Any change with respect to whitespace is ignored. "Minor"
changes are text changes that only affect capitalization and
punctuation. Most other changes are marked as "Major."
Simple schema changes are treated as Minor, such as the change from
AffectedResource to Affected_Resource in Draft 8, or the relationship
name change from "IsRequiredBy" to "RequiredBy" in
Version 1.0. For each mutual relationship between nodes A and B (such
as ParentOf and ChildOf), a relationship change is noted for both A
and B.
The "Version 4.17 Total" lists the total number of relationships
in Version 4.17. The "Shared" value is the total number of
relationships in entries that were in both Version 4.17 and Version 4.16. The
"New" value is the total number of relationships involving
entries that did not exist in Version 4.16. Thus, the total number of
relationships in Version 4.17 would combine stats from Shared entries and
New entries.
A node change is labeled "important" if it is a major field change and
the field is critical to the meaning of the node. The critical fields
are description, name, and relationships.
| D | | |
20 |
Improper Input Validation |
| | | R |
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| D | | |
79 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| D | | |
94 |
Improper Control of Generation of Code ('Code Injection') |
| D | | |
95 |
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
| D | | |
117 |
Improper Output Neutralization for Logs |
| | | R |
119 |
Improper Restriction of Operations within the Bounds of a Memory Buffer |
| | | R |
120 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| | | R |
123 |
Write-what-where Condition |
| D | | |
126 |
Buffer Over-read |
| D | | |
134 |
Use of Externally-Controlled Format String |
| | | R |
182 |
Collapse of Data into Unsafe Value |
| | | R |
200 |
Exposure of Sensitive Information to an Unauthorized Actor |
| D | | |
204 |
Observable Response Discrepancy |
| | | R |
223 |
Omission of Security-relevant Information |
| D | | |
259 |
Use of Hard-coded Password |
| | | R |
284 |
Improper Access Control |
| | | R |
291 |
Reliance on IP Address for Authentication |
| D | | |
311 |
Missing Encryption of Sensitive Data |
| D | | |
312 |
Cleartext Storage of Sensitive Information |
| D | | R |
319 |
Cleartext Transmission of Sensitive Information |
| D | | |
321 |
Use of Hard-coded Cryptographic Key |
| D | | |
352 |
Cross-Site Request Forgery (CSRF) |
| | | R |
392 |
Missing Report of Error Condition |
| D | | |
393 |
Return of Wrong Status Code |
| D | | |
397 |
Declaration of Throws for Generic Exception |
| D | | |
400 |
Uncontrolled Resource Consumption |
| D | | |
401 |
Missing Release of Memory after Effective Lifetime |
| D | | |
415 |
Double Free |
| | | R |
471 |
Modification of Assumed-Immutable Data (MAID) |
| | | R |
497 |
Exposure of Sensitive System Information to an Unauthorized Control Sphere |
| D | | |
548 |
Exposure of Information Through Directory Listing |
| D | | |
565 |
Reliance on Cookies without Validation and Integrity Checking |
| D | | |
598 |
Use of GET Request Method With Sensitive Query Strings |
| | | R |
668 |
Exposure of Resource to Wrong Sphere |
| | | R |
691 |
Insufficient Control Flow Management |
| | | R |
693 |
Protection Mechanism Failure |
| | | R |
696 |
Incorrect Behavior Order |
| | | R |
707 |
Improper Neutralization |
| | | R |
778 |
Insufficient Logging |
| | | R |
787 |
Out-of-bounds Write |
| | | R |
912 |
Hidden Functionality |
| D | N | |
1039 |
Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism |
| | | R |
1205 |
Security Primitives and Cryptography Issues |
| | | R |
1208 |
Cross-Cutting Problems |
| | | R |
1242 |
Inclusion of Undocumented Features or Chicken Bits |
| | | R |
1279 |
Cryptographic Operations are run Before Supporting Units are Ready |
| | | R |
1329 |
Reliance on Component That is Not Updateable |
| | | R |
1357 |
Reliance on Insufficiently Trustworthy Component |
| | | R |
1402 |
Comprehensive Categorization: Encryption |
| | | R |
1413 |
Comprehensive Categorization: Protection Mechanism Failure |
| | | R |
1417 |
Comprehensive Categorization: Sensitive Information Exposure |
| 20 |
Improper Input Validation |
|
Major |
Common_Consequences, Description, Diagram, Mapping_Notes, Potential_Mitigations, Relationship_Notes, Terminology_Notes |
|
Minor |
None |
| 22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
Major |
Relationships |
|
Minor |
None |
| 23 |
Relative Path Traversal |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 79 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
|
Major |
Alternate_Terms, Common_Consequences, Description, Diagram, Other_Notes |
|
Minor |
None |
| 89 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
|
Major |
Applicable_Platforms, Demonstrative_Examples, References |
|
Minor |
None |
| 93 |
Improper Neutralization of CRLF Sequences ('CRLF Injection') |
|
Major |
Diagram, References |
|
Minor |
None |
| 94 |
Improper Control of Generation of Code ('Code Injection') |
|
Major |
Alternate_Terms, Common_Consequences, Description, Diagram, Theoretical_Notes |
|
Minor |
None |
| 95 |
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
|
Major |
Common_Consequences, Description, Diagram |
|
Minor |
None |
| 98 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 114 |
Process Control |
|
Major |
Maintenance_Notes, Mapping_Notes |
|
Minor |
None |
| 117 |
Improper Output Neutralization for Logs |
|
Major |
Alternate_Terms, Description, Diagram |
|
Minor |
None |
| 119 |
Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
Major |
Relationships |
|
Minor |
None |
| 120 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
|
Major |
Applicable_Platforms, Relationships |
|
Minor |
None |
| 121 |
Stack-based Buffer Overflow |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 122 |
Heap-based Buffer Overflow |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 123 |
Write-what-where Condition |
|
Major |
Relationships |
|
Minor |
None |
| 126 |
Buffer Over-read |
|
Major |
Common_Consequences, Description, Diagram, Other_Notes |
|
Minor |
None |
| 131 |
Incorrect Calculation of Buffer Size |
|
Major |
Observed_Examples |
|
Minor |
None |
| 134 |
Use of Externally-Controlled Format String |
|
Major |
Common_Consequences, Demonstrative_Examples, Description, Diagram, Other_Notes |
|
Minor |
None |
| 182 |
Collapse of Data into Unsafe Value |
|
Major |
Relationships |
|
Minor |
None |
| 190 |
Integer Overflow or Wraparound |
|
Major |
Applicable_Platforms, Observed_Examples |
|
Minor |
None |
| 193 |
Off-by-one Error |
|
Major |
Applicable_Platforms, Demonstrative_Examples |
|
Minor |
None |
| 195 |
Signed to Unsigned Conversion Error |
|
Major |
Observed_Examples |
|
Minor |
None |
| 200 |
Exposure of Sensitive Information to an Unauthorized Actor |
|
Major |
Relationships |
|
Minor |
None |
| 203 |
Observable Discrepancy |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 204 |
Observable Response Discrepancy |
|
Major |
Description, Diagram, Modes_of_Introduction |
|
Minor |
None |
| 208 |
Observable Timing Discrepancy |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 223 |
Omission of Security-relevant Information |
|
Major |
Relationships |
|
Minor |
None |
| 226 |
Sensitive Information in Resource Not Removed Before Reuse |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 245 |
J2EE Bad Practices: Direct Management of Connections |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 259 |
Use of Hard-coded Password |
|
Major |
Common_Consequences, Description, Diagram, Maintenance_Notes, Other_Notes |
|
Minor |
Demonstrative_Examples |
| 284 |
Improper Access Control |
|
Major |
Relationships |
|
Minor |
None |
| 287 |
Improper Authentication |
|
Major |
Observed_Examples |
|
Minor |
None |
| 291 |
Reliance on IP Address for Authentication |
|
Major |
Relationships |
|
Minor |
None |
| 306 |
Missing Authentication for Critical Function |
|
Major |
Observed_Examples |
|
Minor |
None |
| 311 |
Missing Encryption of Sensitive Data |
|
Major |
Description, Diagram |
|
Minor |
None |
| 312 |
Cleartext Storage of Sensitive Information |
|
Major |
Common_Consequences, Description, Diagram, Other_Notes, Potential_Mitigations |
|
Minor |
None |
| 315 |
Cleartext Storage of Sensitive Information in a Cookie |
|
Major |
None |
|
Minor |
Demonstrative_Examples |
| 319 |
Cleartext Transmission of Sensitive Information |
|
Major |
Common_Consequences, Description, Diagram, Other_Notes, Relationships |
|
Minor |
None |
| 321 |
Use of Hard-coded Cryptographic Key |
|
Major |
Common_Consequences, Description, Diagram |
|
Minor |
None |
| 352 |
Cross-Site Request Forgery (CSRF) |
|
Major |
Alternate_Terms, Common_Consequences, Description, Diagram |
|
Minor |
None |
| 362 |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
|
Major |
Affected_Resources |
|
Minor |
None |
| 367 |
Time-of-check Time-of-use (TOCTOU) Race Condition |
|
Major |
Affected_Resources, Observed_Examples |
|
Minor |
None |
| 369 |
Divide By Zero |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 392 |
Missing Report of Error Condition |
|
Major |
Relationships |
|
Minor |
None |
| 393 |
Return of Wrong Status Code |
|
Major |
Description |
|
Minor |
None |
| 396 |
Declaration of Catch for Generic Exception |
|
Major |
Common_Consequences, Demonstrative_Examples |
|
Minor |
None |
| 397 |
Declaration of Throws for Generic Exception |
|
Major |
Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description |
|
Minor |
None |
| 400 |
Uncontrolled Resource Consumption |
|
Major |
Common_Consequences, Description, Diagram, Modes_of_Introduction, Other_Notes, Time_of_Introduction |
|
Minor |
None |
| 401 |
Missing Release of Memory after Effective Lifetime |
|
Major |
Description, Diagram, Modes_of_Introduction |
|
Minor |
None |
| 403 |
Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 406 |
Insufficient Control of Network Message Volume (Network Amplification) |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 410 |
Insufficient Resource Pool |
|
Major |
Type |
|
Minor |
None |
| 415 |
Double Free |
|
Major |
Common_Consequences, Description, Diagram |
|
Minor |
None |
| 416 |
Use After Free |
|
Major |
Observed_Examples |
|
Minor |
None |
| 426 |
Untrusted Search Path |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 427 |
Uncontrolled Search Path Element |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 456 |
Missing Initialization of a Variable |
|
Major |
Demonstrative_Examples, Observed_Examples, References |
|
Minor |
None |
| 464 |
Addition of Data Structure Sentinel |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 467 |
Use of sizeof() on a Pointer Type |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 471 |
Modification of Assumed-Immutable Data (MAID) |
|
Major |
Relationships |
|
Minor |
None |
| 476 |
NULL Pointer Dereference |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
| 479 |
Signal Handler Use of a Non-reentrant Function |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 492 |
Use of Inner Class Containing Sensitive Data |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 497 |
Exposure of Sensitive System Information to an Unauthorized Control Sphere |
|
Major |
Demonstrative_Examples, Relationships |
|
Minor |
None |
| 548 |
Exposure of Information Through Directory Listing |
|
Major |
Description, Diagram, References |
|
Minor |
None |
| 564 |
SQL Injection: Hibernate |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 565 |
Reliance on Cookies without Validation and Integrity Checking |
|
Major |
Common_Consequences, Description, Diagram |
|
Minor |
None |
| 566 |
Authorization Bypass Through User-Controlled SQL Primary Key |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 570 |
Expression is Always False |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 585 |
Empty Synchronized Block |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 590 |
Free of Memory not on the Heap |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 595 |
Comparison of Object References Instead of Object Contents |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 597 |
Use of Wrong Operator in String Comparison |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 598 |
Use of GET Request Method With Sensitive Query Strings |
|
Major |
Description, Diagram, Other_Notes |
|
Minor |
None |
| 602 |
Client-Side Enforcement of Server-Side Security |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 609 |
Double-Checked Locking |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 610 |
Externally Controlled Reference to a Resource in Another Sphere |
|
Major |
Common_Consequences |
|
Minor |
None |
| 619 |
Dangling Database Cursor ('Cursor Injection') |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 637 |
Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 655 |
Insufficient Psychological Acceptability |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 656 |
Reliance on Security Through Obscurity |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 663 |
Use of a Non-reentrant Function in a Concurrent Context |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 667 |
Improper Locking |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 668 |
Exposure of Resource to Wrong Sphere |
|
Major |
Common_Consequences, Relationships |
|
Minor |
None |
| 681 |
Incorrect Conversion between Numeric Types |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 691 |
Insufficient Control Flow Management |
|
Major |
Relationships |
|
Minor |
None |
| 693 |
Protection Mechanism Failure |
|
Major |
Relationships |
|
Minor |
None |
| 696 |
Incorrect Behavior Order |
|
Major |
Relationships |
|
Minor |
None |
| 703 |
Improper Check or Handling of Exceptional Conditions |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 707 |
Improper Neutralization |
|
Major |
Relationships |
|
Minor |
None |
| 763 |
Release of Invalid Pointer or Reference |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 778 |
Insufficient Logging |
|
Major |
Relationships |
|
Minor |
None |
| 786 |
Access of Memory Location Before Start of Buffer |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 787 |
Out-of-bounds Write |
|
Major |
Observed_Examples, Relationships |
|
Minor |
None |
| 788 |
Access of Memory Location After End of Buffer |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 824 |
Access of Uninitialized Pointer |
|
Major |
Applicable_Platforms, Observed_Examples |
|
Minor |
None |
| 825 |
Expired Pointer Dereference |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 863 |
Incorrect Authorization |
|
Major |
Diagram |
|
Minor |
None |
| 911 |
Improper Update of Reference Count |
|
Major |
Common_Consequences |
|
Minor |
None |
| 912 |
Hidden Functionality |
|
Major |
Relationships |
|
Minor |
None |
| 939 |
Improper Authorization in Handler for Custom URL Scheme |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 943 |
Improper Neutralization of Special Elements in Data Query Logic |
|
Major |
Alternate_Terms, Observed_Examples, References |
|
Minor |
None |
| 1025 |
Comparison Using Wrong Factors |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1039 |
Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism |
|
Major |
Common_Consequences, Description, Detection_Factors, Mapping_Notes, Modes_of_Introduction, Name, Potential_Mitigations, Time_of_Introduction |
|
Minor |
None |
| 1071 |
Empty Code Block |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1073 |
Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 1189 |
Improper Isolation of Shared Resources on System-on-a-Chip (SoC) |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1205 |
Security Primitives and Cryptography Issues |
|
Major |
Relationships |
|
Minor |
None |
| 1208 |
Cross-Cutting Problems |
|
Major |
Relationships |
|
Minor |
None |
| 1220 |
Insufficient Granularity of Access Control |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1223 |
Race Condition for Write-Once Attributes |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1231 |
Improper Prevention of Lock Bit Modification |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1233 |
Security-Sensitive Hardware Controls with Missing Lock Bit Protection |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1236 |
Improper Neutralization of Formula Elements in a CSV File |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1240 |
Use of a Cryptographic Primitive with a Risky Implementation |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1241 |
Use of Predictable Algorithm in Random Number Generator |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1242 |
Inclusion of Undocumented Features or Chicken Bits |
|
Major |
Relationships |
|
Minor |
None |
| 1243 |
Sensitive Non-Volatile Information Not Protected During Debug |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1246 |
Improper Write Handling in Limited-write Non-Volatile Memories |
|
Major |
Demonstrative_Examples, References |
|
Minor |
None |
| 1256 |
Improper Restriction of Software Interfaces to Hardware Features |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1269 |
Product Released in Non-Release Configuration |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1272 |
Sensitive Information Uncleared Before Debug/Power State Transition |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1273 |
Device Unlock Credential Sharing |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1274 |
Improper Access Control for Volatile Memory Containing Boot Code |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1279 |
Cryptographic Operations are run Before Supporting Units are Ready |
|
Major |
Relationships |
|
Minor |
None |
| 1300 |
Improper Protection of Physical Side Channels |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1320 |
Improper Protection for Outbound Error Messages and Alert Signals |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1329 |
Reliance on Component That is Not Updateable |
|
Major |
Relationships |
|
Minor |
None |
| 1332 |
Improper Handling of Faults that Lead to Instruction Skips |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1339 |
Insufficient Precision or Accuracy of a Real Number |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 1357 |
Reliance on Insufficiently Trustworthy Component |
|
Major |
Relationships |
|
Minor |
None |
| 1395 |
Dependency on Vulnerable Third-Party Component |
|
Major |
Mapping_Notes |
|
Minor |
None |
| 1402 |
Comprehensive Categorization: Encryption |
|
Major |
Relationships |
|
Minor |
None |
| 1413 |
Comprehensive Categorization: Protection Mechanism Failure |
|
Major |
Relationships |
|
Minor |
None |
| 1417 |
Comprehensive Categorization: Sensitive Information Exposure |
|
Major |
Relationships |
|
Minor |
None |
