CWE Number
|
Name
|
Number Of Related Vulnerabilities
|
645 |
Overly Restrictive Account Lockout Mechanism |
|
646 |
Reliance on File Name or Extension of Externally-Supplied File |
|
647 |
Use of Non-Canonical URL Paths for Authorization Decisions |
|
65 |
Windows Hard Link |
|
650 |
Trusting HTTP Permission Methods on the Server Side |
|
651 |
Information Leak through WSDL File |
|
652 |
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') |
|
654 |
Reliance on a Single Factor in a Security Decision |
|
655 |
Insufficient Psychological Acceptability |
|
656 |
Reliance on Security through Obscurity |
|
66 |
Improper Handling of File Names that Identify Virtual Resources |
|
663 |
Use of a Non-reentrant Function in an Unsynchronized Context |
|
666 |
Operation on Resource in Wrong Phase of Lifetime |
|
67 |
Improper Handling of Windows Device Names |
|
673 |
External Influence of Sphere Definition |
|
675 |
Duplicate Operations on Resource |
|
676 |
Use of Potentially Dangerous Function |
|
683 |
Function Call With Incorrect Order of Arguments |
|
685 |
Function Call With Incorrect Number of Arguments |
|
686 |
Function Call With Incorrect Argument Type |
|
687 |
Function Call With Incorrectly Specified Argument Value |
|
69 |
Failure to Handle Windows ::DATA Alternate Data Stream |
|
691 |
Insufficient Control Flow Management |
|
694 |
Use of Multiple Resources with Duplicate Identifier |
|
695 |
Use of Low-Level Functionality |
|
696 |
Incorrect Behavior Order |
|
698 |
Redirect Without Exit |
|
7 |
J2EE Misconfiguration: Missing Custom Error Page |
|
705 |
Incorrect Control Flow Scoping |
|
71 |
Apple '.DS_Store' |
|
72 |
Improper Handling of Apple HFS+ Alternate Data Stream Path |
|
733 |
Compiler Optimization Removal or Modification of Security-critical Code |
|
758 |
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior |
|
761 |
Free of Pointer not at Start of Buffer |
|
762 |
Mismatched Memory Management Routines |
|
764 |
Multiple Locks of a Critical Resource |
|
765 |
Multiple Unlocks of a Critical Resource |
|
766 |
Critical Variable Declared Public |
|
767 |
Access to Critical Private Variable via Public Method |
|
768 |
Incorrect Short Circuit Evaluation |
|
771 |
Missing Reference to Active Allocated Resource |
|
773 |
Missing Reference to Active File Descriptor or Handle |
|
777 |
Regular Expression without Anchors |
|
780 |
Use of RSA Algorithm without OAEP |
|
781 |
Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code |
|
782 |
Exposed IOCTL with Insufficient Access Control |
|
783 |
Operator Precedence Logic Error |
|
784 |
Reliance on Cookies without Validation and Integrity Checking in a Security Decision |
|
785 |
Use of Path Manipulation Function without Maximum-sized Buffer |
|
791 |
Incomplete Filtering of Special Elements |
|