Any change with respect to whitespace is ignored. "Minor"
changes are text changes that only affect capitalization and
punctuation. Most other changes are marked as "Major."
Simple schema changes are treated as Minor, such as the change from
AffectedResource to Affected_Resource in Draft 8, or the relationship
name change from "IsRequiredBy" to "RequiredBy" in
Version 1.0. For each mutual relationship between nodes A and B (such
as ParentOf and ChildOf), a relationship change is noted for both A
and B.
The "Version 2.0 Total" lists the total number of relationships
in Version 2.0. The "Shared" value is the total number of
relationships in entries that were in both Version 2.0 and Version 1.13. The
"New" value is the total number of relationships involving
entries that did not exist in Version 1.13. Thus, the total number of
relationships in Version 2.0 would combine stats from Shared entries and
New entries.
A node change is labeled "important" if it is a major field change and
the field is critical to the meaning of the node. The critical fields
are description, name, and relationships.
11 |
ASP.NET Misconfiguration: Creating Debug Binary |
|
Major |
Common_Consequences |
|
Minor |
None |
12 |
ASP.NET Misconfiguration: Missing Custom Error Page |
|
Major |
Common_Consequences |
|
Minor |
None |
15 |
External Control of System or Configuration Setting |
|
Major |
Common_Consequences |
|
Minor |
None |
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
Major |
Relationships |
|
Minor |
None |
78 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
|
Major |
Relationships |
|
Minor |
None |
79 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
|
Major |
Relationships |
|
Minor |
None |
84 |
Improper Neutralization of Encoded URI Schemes in a Web Page |
|
Major |
Common_Consequences |
|
Minor |
None |
89 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
|
Major |
Relationships |
|
Minor |
None |
98 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') |
|
Major |
Relationships |
|
Minor |
None |
102 |
Struts: Duplicate Validation Forms |
|
Major |
Common_Consequences |
|
Minor |
None |
105 |
Struts: Form Field Without Validator |
|
Major |
Common_Consequences |
|
Minor |
None |
106 |
Struts: Plug-in Framework not in Use |
|
Major |
Common_Consequences |
|
Minor |
None |
107 |
Struts: Unused Validation Form |
|
Major |
Common_Consequences |
|
Minor |
None |
112 |
Missing XML Validation |
|
Major |
Common_Consequences |
|
Minor |
None |
115 |
Misinterpretation of Input |
|
Major |
Common_Consequences |
|
Minor |
None |
118 |
Improper Access of Indexable Resource ('Range Error') |
|
Major |
Common_Consequences |
|
Minor |
None |
120 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
|
Major |
Relationships |
|
Minor |
None |
129 |
Improper Validation of Array Index |
|
Major |
Relationships |
|
Minor |
None |
130 |
Improper Handling of Length Parameter Inconsistency |
|
Major |
Common_Consequences |
|
Minor |
None |
131 |
Incorrect Calculation of Buffer Size |
|
Major |
Relationships |
|
Minor |
None |
134 |
Uncontrolled Format String |
|
Major |
Modes_of_Introduction, Relationships |
|
Minor |
None |
135 |
Incorrect Calculation of Multi-Byte String Length |
|
Major |
Common_Consequences |
|
Minor |
None |
140 |
Improper Neutralization of Delimiters |
|
Major |
Common_Consequences |
|
Minor |
None |
141 |
Improper Neutralization of Parameter/Argument Delimiters |
|
Major |
Common_Consequences |
|
Minor |
None |
142 |
Improper Neutralization of Value Delimiters |
|
Major |
Common_Consequences |
|
Minor |
None |
143 |
Improper Neutralization of Record Delimiters |
|
Major |
Common_Consequences |
|
Minor |
None |
144 |
Improper Neutralization of Line Delimiters |
|
Major |
Common_Consequences |
|
Minor |
None |
145 |
Improper Neutralization of Section Delimiters |
|
Major |
Common_Consequences |
|
Minor |
None |
147 |
Improper Neutralization of Input Terminators |
|
Major |
Common_Consequences |
|
Minor |
None |
148 |
Improper Neutralization of Input Leaders |
|
Major |
Common_Consequences |
|
Minor |
None |
149 |
Improper Neutralization of Quoting Syntax |
|
Major |
Common_Consequences |
|
Minor |
None |
150 |
Improper Neutralization of Escape, Meta, or Control Sequences |
|
Major |
Common_Consequences |
|
Minor |
None |
151 |
Improper Neutralization of Comment Delimiters |
|
Major |
Common_Consequences |
|
Minor |
None |
152 |
Improper Neutralization of Macro Symbols |
|
Major |
Common_Consequences |
|
Minor |
None |
153 |
Improper Neutralization of Substitution Characters |
|
Major |
Common_Consequences |
|
Minor |
None |
154 |
Improper Neutralization of Variable Name Delimiters |
|
Major |
Common_Consequences |
|
Minor |
None |
155 |
Improper Neutralization of Wildcards or Matching Symbols |
|
Major |
Common_Consequences |
|
Minor |
None |
156 |
Improper Neutralization of Whitespace |
|
Major |
Common_Consequences |
|
Minor |
None |
157 |
Failure to Sanitize Paired Delimiters |
|
Major |
Common_Consequences |
|
Minor |
None |
158 |
Improper Neutralization of Null Byte or NUL Character |
|
Major |
Common_Consequences |
|
Minor |
None |
159 |
Failure to Sanitize Special Element |
|
Major |
Common_Consequences |
|
Minor |
None |
160 |
Improper Neutralization of Leading Special Elements |
|
Major |
Common_Consequences |
|
Minor |
None |
161 |
Improper Neutralization of Multiple Leading Special Elements |
|
Major |
Common_Consequences |
|
Minor |
None |
162 |
Improper Neutralization of Trailing Special Elements |
|
Major |
Common_Consequences |
|
Minor |
None |
163 |
Improper Neutralization of Multiple Trailing Special Elements |
|
Major |
Common_Consequences |
|
Minor |
None |
164 |
Improper Neutralization of Internal Special Elements |
|
Major |
Common_Consequences |
|
Minor |
None |
165 |
Improper Neutralization of Multiple Internal Special Elements |
|
Major |
Common_Consequences |
|
Minor |
None |
167 |
Improper Handling of Additional Special Element |
|
Major |
Common_Consequences |
|
Minor |
None |
172 |
Encoding Error |
|
Major |
Common_Consequences |
|
Minor |
None |
175 |
Improper Handling of Mixed Encoding |
|
Major |
Common_Consequences |
|
Minor |
None |
176 |
Improper Handling of Unicode Encoding |
|
Major |
Common_Consequences |
|
Minor |
None |
177 |
Improper Handling of URL Encoding (Hex Encoding) |
|
Major |
Common_Consequences |
|
Minor |
None |
187 |
Partial Comparison |
|
Major |
Common_Consequences |
|
Minor |
None |
190 |
Integer Overflow or Wraparound |
|
Major |
Relationships |
|
Minor |
None |
191 |
Integer Underflow (Wrap or Wraparound) |
|
Major |
Common_Consequences |
|
Minor |
None |
193 |
Off-by-one Error |
|
Major |
Common_Consequences |
|
Minor |
None |
195 |
Signed to Unsigned Conversion Error |
|
Major |
Common_Consequences |
|
Minor |
None |
198 |
Use of Incorrect Byte Ordering |
|
Major |
Common_Consequences |
|
Minor |
None |
209 |
Information Exposure Through an Error Message |
|
Major |
Relationships |
|
Minor |
None |
212 |
Improper Cross-boundary Removal of Sensitive Data |
|
Major |
Demonstrative_Examples, Relationships |
|
Minor |
None |
227 |
Improper Fulfillment of API Contract ('API Abuse') |
|
Major |
Common_Consequences |
|
Minor |
None |
228 |
Improper Handling of Syntactically Invalid Structure |
|
Major |
Common_Consequences |
|
Minor |
None |
229 |
Improper Handling of Values |
|
Major |
Common_Consequences |
|
Minor |
None |
230 |
Improper Handling of Missing Values |
|
Major |
Common_Consequences |
|
Minor |
None |
231 |
Improper Handling of Extra Values |
|
Major |
Common_Consequences |
|
Minor |
None |
232 |
Improper Handling of Undefined Values |
|
Major |
Common_Consequences |
|
Minor |
None |
233 |
Parameter Problems |
|
Major |
Common_Consequences |
|
Minor |
None |
235 |
Improper Handling of Extra Parameters |
|
Major |
Common_Consequences |
|
Minor |
None |
236 |
Improper Handling of Undefined Parameters |
|
Major |
Common_Consequences |
|
Minor |
None |
237 |
Improper Handling of Structural Elements |
|
Major |
Common_Consequences |
|
Minor |
None |
238 |
Improper Handling of Incomplete Structural Elements |
|
Major |
Common_Consequences |
|
Minor |
None |
239 |
Failure to Handle Incomplete Element |
|
Major |
Common_Consequences |
|
Minor |
None |
240 |
Improper Handling of Inconsistent Structural Elements |
|
Major |
Common_Consequences |
|
Minor |
None |
241 |
Improper Handling of Unexpected Data Type |
|
Major |
Common_Consequences |
|
Minor |
None |
242 |
Use of Inherently Dangerous Function |
|
Major |
Common_Consequences |
|
Minor |
None |
245 |
J2EE Bad Practices: Direct Management of Connections |
|
Major |
Common_Consequences |
|
Minor |
None |
246 |
J2EE Bad Practices: Direct Use of Sockets |
|
Major |
Common_Consequences |
|
Minor |
None |
250 |
Execution with Unnecessary Privileges |
|
Major |
Demonstrative_Examples, Relationships |
|
Minor |
None |
252 |
Unchecked Return Value |
|
Major |
Common_Consequences |
|
Minor |
None |
262 |
Not Using Password Aging |
|
Major |
Common_Consequences |
|
Minor |
None |
263 |
Password Aging with Long Expiration |
|
Major |
Common_Consequences |
|
Minor |
None |
283 |
Unverified Ownership |
|
Major |
Common_Consequences |
|
Minor |
None |
284 |
Improper Access Control |
|
Major |
Common_Consequences |
|
Minor |
None |
286 |
Incorrect User Management |
|
Major |
Common_Consequences |
|
Minor |
None |
306 |
Missing Authentication for Critical Function |
|
Major |
Relationships |
|
Minor |
None |
307 |
Improper Restriction of Excessive Authentication Attempts |
|
Major |
Common_Consequences, Related_Attack_Patterns, Relationships |
|
Minor |
None |
311 |
Missing Encryption of Sensitive Data |
|
Major |
Relationships |
|
Minor |
None |
322 |
Key Exchange without Entity Authentication |
|
Major |
Common_Consequences |
|
Minor |
None |
327 |
Use of a Broken or Risky Cryptographic Algorithm |
|
Major |
Relationships |
|
Minor |
None |
330 |
Use of Insufficiently Random Values |
|
Major |
Relationships |
|
Minor |
None |
337 |
Predictable Seed in PRNG |
|
Major |
Common_Consequences |
|
Minor |
None |
339 |
Small Seed Space in PRNG |
|
Major |
Common_Consequences |
|
Minor |
None |
340 |
Predictability Problems |
|
Major |
Common_Consequences |
|
Minor |
None |
341 |
Predictable from Observable State |
|
Major |
Common_Consequences |
|
Minor |
None |
342 |
Predictable Exact Value from Previous Values |
|
Major |
Common_Consequences |
|
Minor |
None |
343 |
Predictable Value Range from Previous Values |
|
Major |
Common_Consequences |
|
Minor |
None |
344 |
Use of Invariant Value in Dynamically Changing Context |
|
Major |
Common_Consequences |
|
Minor |
None |
345 |
Insufficient Verification of Data Authenticity |
|
Major |
Common_Consequences |
|
Minor |
None |
346 |
Origin Validation Error |
|
Major |
Common_Consequences |
|
Minor |
None |
352 |
Cross-Site Request Forgery (CSRF) |
|
Major |
Relationships |
|
Minor |
None |
362 |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
|
Major |
Relationships |
|
Minor |
None |
365 |
Race Condition in Switch |
|
Major |
Common_Consequences |
|
Minor |
None |
366 |
Race Condition within a Thread |
|
Major |
Common_Consequences |
|
Minor |
None |
367 |
Time-of-check Time-of-use (TOCTOU) Race Condition |
|
Major |
Common_Consequences |
|
Minor |
None |
372 |
Incomplete Internal State Distinction |
|
Major |
Common_Consequences |
|
Minor |
None |
383 |
J2EE Bad Practices: Direct Use of Threads |
|
Major |
Common_Consequences |
|
Minor |
None |
390 |
Detection of Error Condition Without Action |
|
Major |
Common_Consequences |
|
Minor |
None |
391 |
Unchecked Error Condition |
|
Major |
Common_Consequences |
|
Minor |
None |
392 |
Missing Report of Error Condition |
|
Major |
Common_Consequences |
|
Minor |
None |
393 |
Return of Wrong Status Code |
|
Major |
Common_Consequences |
|
Minor |
None |
394 |
Unexpected Status Code or Return Value |
|
Major |
Common_Consequences |
|
Minor |
None |
398 |
Indicator of Poor Code Quality |
|
Major |
Common_Consequences |
|
Minor |
None |
403 |
Exposure of File Descriptor to Unintended Control Sphere |
|
Major |
Common_Consequences |
|
Minor |
None |
404 |
Improper Resource Shutdown or Release |
|
Major |
Common_Consequences |
|
Minor |
None |
405 |
Asymmetric Resource Consumption (Amplification) |
|
Major |
Common_Consequences |
|
Minor |
None |
416 |
Use After Free |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
424 |
Improper Protection of Alternate Path |
|
Major |
Common_Consequences |
|
Minor |
None |
430 |
Deployment of Wrong Handler |
|
Major |
Common_Consequences |
|
Minor |
None |
431 |
Missing Handler |
|
Major |
Common_Consequences |
|
Minor |
None |
434 |
Unrestricted Upload of File with Dangerous Type |
|
Major |
Relationships |
|
Minor |
None |
435 |
Interaction Error |
|
Major |
Common_Consequences |
|
Minor |
None |
436 |
Interpretation Conflict |
|
Major |
Common_Consequences |
|
Minor |
None |
437 |
Incomplete Model of Endpoint Features |
|
Major |
Common_Consequences |
|
Minor |
None |
439 |
Behavioral Change in New Version or Environment |
|
Major |
Common_Consequences |
|
Minor |
None |
440 |
Expected Behavior Violation |
|
Major |
Common_Consequences |
|
Minor |
None |
441 |
Unintended Proxy/Intermediary |
|
Major |
Common_Consequences |
|
Minor |
None |
446 |
UI Discrepancy for Security Feature |
|
Major |
Common_Consequences |
|
Minor |
None |
447 |
Unimplemented or Unsupported Feature in UI |
|
Major |
Common_Consequences |
|
Minor |
None |
448 |
Obsolete Feature in UI |
|
Major |
Common_Consequences |
|
Minor |
None |
449 |
The UI Performs the Wrong Action |
|
Major |
Common_Consequences |
|
Minor |
None |
450 |
Multiple Interpretations of UI Input |
|
Major |
Common_Consequences |
|
Minor |
None |
456 |
Missing Initialization |
|
Major |
Common_Consequences, Relationships |
|
Minor |
None |
460 |
Improper Cleanup on Thrown Exception |
|
Major |
Common_Consequences |
|
Minor |
None |
462 |
Duplicate Key in Associative List (Alist) |
|
Major |
Common_Consequences |
|
Minor |
None |
464 |
Addition of Data Structure Sentinel |
|
Major |
Common_Consequences |
|
Minor |
None |
467 |
Use of sizeof() on a Pointer Type |
|
Major |
Common_Consequences |
|
Minor |
None |
468 |
Incorrect Pointer Scaling |
|
Major |
Common_Consequences |
|
Minor |
None |
472 |
External Control of Assumed-Immutable Web Parameter |
|
Major |
Common_Consequences |
|
Minor |
None |
474 |
Use of Function with Inconsistent Implementations |
|
Major |
Common_Consequences |
|
Minor |
None |
475 |
Undefined Behavior for Input to API |
|
Major |
Common_Consequences |
|
Minor |
None |
476 |
NULL Pointer Dereference |
|
Major |
Related_Attack_Patterns, Relationships |
|
Minor |
None |
477 |
Use of Obsolete Functions |
|
Major |
Common_Consequences |
|
Minor |
None |
478 |
Missing Default Case in Switch Statement |
|
Major |
Common_Consequences |
|
Minor |
None |
479 |
Signal Handler Use of a Non-reentrant Function |
|
Major |
Common_Consequences |
|
Minor |
None |
482 |
Comparing instead of Assigning |
|
Major |
Common_Consequences |
|
Minor |
None |
483 |
Incorrect Block Delimitation |
|
Major |
Common_Consequences |
|
Minor |
None |
485 |
Insufficient Encapsulation |
|
Major |
Common_Consequences |
|
Minor |
None |
489 |
Leftover Debug Code |
|
Major |
Common_Consequences |
|
Minor |
None |
491 |
Public cloneable() Method Without Final ('Object Hijack') |
|
Major |
Common_Consequences |
|
Minor |
None |
494 |
Download of Code Without Integrity Check |
|
Major |
Relationships |
|
Minor |
None |
511 |
Logic/Time Bomb |
|
Major |
Common_Consequences |
|
Minor |
None |
525 |
Information Exposure Through Browser Caching |
|
Major |
Common_Consequences |
|
Minor |
None |
531 |
Information Exposure Through Test Code |
|
Major |
Common_Consequences |
|
Minor |
None |
544 |
Missing Standardized Error Handling Mechanism |
|
Major |
Common_Consequences |
|
Minor |
None |
546 |
Suspicious Comment |
|
Major |
Common_Consequences |
|
Minor |
None |
547 |
Use of Hard-coded, Security-relevant Constants |
|
Major |
Common_Consequences |
|
Minor |
None |
554 |
ASP.NET Misconfiguration: Not Using Input Validation Framework |
|
Major |
Common_Consequences |
|
Minor |
None |
563 |
Unused Variable |
|
Major |
Common_Consequences |
|
Minor |
None |
568 |
finalize() Method Without super.finalize() |
|
Major |
Common_Consequences |
|
Minor |
None |
570 |
Expression is Always False |
|
Major |
Common_Consequences |
|
Minor |
None |
571 |
Expression is Always True |
|
Major |
Common_Consequences |
|
Minor |
None |
572 |
Call to Thread run() instead of start() |
|
Major |
Common_Consequences |
|
Minor |
None |
573 |
Improper Following of Specification by Caller |
|
Major |
Common_Consequences |
|
Minor |
None |
574 |
EJB Bad Practices: Use of Synchronization Primitives |
|
Major |
Common_Consequences |
|
Minor |
None |
575 |
EJB Bad Practices: Use of AWT Swing |
|
Major |
Common_Consequences |
|
Minor |
None |
576 |
EJB Bad Practices: Use of Java I/O |
|
Major |
Common_Consequences |
|
Minor |
None |
577 |
EJB Bad Practices: Use of Sockets |
|
Major |
Common_Consequences |
|
Minor |
None |
578 |
EJB Bad Practices: Use of Class Loader |
|
Major |
Common_Consequences |
|
Minor |
None |
579 |
J2EE Bad Practices: Non-serializable Object Stored in Session |
|
Major |
Common_Consequences |
|
Minor |
None |
580 |
clone() Method Without super.clone() |
|
Major |
Common_Consequences |
|
Minor |
None |
583 |
finalize() Method Declared Public |
|
Major |
Common_Consequences |
|
Minor |
None |
586 |
Explicit Call to Finalize() |
|
Major |
Common_Consequences |
|
Minor |
None |
589 |
Call to Non-ubiquitous API |
|
Major |
Common_Consequences |
|
Minor |
None |
593 |
Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created |
|
Major |
Common_Consequences |
|
Minor |
None |
601 |
URL Redirection to Untrusted Site ('Open Redirect') |
|
Major |
Relationships |
|
Minor |
None |
605 |
Multiple Binds to the Same Port |
|
Major |
Common_Consequences |
|
Minor |
None |
622 |
Unvalidated Function Hook Arguments |
|
Major |
Common_Consequences |
|
Minor |
None |
626 |
Null Byte Interaction Error (Poison Null Byte) |
|
Major |
Common_Consequences |
|
Minor |
None |
628 |
Function Call with Incorrectly Specified Arguments |
|
Major |
Common_Consequences |
|
Minor |
None |
649 |
Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking |
|
Major |
Common_Consequences |
|
Minor |
None |
669 |
Incorrect Resource Transfer Between Spheres |
|
Major |
Common_Consequences |
|
Minor |
None |
671 |
Lack of Administrator Control over Security |
|
Major |
Common_Consequences |
|
Minor |
None |
676 |
Use of Potentially Dangerous Function |
|
Major |
Common_Consequences, Observed_Examples, Potential_Mitigations, References, Relationships |
|
Minor |
None |
681 |
Incorrect Conversion between Numeric Types |
|
Major |
Common_Consequences, Observed_Examples, Relationships |
|
Minor |
None |
683 |
Function Call With Incorrect Order of Arguments |
|
Major |
Common_Consequences |
|
Minor |
None |
684 |
Incorrect Provision of Specified Functionality |
|
Major |
Common_Consequences |
|
Minor |
None |
685 |
Function Call With Incorrect Number of Arguments |
|
Major |
Common_Consequences |
|
Minor |
None |
686 |
Function Call With Incorrect Argument Type |
|
Major |
Common_Consequences |
|
Minor |
None |
687 |
Function Call With Incorrectly Specified Argument Value |
|
Major |
Common_Consequences |
|
Minor |
None |
688 |
Function Call With Incorrect Variable or Reference as Argument |
|
Major |
Common_Consequences |
|
Minor |
None |
694 |
Use of Multiple Resources with Duplicate Identifier |
|
Major |
Common_Consequences |
|
Minor |
None |
696 |
Incorrect Behavior Order |
|
Major |
Common_Consequences |
|
Minor |
None |
703 |
Improper Check or Handling of Exceptional Conditions |
|
Major |
Common_Consequences |
|
Minor |
None |
732 |
Incorrect Permission Assignment for Critical Resource |
|
Major |
Relationships |
|
Minor |
None |
754 |
Improper Check for Unusual or Exceptional Conditions |
|
Major |
Common_Consequences, Related_Attack_Patterns, Relationships |
|
Minor |
None |
759 |
Use of a One-Way Hash without a Salt |
|
Major |
Common_Consequences, Demonstrative_Examples, Potential_Mitigations, Related_Attack_Patterns, Relationships |
|
Minor |
None |
764 |
Multiple Locks of a Critical Resource |
|
Major |
Common_Consequences |
|
Minor |
None |
765 |
Multiple Unlocks of a Critical Resource |
|
Major |
Common_Consequences |
|
Minor |
None |
770 |
Allocation of Resources Without Limits or Throttling |
|
Major |
Relationships |
|
Minor |
None |
772 |
Missing Release of Resource after Effective Lifetime |
|
Major |
Observed_Examples, Related_Attack_Patterns, Relationships |
|
Minor |
None |
783 |
Operator Precedence Logic Error |
|
Major |
Common_Consequences |
|
Minor |
None |
790 |
Improper Filtering of Special Elements |
|
Major |
Common_Consequences |
|
Minor |
None |
791 |
Incomplete Filtering of Special Elements |
|
Major |
Common_Consequences |
|
Minor |
None |
792 |
Incomplete Filtering of One or More Instances of Special Elements |
|
Major |
Common_Consequences |
|
Minor |
None |
793 |
Only Filtering One Instance of a Special Element |
|
Major |
Common_Consequences |
|
Minor |
None |
794 |
Incomplete Filtering of Multiple Instances of Special Elements |
|
Major |
Common_Consequences |
|
Minor |
None |
795 |
Only Filtering Special Elements at a Specified Location |
|
Major |
Common_Consequences |
|
Minor |
None |
796 |
Only Filtering Special Elements Relative to a Marker |
|
Major |
Common_Consequences |
|
Minor |
None |
797 |
Only Filtering Special Elements at an Absolute Position |
|
Major |
Common_Consequences |
|
Minor |
None |
798 |
Use of Hard-coded Credentials |
|
Major |
Observed_Examples, Relationships |
|
Minor |
None |
805 |
Buffer Access with Incorrect Length Value |
|
Major |
Demonstrative_Examples, Observed_Examples, Relationships |
|
Minor |
None |
807 |
Reliance on Untrusted Inputs in a Security Decision |
|
Major |
Common_Consequences, Relationships |
|
Minor |
None |
822 |
Untrusted Pointer Dereference |
|
Major |
Related_Attack_Patterns, Relationships |
|
Minor |
None |
825 |
Expired Pointer Dereference |
|
Major |
Demonstrative_Examples, Potential_Mitigations, Relationships |
|
Minor |
None |
827 |
Improper Control of Document Type Definition |
|
Major |
None |
|
Minor |
Observed_Examples |
829 |
Inclusion of Functionality from Untrusted Control Sphere |
|
Major |
Common_Consequences, Demonstrative_Examples, Observed_Examples, Potential_Mitigations, Related_Attack_Patterns, Relationships |
|
Minor |
None |
830 |
Inclusion of Web Functionality from an Untrusted Source |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
831 |
Signal Handler Function Associated with Multiple Signals |
|
Major |
Common_Consequences |
|
Minor |
None |
838 |
Inappropriate Encoding for Output Context |
|
Major |
Demonstrative_Examples, Related_Attack_Patterns, Relationships |
|
Minor |
None |
841 |
Improper Enforcement of Behavioral Workflow |
|
Major |
Common_Consequences, Observed_Examples, Related_Attack_Patterns, Relationships |
|
Minor |
None |
862 |
Missing Authorization |
|
Major |
Demonstrative_Examples, Related_Attack_Patterns, Relationships |
|
Minor |
None |
863 |
Incorrect Authorization |
|
Major |
Demonstrative_Examples, Related_Attack_Patterns, Relationships |
|
Minor |
None |