWRAP
- CWE.190.BSA
- CWE.190.CACO
- CWE.190.CLP
- CWE.190.ICO
- CWE.190.IOF
- CWE-680.BSA
...
CWE-191
...
Integer Underflow (Wrap or Wraparound)
...
- CWE.191.INTWRAP
- CWE.191.BSA
...
CWE-193
...
Off-by-one Error
...
- CWE.193.AOBO
...
CWE-197
...
Numeric Truncation Error
...
- CWE.197.INTDL
...
CWE-198
...
Use of Incorrect Byte Ordering
...
- CWE.198.PMRWLED
...
CWE-200
...
Exposure of Sensitive Information to an Unauthorized Actor
...
- CWE-532.SENSLOG
- CWE-532.CONSEN
- CWE-359.CONSEN
- CWE-497.SENS
- CWE-497.PEO
- CWE-213.CONSEN
- CWE-215.EWSSEC
- CWE-209.SENS
- CWE-209.PEO
- CWE-209.SIO
- CWE-209.ACPST
...
CWE-209
...
Generation of Error Message Containing Sensitive Information
...
- CWE.209.SENS
- CWE.209.PEO
- CWE.209.SIO
- CWE.209.ACPST
...
CWE-212
...
Improper Removal of Sensitive Information Before Storage or Transfer
...
- CWE.212.FT
...
CWE-213
...
Exposure of Sensitive Information Due to Incompatible Policies
...
- CWE.213.CONSEN
...
CWE-215
...
Insertion of Sensitive Information Into Debugging Code
...
- CWE.215.EWSSEC
...
CWE-221
...
Information Loss or Omission
...
- CWE-397.NTX
- CWE-397.NTERR
- CWE-396.NCE
...
CWE-223
...
Omission of Security-relevant Information
...
- CWE-778.ENFL
...
CWE-245
...
J2EE Bad Practices: Direct Management of Connections
...
- CWE.245.JDBCTEMPLATE
...
CWE-246
...
J2EE Bad Practices: Direct Use of Sockets
...
- CWE.246.AUS
- CWE.246.NSF
- CWE.246.SS
...
CWE-248
...
Uncaught Exception
...
- CWE-600.CETS
...
CWE-250
...
Execution with Unnecessary Privileges
...
- CWE.250.LDP
- CWE.250.PCL
...
CWE-252
...
Unchecked Return Value
...
- CWE.252.CHECKRET
- CWE.252.CRRV
...
CWE-256
...
Plaintext Storage of a Password
...
- CWE.256.TDPASSWD
- CWE.256.UPWD
- CWE.256.PLAIN
- CWE.256.PCCF
- CWE.256.PTPT
- CWE.256.PWDPROP
- CWE.256.PWDXML
- CWE.256.UTAX
- CWE.256.WCPWD
- CWE.256.WPWD
...
CWE-258
...
Empty Password in Configuration File
...
- CWE.258.PWDPROP
...
CWE-260
...
Password in Configuration File
...
- CWE.260.UTAX
- CWE-555.PWDXML
- CWE-258.PWDPROP
...
CWE-261
...
Weak Encoding for Password
...
- CWE.261.CKTS
...
CWE-266
...
Incorrect Privilege Assignment
...
- CWE-9.DPANY
...
CWE-269
...
Improper Privilege Management
...
- CWE-250.LDP
- CWE-250.PCL
...
CWE-276
...
Incorrect Default Permissions
...
- CWE.276.ASNF
- CWE.276.CFAP
...
CWE-279
...
Incorrect Execution-Assigned Permissions
...
- CWE.279.IDP
...
CWE-284
...
Improper Access Control
...
- CWE-863.DSR
- CWE-863.SRCD
- CWE-862.PERMIT
- CWE-862.LCA
- CWE-749.DPAM
- CWE-749.DPPM
- CWE-749.SPAM
- CWE-346.JXCORS
...
CWE-285
...
Improper Authorization
...
- CWE-863.DSR
- CWE-863.SRCD
- CWE-862.PERMIT
- CWE-862.LCA
...
CWE-287
...
Improper Authentication
...
- CWE-521.MLVP
- CWE-798.HCCS
- CWE-290.HTTPRHA
- CWE-295.HV
- CWE-306.SSM
- CWE-307.PBFA
...
CWE-290
...
Authentication Bypass by Spoofing
...
- CWE.290.HTTPRHA
- CWE-350.DNSL
...
CWE-295
...
Improper Certificate Validation
...
- CWE.295.HV
- CWE-297.VSI
...
CWE-297
...
Improper Validation of Certificate with Host Mismatch
...
- CWE.297.VSI
...
CWE-306
...
Missing Authentication for Critical Function
...
- CWE.306.SSM
...
CWE-307
...
Improper Restriction of Excessive Authentication Attempts
...
- CWE.307.PBFA
...
CWE-311
...
Missing Encryption of Sensitive Data
...
- CWE.311.SENS
- CWE.311.PWDXML
- CWE-312.PWDPROP
- CWE-319.HTTPS
- CWE-319.USC
...
CWE-312
...
Cleartext Storage of Sensitive Information
...
- CWE.312.PWDPROP
- CWE-315.PLC
- CWE-313.PLAIN
...
CWE-313
...
Cleartext Storage in a File or on Disk
...
- CWE.313.PLAIN
...
CWE-315
...
Cleartext Storage of Sensitive Information in a Cookie
...
- CWE.315.PLC
...
CWE-319
...
Cleartext Transmission of Sensitive Information
...
- CWE.319.HTTPS
- CWE.319.USC
- CWE-614.UOSC
- CWE-1428.UHTTPS
...
CWE-321
...
Use of Hard-coded Cryptographic Key
...
- CWE.321.HCCK
...
CWE-325
...
Missing Cryptographic Step
...
- CWE.325.MCMDU
- CWE.325.SIKG
...
CWE-326
...
Inadequate Encryption Strength
...
- CWE-328.AISSAJAVA
- CWE-328.AISSAXML
- CWE-328.AUNC
- CWE-328.ICA
- CWE-328.MDSALT
- CWE-328.SRD
...
CWE-327
...
Use of a Broken or Risky Cryptographic Algorithm
...
- CWE.327.ACMD
- CWE-328.AISSAJAVA
- CWE-328.AISSAXML
- CWE-328.AUNC
- CWE-328.ICA
- CWE-328.MDSALT
- CWE-328.SRD
...
CWE-328
...
Use of Weak Hash
...
- CWE.328.AISSAJAVA
- CWE.328.AISSAXML
- CWE.328.AUNC
- CWE.328.ICA
- CWE.328.MDSALT
- CWE.328.SRD
...
CWE-329
...
Generation of Predictable IV with CBC Mode
...
- CWE.329.ENPP
- CWE.329.IVR
...
CWE-330
...
Use of Insufficiently Random Values
...
- CWE-338.SRD
...
CWE-334
...
Small Space of Random Values
...
- CWE-6.SLID
...
CWE-335
...
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
...
- CWE-337.ENPP
- CWE-336.ENPP
...
CWE-336
...
Same Seed in Pseudo-Random Number Generator (PRNG)
...
- CWE.336.ENPP
...
CWE-337
...
Predictable Seed in Pseudo-Random Number Generator (PRNG)
...
- CWE.337.ENPP
...
CWE-338
...
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
...
- CWE.338.SRD
...
CWE-344
...
Use of Invariant Value in Dynamically Changing Context
...
- CWE-798.HCCS
...
CWE-345
...
Insufficient Verification of Data Authenticity
...
- CWE-352.EACM
- CWE-352.TDRESP
- CWE-352.TDXSS
- CWE-352.VPPD
- CWE-352.UOSC
- CWE-352.DCSRFJAVA
- CWE-352.DCSRFXML
- CWE-352.REQMAP
- CWE-346.JXCORS
- CWE-347.VJFS
...
CWE-346
...
Origin Validation Error
...
- CWE.346.JXCORS
- CWE-1385.WS
...
CWE-347
...
Improper Verification of Cryptographic Signature
...
- CWE.347.VJFS
...
CWE-350
...
Reliance on Reverse DNS Resolution for a Security-Critical Action
...
- CWE.350.DNSL
...
CWE-352
...
Cross-Site Request Forgery (CSRF)
...
- CWE.352.EACM
- CWE.352.TDRESP
- CWE.352.TDXSS
- CWE.352.VPPD
- CWE.352.UOSC
- CWE.352.DCSRFJAVA
- CWE.352.DCSRFXML
- CWE.352.REQMAP
...
CWE-359
...
Exposure of Private Personal Information to an Unauthorized Actor
...
- CWE.359.CONSEN
...
CWE-362
...
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
...
- CWE.362.DCL
- CWE-367.TOCTOU
...
CWE-367
...
Time-of-check Time-of-use (TOCTOU) Race Condition
...
- CWE.367.TOCTOU
...
CWE-369
...
Divide By Zero
...
- CWE.369.ZERO
...
CWE-375
...
Returning a Mutable Object to an Untrusted Caller
...
- CWE.375.RA
...
CWE-377
...
Insecure Temporary File
...
- CWE.377.ATF
...
CWE-382
...
J2EE Bad Practices: Use of System.exit()
...
- CWE.382.EXIT
- CWE.382.JVM
...
CWE-383
...
J2EE Bad Practices: Direct Use of Threads
...
- CWE.383.THR
...
CWE-384
...
Session Fixation
...
- CWE.384.ISL
...
CWE-390
...
Detection of Error Condition Without Action
...
- CWE.390.LGE
...
CWE-391
...
Unchecked Error Condition
...
- CWE.391.AECB
...
CWE-395
...
Use of NullPointerException Catch to Detect NULL Pointer Dereference
...
- CWE.395.NCNPE
...
CWE-396
...
Declaration of Catch for Generic Exception
...
- CWE.396.NCE
...
CWE-397
...
Declaration of Throws for Generic Exception
...
- CWE.397.NTX
- CWE.397.NTERR
...
CWE-400
...
Uncontrolled Resource Consumption
...
- CWE.400.DMDS
- CWE-771.LEAKS
- CWE-770.ISTART
...
CWE-404
...
Improper Resource Shutdown or Release
...
- CWE.404.COCO
- CWE.404.ODBIL
- CWE.404.CRWD
- CWE-772.LEAKS
- CWE-772.CLOSE
- CWE-459.LEAKS
...
CWE-413
...
Improper Resource Locking
...
- CWE.413.LORD
...
CWE-416
...
Use After Free
...
- CWE.416.FREE
...
CWE-426
...
Untrusted Search Path
...
- CWE.426.PBRTE
...
CWE-427
...
Uncontrolled Search Path Element
...
- CWE.427.PBRTE
...
CWE-434
...
Unrestricted Upload of File with Dangerous Type
...
- CWE.434.TDFNAMES
...
CWE-436
...
Interpretation Conflict
...
- CWE-113.TDRESP
...
CWE-441
...
Unintended Proxy or Intermediary ('Confused Deputy')
...
- CWE-918.TDNET
...
CWE-456
...
Missing Initialization of a Variable
...
- CWE.456.LV
...
CWE-457
...
Use of Uninitialized Variable
...
- CWE.457.NP
- CWE.457.NOTEXPLINIT
- CWE.457.NOTINITCTOR
- CWE.457.UIRC
...
CWE-459
...
Incomplete Cleanup
...
- CWE.459.LEAKS
- CWE-568.FCF
...
CWE-470
...
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
...
- CWE.470.TDRFL
- CWE.470.APIBS
...
CWE-471
...
Modification of Assumed-Immutable Data (MAID)
...
- CWE-607.IMM
- CWE-607.RMO
...
CWE-476
...
NULL Pointer Dereference
...
- CWE.476.NP
...
CWE-477
...
Use of Obsolete Function
...
- CWE.477.DPRAPI
...
CWE-478
...
Missing Default Case in Multiple Condition Expression
...
- CWE.478.PDS
...
CWE-480
...
Use of Incorrect Operator
...
- CWE-481.ASI
...
CWE-481
...
Assigning instead of Comparing
...
- CWE.481.ASI
...
CWE-483
...
Incorrect Block Delimitation
...
- CWE.483.BLK
- CWE.483.EBI
- CWE.483.EB
...
CWE-484
...
Omitted Break Statement in Switch
...
- CWE.484.SBC
- CWE.484.DAV
...
CWE-486
...
Comparison of Classes by Name
...
- CWE.486.AUG
- CWE.486.CMP
...
CWE-487
...
Reliance on Package-level Scope
...
- CWE.487.AF
...
CWE-491
...
Public cloneable() Method Without Final ('Object Hijack')
...
- CWE.491.CLONE
...
CWE-492
...
Use of Inner Class Containing Sensitive Data
...
- CWE.492.INNER
...
CWE-493
...
Critical Public Variable Without Final Modifier
...
- CWE-500.SPFF
...
CWE-495
...
Private Data Structure Returned From A Public Method
...
- CWE.495.RA
...
CWE-496
...
Public Data Assigned to Private Array-Typed Field
...
- CWE.496.CAP
...
CWE-497
...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
...
- CWE.497.SENS
- CWE.497.PEO
...
CWE-499
...
Serializable Class Containing Sensitive Data
...
- CWE.499.SIF
- CWE.499.SER
...
CWE-500
...
Public Static Field Not Marked Final
...
- CWE.500.SPFF
...
CWE-501
...
Trust Boundary Violation
...
- CWE.501.TDSESSION
...
CWE-502
...
Deserialization of Untrusted Data
...
- CWE.502.SSSD
- CWE.502.MASP
- CWE.502.AUXD
- CWE.502.SC
- CWE.502.RWAF
- CWE.502.VOBD
...
CWE-506
...
Embedded Malicious Code
...
- CWE.506.HCCK
- CWE-511.RDM
...
CWE-511
...
Logic/Time Bomb
...
- CWE.511.RDM
...
CWE-521
...
Weak Password Requirements
...
- CWE.521.MLVP
- CWE-258.PWDPROP
...
CWE-522
...
Insufficiently Protected Credentials
...
- CWE-523.USC
- CWE-261.CKTS
- CWE-260.UTAX
- CWE-256.TDPASSWD
- CWE-256.UPWD
- CWE-256.PLAIN
- CWE-256.PCCF
- CWE-256.PTPT
- CWE-256.PWDPROP
- CWE-256.PWDXML
- CWE-256.UTAX
- CWE-256.WCPWD
- CWE-256.WPWD
...
CWE-523
...
Unprotected Transport of Credentials
...
- CWE.523.USC
...
CWE-532
...
Insertion of Sensitive Information into Log File
...
- CWE.532.SENSLOG
- CWE.532.CONSEN
...
CWE-538
...
Insertion of Sensitive Information into Externally-Accessible File or Directory
...
- CWE-532.SENSLOG
- CWE-532.CONSEN
...
CWE-543
...
Use of Singleton Pattern Without Synchronization in a Multithreaded Context
...
- CWE.543.IASF
- CWE.543.ILI
...
CWE-546
...
Suspicious Comment
...
- CWE.546.TODOJAVA
- CWE.546.TODOPROP
- CWE.546.TODOXML
...
CWE-555
...
J2EE Misconfiguration: Plaintext Password in Configuration File
...
- CWE.555.PWDXML
...
CWE-561
...
Dead Code
...
- CWE.561.CC
- CWE.561.SWITCH
- CWE.561.PM
...
CWE-563
...
Assignment to Variable without Use
...
- CWE.563.VOVR
- CWE.563.UPPF
- CWE.563.AURV
- CWE.563.PF
- CWE.563.UP
...
CWE-568
...
finalize() Method Without super.finalize()
...
- CWE.568.FCF
...
CWE-570
...
Expression is Always False
...
- CWE.570.CC
- CWE.570.UCIF
...
CWE-571
...
Expression is Always True
...
- CWE.571.CC
- CWE.571.UCIF
...
CWE-572
...
Call to Thread run() instead of start()
...
- CWE.572.IRUN
...
CWE-573
...
Improper Following of Specification by Caller
...
- CWE-581.OVERRIDE
- CWE-104.AEAF
- CWE-103.CSVFV
- CWE-577.AUS
- CWE-580.SCLONE
- CWE-325.MCMDU
- CWE-325.SIKG
- CWE-568.FCF
- CWE-579.ONS
- CWE-579.SNSO
- CWE-578.ACL
- CWE-329.ENPP
- CWE-329.IVR
...
CWE-576
...
EJB Bad Practices: Use of Java I/O
...
- CWE.576.JIO
...
CWE-577
...
EJB Bad Practices: Use of Sockets
...
- CWE.577.AUS
...
CWE-578
...
EJB Bad Practices: Use of Class Loader
...
- CWE.578.ACL
...
CWE-579
...
J2EE Bad Practices: Non-serializable Object Stored in Session
...
- CWE.579.ONS
- CWE.579.SNSO
...
CWE-580
...
clone() Method Without super.clone()
...
- CWE.580.SCLONE
...
CWE-581
...
Object Model Violation: Just One of Equals and Hashcode Defined
...
- CWE.581.OVERRIDE
...
CWE-582
...
Array Declared Public, Final, and Static
...
- CWE.582.IMM
- CWE.582.PSFA
...
CWE-583
...
finalize() Method Declared Public
...
- CWE.583.MFP
...
CWE-584
...
Return Inside Finally Block
...
- CWE.584.ARCF
...
CWE-585
...
Empty Synchronized Block
...
- CWE.585.SNE
...
CWE-586
...
Explicit Call to Finalize()
...
- CWE.586.NCF
...
CWE-594
...
J2EE Framework: Saving Unserializable Objects to Disk
...
- CWE.594.SIVS
...
CWE-595
...
Comparison of Object References Instead of Object Contents
...
- CWE.595.UEIC
...
CWE-600
...
Uncaught Exception in Servlet
...
- CWE.600.CETS
...
CWE-601
...
URL Redirection to Untrusted Site ('Open Redirect')
...
- CWE.601.TDNET
- CWE.601.TDRESP
- CWE.601.VRD
- CWE.601.UCO
...
CWE-605
...
Multiple Binds to the Same Port
...
- CWE.605.HCNA
...
CWE-607
...
Public Static Final Field References Mutable Object
...
- CWE.607.IMM
- CWE.607.RMO
...
CWE-609
...
Double-Checked Locking
...
- CWE.609.DCL
...
CWE-610
...
Externally Controlled Reference to a Resource in Another Sphere
...
- CWE-601.TDNET
- CWE-601.TDRESP
- CWE-601.VRD
- CWE-601.UCO
- CWE-470.TDRFL
- CWE-470.APIBS
- CWE-918.TDNET
- CWE-15.SYSP
- CWE-15.UCO
- CWE-384.ISL
- CWE-611.XMLVAL
- CWE-611.DXXE
...
CWE-611
...
Improper Restriction of XML External Entity Reference
...
- CWE.611.XMLVAL
- CWE.611.DXXE
...
CWE-613
...
Insufficient Session Expiration
...
- CWE.613.RUIM
- CWE.613.STTL
...
CWE-614
...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
...
- CWE.614.UOSC
...
CWE-617
...
Reachable Assertion
...
- CWE.617.ASSERT
...
CWE-642
...
External Control of Critical State Data
...
- CWE-15.SYSP
- CWE-15.UCO
- CWE-426.PBRTE
...
CWE-643
...
Improper Neutralization of Data within XPath Expressions ('XPath Injection')
...
- CWE.643.TDJXPATH
- CWE.643.TDXPATH
...
CWE-644
...
Improper Neutralization of HTTP Headers for Scripting Syntax
...
- CWE.644.TDRESP
...
CWE-652
...
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
...
- CWE.652.TDXPATH
- CWE.652.XPIJ
...
CWE-657
...
Violation of Secure Design Principles
...
- CWE-250.LDP
- CWE-250.PCL
...
CWE-662
...
Improper Synchronization
...
- CWE.662.DIFCS
- CWE-543.IASF
- CWE-543.ILI
- CWE-833.ORDER
- CWE-833.TSHL
- CWE-833.CSFS
- CWE-833.RLF
- CWE-833.STR
- CWE-833.UWNA
- CWE-764.DLOCK
- CWE-667.LOCK
- CWE-667.CLOSE
...
CWE-664
...
Improper Control of a Resource Through its Lifetime
...
- CWE-487.AF
- CWE-580.SCLONE
- CWE-662.DIFCS
- CWE-704.AGBPT
- CWE-704.CPTS
- CWE-495.RA
- CWE-496.CAP
- CWE-400.DMDS
- CWE-404.COCO
- CWE-404.ODBIL
- CWE-404.CRWD
- CWE-501.TDSESSION
...
CWE-665
...
Improper Initialization
...
- CWE-456.LV
- CWE-770.ISTART
- CWE-457.NP
- CWE-457.NOTEXPLINIT
- CWE-457.NOTINITCTOR
- CWE-457.UIRC
...
CWE-666
...
Operation on Resource in Wrong Phase of Lifetime
...
- CWE-605.HCNA
...
CWE-667
...
Improper Locking
...
- CWE.667.LOCK
- CWE.667.CLOSE
- CWE-413.LORD
- CWE-832.LORD
- CWE-833.ORDER
- CWE-833.TSHL
- CWE-833.CSFS
- CWE-833.RLF
- CWE-833.STR
- CWE-833.UWNA
- CWE-609.DCL
- CWE-764.DLOCK
...
CWE-668
...
Exposure of Resource to Wrong Sphere
...
- CWE-375.RA
- CWE-377.ATF
- CWE-499.SIF
- CWE-499.SER
- CWE-134.TDINPUT
- CWE-491.CLONE
- CWE-492.INNER
- CWE-427.PBRTE
- CWE-426.PBRTE
- CWE-8.RR
- CWE-582.IMM
- CWE-582.PSFA
- CWE-583.MFP
...
CWE-669
...
Incorrect Resource Transfer Between Spheres
...
- CWE-829.TDFILES
- CWE-829.TDFNAMES
- CWE-829.TDLIB
- CWE-829.TDXPATH
- CWE-434.TDFNAMES
- CWE-212.FT
...
CWE-670
...
Always-Incorrect Control Flow Implementation
...
- CWE-483.BLK
- CWE-483.EBI
- CWE-483.EB
- CWE-484.SBC
- CWE-484.DAV
- CWE-617.ASSERT
...
CWE-671
...
Lack of Administrator Control over Security
...
- CWE-798.HCCS
...
CWE-672
...
Operation on a Resource after Expiration or Release
...
- CWE-416.FREE
- CWE-613.RUIM
- CWE-613.STTL
...
CWE-673
...
External Influence of Sphere Definition
...
- CWE-426.PBRTE
...
CWE-674
...
Uncontrolled Recursion
...
- CWE.674.FLRC
...
CWE-675
...
Multiple Operations on Resource in Single-Operation Context
...
- CWE-764.DLOCK
- CWE-605.HCNA
...
CWE-676
...
Use of Potentially Dangerous Function
...
- CWE.676.SRD
...
CWE-680
...
Integer Overflow to Buffer Overflow
...
- CWE.680.BSA
...
CWE-681
...
Incorrect Conversion between Numeric Types
...
- CWE.681.INTVC
- CWE.681.CLP
- CWE.681.IDCD
- CWE-197.INTDL
...
CWE-682
...
Incorrect Calculation
...
- CWE-369.ZERO
- CWE-131.ARRAY
- CWE-128.CACO
- CWE-191.INTWRAP
- CWE-191.BSA
- CWE-190.INTWRAP
- CWE-190.BSA
- CWE-190.CACO
- CWE-190.CLP
- CWE-190.ICO
- CWE-190.IOF
- CWE-193.AOBO
...
CWE-691
...
Insufficient Control Flow Management
...
- CWE.691.ANL
- CWE-362.DCL
- CWE-841.PERMIT
- CWE-662.DIFCS
...
CWE-693
...
Protection Mechanism Failure
...
- CWE-807.PLC
- CWE-807.HGRSI
- CWE-807.UOSC
- CWE-311.SENS
- CWE-311.PWDXML
- CWE-327.ACMD
...
CWE-694
...
Use of Multiple Resources with Duplicate Identifier
...
- CWE-102.DFV
...
CWE-695
...
Use of Low-Level Functionality
...
- CWE-111.NATV
- CWE-111.NATIW
- CWE-245.JDBCTEMPLATE
- CWE-383.THR
- CWE-246.AUS
- CWE-246.NSF
- CWE-246.SS
- CWE-576.JIO
...
CWE-697
...
Incorrect Comparison
...
- CWE-185.REP
- CWE-581.OVERRIDE
- CWE-1077.DCF
...
CWE-703
...
Improper Check or Handling of Exceptional Conditions
...
- CWE-397.NTX
- CWE-397.NTERR
- CWE-391.AECB
- CWE-755.CIET
...
CWE-704
...
Incorrect Type Conversion or Cast
...
- CWE.704.AGBPT
- CWE.704.CPTS
- CWE-681.INTVC
- CWE-681.CLP
- CWE-681.IDCD
- CWE-843.EQUS
...
CWE-705
...
Incorrect Control Flow Scoping
...
- CWE-397.NTX
- CWE-397.NTERR
- CWE-396.NCE
- CWE-395.NCNPE
- CWE-382.EXIT
- CWE-382.JVM
- CWE-584.ARCF
...
CWE-706
...
Use of Incorrectly-Resolved Name or Reference
...
- CWE-22.TDFNAMES
...
CWE-710
...
Improper Adherence to Coding Standards
...
- CWE-484.SBC
- CWE-484.DAV
- CWE-476.NP
- CWE-477.DPRAPI
- CWE-571.CC
- CWE-571.UCIF
- CWE-570.CC
- CWE-570.UCIF
- CWE-1066.OROM
- CWE-1126.DVCU
...
CWE-732
...
Incorrect Permission Assignment for Critical Resource
...
- CWE-276.ASNF
- CWE-276.CFAP
- CWE-1004.SCHTTP
- CWE-279.IDP
...
CWE-749
...
Exposed Dangerous Method or Function
...
- CWE.749.DPAM
- CWE.749.DPPM
- CWE.749.SPAM
...
CWE-754
...
Improper Check for Unusual or Exceptional Conditions
...
- CWE-476.NP
- CWE-391.AECB
- CWE-252.CHECKRET
- CWE-252.CRRV
...
CWE-755
...
Improper Handling of Exceptional Conditions
...
- CWE.755.CIET
- CWE-396.NCE
- CWE-395.NCNPE
- CWE-390.LGE
- CWE-209.SENS
- CWE-209.PEO
- CWE-209.SIO
- CWE-209.ACPST
...
CWE-756
...
Missing Custom Error Page
...
- CWE-7.SEP
...
CWE-758
...
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
...
- CWE-1102.DNHCP
- CWE-1102.LNSP
- CWE-1102.PEER
...
CWE-759
...
Use of a One-Way Hash without a Salt
...
- CWE.759.MDSALT
...
CWE-764
...
Multiple Locks of a Critical Resource
...
- CWE.764.DLOCK
...
CWE-770
...
Allocation of Resources Without Limits or Throttling
...
- CWE.770.ISTART
- CWE-789.TDALLOC
...
CWE-771
...
Missing Reference to Active Allocated Resource
...
- CWE.771.LEAKS
...
CWE-772
...
Missing Release of Resource after Effective Lifetime
...
- CWE.772.LEAKS
- CWE.772.CLOSE
...
CWE-778
...
Insufficient Logging
...
- CWE.778.ENFL
...
CWE-787
...
Out-of-bounds Write
...
- CWE.787.ARRAY
- CWE.787.ARRAYSEC
...
CWE-789
...
Memory Allocation with Excessive Size Value
...
- CWE.789.TDALLOC
...
CWE-798
...
Use of Hard-coded Credentials
...
- CWE.798.HCCS
- CWE-321.HCCK
...
CWE-799
...
Improper Control of Interaction Frequency
...
- CWE-307.PBFA
...
CWE-805
...
Buffer Access with Incorrect Length Value
...
- CWE-806.BUSSB
...
CWE-806
...
Buffer Access Using Size of Source Buffer
...
- CWE.806.BUSSB
...
CWE-807
...
Reliance on Untrusted Inputs in a Security Decision
...
- CWE.807.PLC
- CWE.807.HGRSI
- CWE.807.UOSC
- CWE-350.DNSL
...
CWE-820
...
Missing Synchronization
...
- CWE-543.IASF
- CWE-543.ILI
...
CWE-821
...
Incorrect Synchronization
...
- CWE-572.IRUN
...
CWE-825
...
Expired Pointer Dereference
...
- CWE-416.FREE
...
CWE-829
...
Inclusion of Functionality from Untrusted Control Sphere
...
- CWE.829.TDFILES
- CWE.829.TDFNAMES
- CWE.829.TDLIB
- CWE.829.TDXPATH
...
CWE-832
...
Unlock of a Resource that is not Locked
...
- CWE.832.LORD
...
CWE-833
...
Deadlock
...
- CWE.833.ORDER
- CWE.833.TSHL
- CWE.833.CSFS
- CWE.833.RLF
- CWE.833.STR
- CWE.833.UWNA
...
CWE-834
...
Excessive Iteration
...
- CWE-674.FLRC
- CWE-835.PCIF
- CWE-835.AIL
...
CWE-835
...
Loop with Unreachable Exit Condition ('Infinite Loop')
...
- CWE.835.PCIF
- CWE.835.AIL
...
CWE-836
...
Use of Password Hash Instead of Password for Authentication
...
- CWE.836.PLAIN
...
CWE-838
...
Inappropriate Encoding for Output Context
...
- CWE.838.SEO
...
CWE-841
...
Improper Enforcement of Behavioral Workflow
...
- CWE.841.PERMIT
...
CWE-843
...
Access of Resource Using Incompatible Type ('Type Confusion')
...
- CWE.843.EQUS
...
CWE-862
...
Missing Authorization
...
- CWE.862.PERMIT
- CWE.862.LCA
...
CWE-863
...
Incorrect Authorization
...
- CWE.863.DSR
- CWE.863.SRCD
...
CWE-908
...
Use of Uninitialized Resource
...
- CWE-457.NP
- CWE-457.NOTEXPLINIT
- CWE-457.NOTINITCTOR
- CWE-457.UIRC
...
CWE-909
...
Missing Initialization of Resource
...
- CWE-456.LV
...
CWE-912
...
Hidden Functionality
...
- CWE-506.HCCK
...
CWE-913
...
Improper Control of Dynamically-Managed Code Resources
...
- CWE-470.TDRFL
- CWE-470.APIBS
- CWE-502.SSSD
- CWE-502.MASP
- CWE-502.AUXD
- CWE-502.SC
- CWE-502.RWAF
- CWE-502.VOBD
- CWE-94.DCEMSL
- CWE-94.ASAPI
...
CWE-916
...
Use of Password Hash With Insufficient Computational Effort
...
- CWE-759.MDSALT
...
CWE-918
...
Server-Side Request Forgery (SSRF)
...
- CWE.918.TDNET
...
CWE-922
...
Insecure Storage of Sensitive Information
...
- CWE-312.PWDPROP
...
CWE-923
...
Improper Restriction of Communication Channel to Intended Endpoints
...
- CWE-297.VSI
...
CWE-943
...
Improper Neutralization of Special Elements in Data Query Logic
...
- CWE-652.TDXPATH
- CWE-652.XPIJ
- CWE-90.TDLDAP
- CWE-643.TDJXPATH
- CWE-643.TDXPATH
- CWE-89.TDSQL
- CWE-89.UPS
...
CWE-1004
...
Sensitive Cookie Without 'HttpOnly' Flag
...
- CWE.1004.SCHTTP
...
CWE-1023
...
Incomplete Comparison with Missing Factors
...
- CWE-478.PDS
...
CWE-1025
...
Comparison Using Wrong Factors
...
- CWE-595.UEIC
- CWE-486.AUG
- CWE-486.CMP
...
CWE-1046
...
Creation of Immutable Text Using String Concatenation
...
- CWE.1046.USB
...
CWE-1051
...
Initialization with Hard-Coded Network Resource Configuration Data
...
- CWE.1051.HCNA
...
CWE-1066
...
Missing Serialization Control Element
...
- CWE.1066.OROM
...
CWE-1069
...
Empty Exception Block
...
- CWE.1069.AECB
...
CWE-1071
...
Empty Code Block
...
- CWE-1069.AECB
- CWE-585.SNE
...
CWE-1075
...
Unconditional Control Flow Transfer outside of Switch Block
...
- CWE.1075.ABCL
...
CWE-1076
...
Insufficient Adherence to Expected Conventions
...
- CWE-594.SIVS
- CWE-586.NCF
...
CWE-1077
...
Floating Point Comparison with Incorrect Operator
...
- CWE.1077.DCF
...
CWE-1078
...
Inappropriate Source Code Style or Formatting
...
- CWE-546.TODOJAVA
- CWE-546.TODOPROP
- CWE-546.TODOXML
- CWE-1115.MCH
- CWE-1106.USN
...
CWE-1102
...
Reliance on Machine-Dependent Data Representation
...
- CWE.1102.DNHCP
- CWE.1102.LNSP
- CWE.1102.PEER
...
CWE-1106
...
Insufficient Use of Symbolic Constants
...
- CWE.1106.USN
...
CWE-1115
...
Source Code Element without Standard Prologue
...
- CWE.1115.MCH
...
CWE-1120
...
Excessive Code Complexity
...
- CWE-1075.ABCL
...
CWE-1126
...
Declaration of Variable with Unnecessarily Wide Scope
...
- CWE.1126.DVCU
...
CWE-1164
...
Irrelevant Code
...
- CWE-561.CC
- CWE-561.SWITCH
- CWE-561.PM
- CWE-563.VOVR
- CWE-563.UPPF
- CWE-563.AURV
- CWE-563.PF
- CWE-563.UP
...
CWE-1173
...
Improper Use of Validation Framework
...
- CWE-109.EV
- CWE-106.PLUGIN
- CWE-102.DFV
...
CWE-1176
...
Inefficient CPU Computation
...
- CWE-1046.USB
...
CWE-1177
...
Use of Prohibited Code
...
- CWE-676.SRD
...
CWE-1204
...
Generation of Weak Initialization Vector (IV)
...
- CWE-329.ENPP
- CWE-329.IVR
...
CWE-1285
...
Improper Validation of Specified Index, Position, or Offset in Input
...
- CWE-129.ARRAY
- CWE-129.ARRAYSEC
- CWE-129.CAI
...
CWE-1385
...
Missing Origin Validation in WebSockets
...
- CWE.1385.WS
...
CWE-1390
...
Weak Authentication
...
- CWE-290.HTTPRHA
- CWE-836.PLAIN
- CWE-307.PBFA
...
CWE-1391
...
Use of Weak Credentials
...
- CWE-798.HCCS
- CWE-521.MLVP
...
CWE-1419
...
Incorrect Initialization of Resource
...
- CWE-1051.HCNA
...
CWE-1428
...
Reliance on HTTP instead of HTTPS
...