20 |
Improper Input Validation |
|
Major |
Observed_Examples |
|
Minor |
None |
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
Major |
Common_Consequences, Description, Diagram, Observed_Examples, Other_Notes, References |
|
Minor |
None |
23 |
Relative Path Traversal |
|
Major |
Observed_Examples, References |
|
Minor |
None |
36 |
Absolute Path Traversal |
|
Major |
References |
|
Minor |
None |
62 |
UNIX Hard Link |
|
Major |
Observed_Examples |
|
Minor |
None |
74 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
|
Major |
Observed_Examples |
|
Minor |
None |
77 |
Improper Neutralization of Special Elements used in a Command ('Command Injection') |
|
Major |
Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Diagram, Mapping_Notes, Modes_of_Introduction, Observed_Examples, Other_Notes, Terminology_Notes |
|
Minor |
None |
78 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
|
Major |
Alternate_Terms, Common_Consequences, Demonstrative_Examples, Description, Diagram, References |
|
Minor |
None |
88 |
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
|
Major |
Observed_Examples |
|
Minor |
None |
89 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
|
Major |
Alternate_Terms, Common_Consequences, Description, Diagram, References |
|
Minor |
None |
94 |
Improper Control of Generation of Code ('Code Injection') |
|
Major |
Applicable_Platforms, Observed_Examples |
|
Minor |
None |
95 |
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
|
Major |
Applicable_Platforms, Observed_Examples |
|
Minor |
None |
116 |
Improper Encoding or Escaping of Output |
|
Major |
Applicable_Platforms |
|
Minor |
None |
119 |
Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
Major |
Alternate_Terms, Background_Details, Common_Consequences, Description, Diagram |
|
Minor |
None |
125 |
Out-of-bounds Read |
|
Major |
Alternate_Terms, Common_Consequences, Description, Diagram, Weakness_Ordinalities |
|
Minor |
None |
135 |
Incorrect Calculation of Multi-Byte String Length |
|
Major |
Common_Consequences |
|
Minor |
None |
184 |
Incomplete List of Disallowed Inputs |
|
Major |
Observed_Examples |
|
Minor |
None |
190 |
Integer Overflow or Wraparound |
|
Major |
Alternate_Terms, Common_Consequences, Description, Diagram, Mapping_Notes, Modes_of_Introduction, Other_Notes, References, Relationship_Notes, Terminology_Notes |
|
Minor |
None |
226 |
Sensitive Information in Resource Not Removed Before Reuse |
|
Major |
None |
|
Minor |
References |
269 |
Improper Privilege Management |
|
Major |
Diagram |
|
Minor |
None |
287 |
Improper Authentication |
|
Major |
Diagram |
|
Minor |
None |
300 |
Channel Accessible by Non-Endpoint |
|
Major |
Alternate_Terms |
|
Minor |
None |
306 |
Missing Authentication for Critical Function |
|
Major |
Common_Consequences, Description, Diagram, Modes_of_Introduction, Potential_Mitigations, Time_of_Introduction |
|
Minor |
None |
340 |
Generation of Predictable Numbers or Identifiers |
|
Major |
Relationships |
|
Minor |
None |
362 |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
|
Major |
Relationships |
|
Minor |
None |
384 |
Session Fixation |
|
Major |
Relationships |
|
Minor |
None |
385 |
Covert Timing Channel |
|
Major |
References |
|
Minor |
None |
416 |
Use After Free |
|
Major |
Alternate_Terms, Common_Consequences, Description, Diagram, Potential_Mitigations, Relationships, Weakness_Ordinalities |
|
Minor |
None |
426 |
Untrusted Search Path |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
434 |
Unrestricted Upload of File with Dangerous Type |
|
Major |
Common_Consequences, Description, Diagram, Weakness_Ordinalities |
|
Minor |
None |
476 |
NULL Pointer Dereference |
|
Major |
Alternate_Terms, Demonstrative_Examples, Description, Diagram, Potential_Mitigations, Relationships, Weakness_Ordinalities |
|
Minor |
None |
506 |
Embedded Malicious Code |
|
Major |
References |
|
Minor |
None |
507 |
Trojan Horse |
|
Major |
References |
|
Minor |
None |
508 |
Non-Replicating Malicious Code |
|
Major |
References |
|
Minor |
None |
509 |
Replicating Malicious Code (Virus or Worm) |
|
Major |
References |
|
Minor |
None |
510 |
Trapdoor |
|
Major |
References |
|
Minor |
None |
511 |
Logic/Time Bomb |
|
Major |
References |
|
Minor |
None |
514 |
Covert Channel |
|
Major |
References |
|
Minor |
None |
515 |
Covert Storage Channel |
|
Major |
References |
|
Minor |
None |
707 |
Improper Neutralization |
|
Major |
Relationships |
|
Minor |
None |
754 |
Improper Check for Unusual or Exceptional Conditions |
|
Major |
Relationships |
|
Minor |
None |
786 |
Access of Memory Location Before Start of Buffer |
|
Major |
Common_Consequences |
|
Minor |
None |
787 |
Out-of-bounds Write |
|
Major |
Alternate_Terms, Common_Consequences, Description, Diagram, Weakness_Ordinalities |
|
Minor |
Potential_Mitigations |
788 |
Access of Memory Location After End of Buffer |
|
Major |
Common_Consequences |
|
Minor |
None |
798 |
Use of Hard-coded Credentials |
|
Major |
Common_Consequences, Description, Diagram |
|
Minor |
None |
805 |
Buffer Access with Incorrect Length Value |
|
Major |
None |
|
Minor |
Potential_Mitigations |
806 |
Buffer Access Using Size of Source Buffer |
|
Major |
None |
|
Minor |
Potential_Mitigations |
824 |
Access of Uninitialized Pointer |
|
Major |
Observed_Examples |
|
Minor |
None |
915 |
Improperly Controlled Modification of Dynamically-Determined Object Attributes |
|
Major |
Observed_Examples |
|
Minor |
None |
1039 |
Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations |
|
Major |
Applicable_Platforms |
|
Minor |
None |
1209 |
Failure to Disable Reserved Bits |
|
Major |
None |
|
Minor |
Common_Consequences |
1221 |
Incorrect Register Defaults or Module Parameters |
|
Major |
Demonstrative_Examples, References |
|
Minor |
None |
1232 |
Improper Lock Behavior After Power State Transition |
|
Major |
Demonstrative_Examples, References |
|
Minor |
None |
1255 |
Comparison Logic is Vulnerable to Power Side-Channel Attacks |
|
Major |
None |
|
Minor |
Common_Consequences |
1258 |
Exposure of Sensitive System Information Due to Uncleared Debug Information |
|
Major |
Demonstrative_Examples, References |
|
Minor |
None |
1287 |
Improper Validation of Specified Type of Input |
|
Major |
Observed_Examples |
|
Minor |
None |
1336 |
Improper Neutralization of Special Elements Used in a Template Engine |
|
Major |
Applicable_Platforms, Observed_Examples |
|
Minor |
None |
1393 |
Use of Default Password |
|
Major |
References |
|
Minor |
None |
1409 |
Comprehensive Categorization: Injection |
|
Major |
Relationships |
|
Minor |
None |
1419 |
Incorrect Initialization of Resource |
|
Major |
Demonstrative_Examples, References |
|
Minor |
None |
1420 |
Exposure of Sensitive Information during Transient Execution |
|
Major |
Mapping_Notes |
|
Minor |
None |