Any change with respect to whitespace is ignored. "Minor"
changes are text changes that only affect capitalization and
punctuation. Most other changes are marked as "Major."
Simple schema changes are treated as Minor, such as the change from
AffectedResource to Affected_Resource in Draft 8, or the relationship
name change from "IsRequiredBy" to "RequiredBy" in
Version 1.0. For each mutual relationship between nodes A and B (such
as ParentOf and ChildOf), a relationship change is noted for both A
and B.
The "Version 4.6 Total" lists the total number of relationships
in Version 4.6. The "Shared" value is the total number of
relationships in entries that were in both Version 4.6 and Version 4.5. The
"New" value is the total number of relationships involving
entries that did not exist in Version 4.5. Thus, the total number of
relationships in Version 4.6 would combine stats from Shared entries and
New entries.
A node change is labeled "important" if it is a major field change and
the field is critical to the meaning of the node. The critical fields
are description, name, and relationships.
| | R |
2 |
7PK - Environment |
| | R |
11 |
ASP.NET Misconfiguration: Creating Debug Binary |
| | R |
13 |
ASP.NET Misconfiguration: Password in Configuration File |
| | R |
15 |
External Control of System or Configuration Setting |
| | R |
16 |
Configuration |
| | R |
20 |
Improper Input Validation |
| | R |
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| | R |
23 |
Relative Path Traversal |
| | R |
35 |
Path Traversal: '.../...//' |
| | R |
59 |
Improper Link Resolution Before File Access ('Link Following') |
| | R |
73 |
External Control of File Name or Path |
| | R |
74 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| | R |
75 |
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
| | R |
77 |
Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| | R |
78 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| | R |
79 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| | R |
80 |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
| | R |
83 |
Improper Neutralization of Script in Attributes in a Web Page |
| | R |
87 |
Improper Neutralization of Alternate XSS Syntax |
| | R |
88 |
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
| | R |
89 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| | R |
90 |
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
| | R |
91 |
XML Injection (aka Blind XPath Injection) |
| | R |
93 |
Improper Neutralization of CRLF Sequences ('CRLF Injection') |
| | R |
94 |
Improper Control of Generation of Code ('Code Injection') |
| | R |
95 |
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
| | R |
96 |
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
| | R |
97 |
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page |
| | R |
98 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') |
| | R |
99 |
Improper Control of Resource Identifiers ('Resource Injection') |
| | R |
113 |
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
| | R |
116 |
Improper Encoding or Escaping of Output |
| | R |
117 |
Improper Output Neutralization for Logs |
| | R |
138 |
Improper Neutralization of Special Elements |
| | R |
183 |
Permissive List of Allowed Inputs |
| | R |
184 |
Incomplete List of Disallowed Inputs |
| | R |
200 |
Exposure of Sensitive Information to an Unauthorized Actor |
| | R |
201 |
Insertion of Sensitive Information Into Sent Data |
| | R |
205 |
Observable Behavioral Discrepancy |
| | R |
209 |
Generation of Error Message Containing Sensitive Information |
| | R |
213 |
Exposure of Sensitive Information Due to Incompatible Policies |
| | R |
219 |
Storage of File with Sensitive Data Under Web Root |
| | R |
223 |
Omission of Security-relevant Information |
D | | R |
226 |
Sensitive Information in Resource Not Removed Before Reuse |
| | R |
235 |
Improper Handling of Extra Parameters |
| | R |
255 |
Credentials Management Errors |
| | R |
256 |
Plaintext Storage of a Password |
| | R |
257 |
Storing Passwords in a Recoverable Format |
| | R |
259 |
Use of Hard-coded Password |
| | R |
260 |
Password in Configuration File |
| | R |
261 |
Weak Encoding for Password |
| | R |
264 |
Permissions, Privileges, and Access Controls |
| | R |
266 |
Incorrect Privilege Assignment |
| | R |
269 |
Improper Privilege Management |
| | R |
275 |
Permission Issues |
| | R |
276 |
Incorrect Default Permissions |
| | R |
280 |
Improper Handling of Insufficient Permissions or Privileges |
| | R |
284 |
Improper Access Control |
| | R |
285 |
Improper Authorization |
| | R |
287 |
Improper Authentication |
| | R |
288 |
Authentication Bypass Using an Alternate Path or Channel |
| | R |
290 |
Authentication Bypass by Spoofing |
| | R |
294 |
Authentication Bypass by Capture-replay |
| | R |
295 |
Improper Certificate Validation |
| | R |
296 |
Improper Following of a Certificate's Chain of Trust |
| | R |
297 |
Improper Validation of Certificate with Host Mismatch |
| | R |
300 |
Channel Accessible by Non-Endpoint |
| | R |
302 |
Authentication Bypass by Assumed-Immutable Data |
| | R |
304 |
Missing Critical Step in Authentication |
| | R |
306 |
Missing Authentication for Critical Function |
| | R |
307 |
Improper Restriction of Excessive Authentication Attempts |
| | R |
310 |
Cryptographic Issues |
| | R |
311 |
Missing Encryption of Sensitive Data |
| | R |
312 |
Cleartext Storage of Sensitive Information |
| | R |
313 |
Cleartext Storage in a File or on Disk |
| | R |
315 |
Cleartext Storage of Sensitive Information in a Cookie |
| | R |
316 |
Cleartext Storage of Sensitive Information in Memory |
| | R |
319 |
Cleartext Transmission of Sensitive Information |
| | R |
321 |
Use of Hard-coded Cryptographic Key |
| | R |
322 |
Key Exchange without Entity Authentication |
| | R |
323 |
Reusing a Nonce, Key Pair in Encryption |
| | R |
324 |
Use of a Key Past its Expiration Date |
| | R |
325 |
Missing Cryptographic Step |
| | R |
326 |
Inadequate Encryption Strength |
| | R |
327 |
Use of a Broken or Risky Cryptographic Algorithm |
D | N | R |
328 |
Use of Weak Hash |
| | R |
329 |
Generation of Predictable IV with CBC Mode |
| | R |
330 |
Use of Insufficiently Random Values |
| | R |
331 |
Insufficient Entropy |
| | R |
335 |
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) |
| | R |
336 |
Same Seed in Pseudo-Random Number Generator (PRNG) |
| | R |
337 |
Predictable Seed in Pseudo-Random Number Generator (PRNG) |
| | R |
338 |
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
| | R |
340 |
Generation of Predictable Numbers or Identifiers |
| | R |
345 |
Insufficient Verification of Data Authenticity |
| | R |
346 |
Origin Validation Error |
| | R |
347 |
Improper Verification of Cryptographic Signature |
| | R |
352 |
Cross-Site Request Forgery (CSRF) |
| | R |
353 |
Missing Support for Integrity Check |
| | R |
359 |
Exposure of Private Personal Information to an Unauthorized Actor |
| | R |
377 |
Insecure Temporary File |
| | R |
384 |
Session Fixation |
| | R |
402 |
Transmission of Private Resources into a New Sphere ('Resource Leak') |
| | R |
415 |
Double Free |
| | R |
419 |
Unprotected Primary Channel |
| | R |
425 |
Direct Request ('Forced Browsing') |
| | R |
426 |
Untrusted Search Path |
| | R |
430 |
Deployment of Wrong Handler |
| | R |
434 |
Unrestricted Upload of File with Dangerous Type |
| | R |
441 |
Unintended Proxy or Intermediary ('Confused Deputy') |
| | R |
444 |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') |
| | R |
451 |
User Interface (UI) Misrepresentation of Critical Information |
| | R |
470 |
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') |
| | R |
471 |
Modification of Assumed-Immutable Data (MAID) |
| | R |
472 |
External Control of Assumed-Immutable Web Parameter |
| | R |
494 |
Download of Code Without Integrity Check |
| | R |
497 |
Exposure of Sensitive System Information to an Unauthorized Control Sphere |
| | R |
501 |
Trust Boundary Violation |
| | R |
502 |
Deserialization of Untrusted Data |
| | R |
520 |
.NET Misconfiguration: Use of Impersonation |
| | R |
521 |
Weak Password Requirements |
| | R |
522 |
Insufficiently Protected Credentials |
| | R |
523 |
Unprotected Transport of Credentials |
| | R |
525 |
Use of Web Browser Cache Containing Sensitive Information |
| | R |
526 |
Exposure of Sensitive Information Through Environmental Variables |
| | R |
532 |
Insertion of Sensitive Information into Log File |
| | R |
537 |
Java Runtime Error Message Containing Sensitive Information |
| | R |
538 |
Insertion of Sensitive Information into Externally-Accessible File or Directory |
| | R |
539 |
Use of Persistent Cookies Containing Sensitive Information |
| | R |
540 |
Inclusion of Sensitive Information in Source Code |
| | R |
541 |
Inclusion of Sensitive Information in an Include File |
| | R |
547 |
Use of Hard-coded, Security-relevant Constants |
| | R |
548 |
Exposure of Information Through Directory Listing |
| | R |
552 |
Files or Directories Accessible to External Parties |
| | R |
564 |
SQL Injection: Hibernate |
| | R |
565 |
Reliance on Cookies without Validation and Integrity Checking |
| | R |
566 |
Authorization Bypass Through User-Controlled SQL Primary Key |
| | R |
579 |
J2EE Bad Practices: Non-serializable Object Stored in Session |
| | R |
598 |
Use of GET Request Method With Sensitive Query Strings |
| | R |
601 |
URL Redirection to Untrusted Site ('Open Redirect') |
| | R |
602 |
Client-Side Enforcement of Server-Side Security |
| | R |
610 |
Externally Controlled Reference to a Resource in Another Sphere |
| | R |
611 |
Improper Restriction of XML External Entity Reference |
| | R |
613 |
Insufficient Session Expiration |
| | R |
614 |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute |
| | R |
620 |
Unverified Password Change |
| | R |
639 |
Authorization Bypass Through User-Controlled Key |
| | R |
640 |
Weak Password Recovery Mechanism for Forgotten Password |
| | R |
642 |
External Control of Critical State Data |
| | R |
643 |
Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
| | R |
644 |
Improper Neutralization of HTTP Headers for Scripting Syntax |
| | R |
646 |
Reliance on File Name or Extension of Externally-Supplied File |
| | R |
650 |
Trusting HTTP Permission Methods on the Server Side |
| | R |
651 |
Exposure of WSDL File Containing Sensitive Information |
| | R |
652 |
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') |
D | N | R |
653 |
Improper Isolation or Compartmentalization |
| | R |
656 |
Reliance on Security Through Obscurity |
| | R |
657 |
Violation of Secure Design Principles |
| | R |
668 |
Exposure of Resource to Wrong Sphere |
| | R |
672 |
Operation on a Resource after Expiration or Release |
| N | R |
675 |
Multiple Operations on Resource in Single-Operation Context |
| | R |
693 |
Protection Mechanism Failure |
| | R |
703 |
Improper Check or Handling of Exceptional Conditions |
| | R |
706 |
Use of Incorrectly-Resolved Name or Reference |
| | R |
720 |
OWASP Top Ten 2007 Category A9 - Insecure Communications |
| | R |
756 |
Missing Custom Error Page |
| | R |
757 |
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') |
| | R |
759 |
Use of a One-Way Hash without a Salt |
| | R |
760 |
Use of a One-Way Hash with a Predictable Salt |
| | R |
776 |
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') |
| | R |
778 |
Insufficient Logging |
| | R |
780 |
Use of RSA Algorithm without OAEP |
| | R |
784 |
Reliance on Cookies without Validation and Integrity Checking in a Security Decision |
| | R |
798 |
Use of Hard-coded Credentials |
| | R |
799 |
Improper Control of Interaction Frequency |
| | R |
807 |
Reliance on Untrusted Inputs in a Security Decision |
| | R |
818 |
OWASP Top Ten 2010 Category A9 - Insufficient Transport Layer Protection |
| | R |
829 |
Inclusion of Functionality from Untrusted Control Sphere |
| | R |
830 |
Inclusion of Web Functionality from an Untrusted Source |
| | R |
840 |
Business Logic Errors |
| | R |
841 |
Improper Enforcement of Behavioral Workflow |
| | R |
862 |
Missing Authorization |
| | R |
863 |
Incorrect Authorization |
| | R |
913 |
Improper Control of Dynamically-Managed Code Resources |
| | R |
915 |
Improperly Controlled Modification of Dynamically-Determined Object Attributes |
| | R |
916 |
Use of Password Hash With Insufficient Computational Effort |
| | R |
917 |
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') |
| | R |
918 |
Server-Side Request Forgery (SSRF) |
| | R |
922 |
Insecure Storage of Sensitive Information |
| | R |
927 |
Use of Implicit Intent for Sensitive Communication |
| | R |
937 |
OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities |
| | R |
940 |
Improper Verification of Source of a Communication Channel |
| | R |
942 |
Permissive Cross-domain Policy with Untrusted Domains |
| | R |
1004 |
Sensitive Cookie Without 'HttpOnly' Flag |
| | R |
1021 |
Improper Restriction of Rendered UI Layers or Frames |
| | R |
1032 |
OWASP Top Ten 2017 Category A6 - Security Misconfiguration |
| | R |
1035 |
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities |
| | R |
1104 |
Use of Unmaintained Third Party Components |
| | R |
1173 |
Improper Use of Validation Framework |
| | R |
1174 |
ASP.NET Misconfiguration: Improper Model Validation |
D | | R |
1189 |
Improper Isolation of Shared Resources on System-on-a-Chip (SoC) |
D | N | R |
1191 |
On-Chip Debug and Test Interface With Improper Access Control |
| | R |
1201 |
Core and Compute Issues |
| | R |
1216 |
Lockout Mechanism Errors |
D | N | R |
1231 |
Improper Prevention of Lock Bit Modification |
D | N | R |
1233 |
Security-Sensitive Hardware Controls with Missing Lock Bit Protection |
| | R |
1239 |
Improper Zeroization of Hardware Register |
D | N | R |
1240 |
Use of a Cryptographic Primitive with a Risky Implementation |
D | N | R |
1244 |
Internal Asset Exposed to Unsafe Debug Access Level or State |
D | N | |
1247 |
Improper Protection Against Voltage and Clock Glitches |
D | | |
1253 |
Incorrect Selection of Fuse Values |
| | R |
1255 |
Comparison Logic is Vulnerable to Power Side-Channel Attacks |
D | N | R |
1256 |
Improper Restriction of Software Interfaces to Hardware Features |
D | | |
1259 |
Improper Restriction of Security Token Assignment |
D | | R |
1260 |
Improper Handling of Overlap Between Protected Memory Ranges |
D | N | |
1262 |
Improper Access Control for Register Interface |
D | | |
1263 |
Improper Physical Access Control |
D | | R |
1272 |
Sensitive Information Uncleared Before Debug/Power State Transition |
D | | |
1273 |
Device Unlock Credential Sharing |
D | N | R |
1274 |
Improper Access Control for Volatile Memory Containing Boot Code |
| | R |
1275 |
Sensitive Cookie with Improper SameSite Attribute |
D | | R |
1277 |
Firmware Not Updateable |
D | | |
1289 |
Improper Validation of Unsafe Equivalence in Input |
D | N | R |
1300 |
Improper Protection of Physical Side Channels |
D | | |
1301 |
Insufficient or Incomplete Data Removal within Hardware Component |
| | R |
1302 |
Missing Security Identifier |
| | R |
1321 |
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') |
D | N | R |
1331 |
Improper Isolation of Shared Resources in Network On Chip (NoC) |
D | N | R |
1332 |
Improper Handling of Faults that Lead to Instruction Skips |
D | | |
1333 |
Inefficient Regular Expression Complexity |
2 |
7PK - Environment |
|
Major |
Relationships |
|
Minor |
None |
11 |
ASP.NET Misconfiguration: Creating Debug Binary |
|
Major |
Relationships |
|
Minor |
None |
13 |
ASP.NET Misconfiguration: Password in Configuration File |
|
Major |
Relationships |
|
Minor |
None |
15 |
External Control of System or Configuration Setting |
|
Major |
Relationships |
|
Minor |
None |
16 |
Configuration |
|
Major |
Relationships |
|
Minor |
None |
20 |
Improper Input Validation |
|
Major |
Relationships |
|
Minor |
None |
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
Major |
Observed_Examples, Relationships |
|
Minor |
None |
23 |
Relative Path Traversal |
|
Major |
Relationships |
|
Minor |
None |
35 |
Path Traversal: '.../...//' |
|
Major |
Relationships |
|
Minor |
None |
59 |
Improper Link Resolution Before File Access ('Link Following') |
|
Major |
Relationships |
|
Minor |
None |
73 |
External Control of File Name or Path |
|
Major |
Relationships |
|
Minor |
None |
74 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
|
Major |
Relationships |
|
Minor |
None |
75 |
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
|
Major |
Relationships |
|
Minor |
None |
77 |
Improper Neutralization of Special Elements used in a Command ('Command Injection') |
|
Major |
Relationships |
|
Minor |
None |
78 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
|
Major |
Relationships |
|
Minor |
None |
79 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
|
Major |
Relationships |
|
Minor |
None |
80 |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
|
Major |
Relationships |
|
Minor |
None |
83 |
Improper Neutralization of Script in Attributes in a Web Page |
|
Major |
Relationships |
|
Minor |
None |
87 |
Improper Neutralization of Alternate XSS Syntax |
|
Major |
Relationships |
|
Minor |
None |
88 |
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
|
Major |
Relationships |
|
Minor |
None |
89 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
|
Major |
Relationships |
|
Minor |
None |
90 |
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
|
Major |
Relationships |
|
Minor |
None |
91 |
XML Injection (aka Blind XPath Injection) |
|
Major |
Relationships |
|
Minor |
None |
93 |
Improper Neutralization of CRLF Sequences ('CRLF Injection') |
|
Major |
Relationships |
|
Minor |
None |
94 |
Improper Control of Generation of Code ('Code Injection') |
|
Major |
Relationships |
|
Minor |
None |
95 |
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
|
Major |
Relationships |
|
Minor |
None |
96 |
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
|
Major |
Relationships |
|
Minor |
None |
97 |
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page |
|
Major |
Relationships |
|
Minor |
None |
98 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') |
|
Major |
Relationships |
|
Minor |
None |
99 |
Improper Control of Resource Identifiers ('Resource Injection') |
|
Major |
Relationships |
|
Minor |
None |
113 |
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
|
Major |
Relationships |
|
Minor |
None |
116 |
Improper Encoding or Escaping of Output |
|
Major |
Relationships |
|
Minor |
None |
117 |
Improper Output Neutralization for Logs |
|
Major |
Relationships |
|
Minor |
None |
124 |
Buffer Underwrite ('Buffer Underflow') |
|
Major |
Observed_Examples |
|
Minor |
None |
138 |
Improper Neutralization of Special Elements |
|
Major |
Relationships |
|
Minor |
None |
183 |
Permissive List of Allowed Inputs |
|
Major |
Relationships |
|
Minor |
None |
184 |
Incomplete List of Disallowed Inputs |
|
Major |
Relationships |
|
Minor |
None |
200 |
Exposure of Sensitive Information to an Unauthorized Actor |
|
Major |
Relationships |
|
Minor |
None |
201 |
Insertion of Sensitive Information Into Sent Data |
|
Major |
Relationships |
|
Minor |
None |
203 |
Observable Discrepancy |
|
Major |
Observed_Examples |
|
Minor |
None |
205 |
Observable Behavioral Discrepancy |
|
Major |
Relationships |
|
Minor |
None |
209 |
Generation of Error Message Containing Sensitive Information |
|
Major |
Relationships |
|
Minor |
None |
213 |
Exposure of Sensitive Information Due to Incompatible Policies |
|
Major |
Relationships |
|
Minor |
None |
219 |
Storage of File with Sensitive Data Under Web Root |
|
Major |
Relationships |
|
Minor |
None |
223 |
Omission of Security-relevant Information |
|
Major |
Relationships |
|
Minor |
None |
226 |
Sensitive Information in Resource Not Removed Before Reuse |
|
Major |
Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Potential_Mitigations, Relationships, Research_Gaps |
|
Minor |
None |
235 |
Improper Handling of Extra Parameters |
|
Major |
Relationships |
|
Minor |
None |
244 |
Improper Clearing of Heap Memory Before Release ('Heap Inspection') |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
255 |
Credentials Management Errors |
|
Major |
Relationships |
|
Minor |
None |
256 |
Plaintext Storage of a Password |
|
Major |
Relationships |
|
Minor |
None |
257 |
Storing Passwords in a Recoverable Format |
|
Major |
Relationships |
|
Minor |
None |
259 |
Use of Hard-coded Password |
|
Major |
Relationships |
|
Minor |
None |
260 |
Password in Configuration File |
|
Major |
Relationships |
|
Minor |
None |
261 |
Weak Encoding for Password |
|
Major |
Relationships |
|
Minor |
None |
264 |
Permissions, Privileges, and Access Controls |
|
Major |
Relationships |
|
Minor |
None |
266 |
Incorrect Privilege Assignment |
|
Major |
Relationships |
|
Minor |
None |
269 |
Improper Privilege Management |
|
Major |
Relationships |
|
Minor |
None |
275 |
Permission Issues |
|
Major |
Relationships |
|
Minor |
None |
276 |
Incorrect Default Permissions |
|
Major |
Relationships |
|
Minor |
None |
280 |
Improper Handling of Insufficient Permissions or Privileges |
|
Major |
Relationships |
|
Minor |
None |
284 |
Improper Access Control |
|
Major |
Relationships |
|
Minor |
None |
285 |
Improper Authorization |
|
Major |
Relationships |
|
Minor |
None |
287 |
Improper Authentication |
|
Major |
Relationships |
|
Minor |
None |
288 |
Authentication Bypass Using an Alternate Path or Channel |
|
Major |
Relationships |
|
Minor |
None |
290 |
Authentication Bypass by Spoofing |
|
Major |
Relationships |
|
Minor |
None |
294 |
Authentication Bypass by Capture-replay |
|
Major |
Relationships |
|
Minor |
None |
295 |
Improper Certificate Validation |
|
Major |
Observed_Examples, Relationships |
|
Minor |
None |
296 |
Improper Following of a Certificate's Chain of Trust |
|
Major |
Relationships |
|
Minor |
None |
297 |
Improper Validation of Certificate with Host Mismatch |
|
Major |
Relationships |
|
Minor |
None |
300 |
Channel Accessible by Non-Endpoint |
|
Major |
Relationships |
|
Minor |
None |
302 |
Authentication Bypass by Assumed-Immutable Data |
|
Major |
Relationships |
|
Minor |
None |
304 |
Missing Critical Step in Authentication |
|
Major |
Relationships |
|
Minor |
None |
306 |
Missing Authentication for Critical Function |
|
Major |
Relationships |
|
Minor |
None |
307 |
Improper Restriction of Excessive Authentication Attempts |
|
Major |
Demonstrative_Examples, References, Relationships |
|
Minor |
None |
310 |
Cryptographic Issues |
|
Major |
Relationships |
|
Minor |
None |
311 |
Missing Encryption of Sensitive Data |
|
Major |
Relationships |
|
Minor |
None |
312 |
Cleartext Storage of Sensitive Information |
|
Major |
Relationships |
|
Minor |
None |
313 |
Cleartext Storage in a File or on Disk |
|
Major |
Relationships |
|
Minor |
None |
315 |
Cleartext Storage of Sensitive Information in a Cookie |
|
Major |
Relationships |
|
Minor |
None |
316 |
Cleartext Storage of Sensitive Information in Memory |
|
Major |
Relationships |
|
Minor |
None |
319 |
Cleartext Transmission of Sensitive Information |
|
Major |
Relationships |
|
Minor |
None |
321 |
Use of Hard-coded Cryptographic Key |
|
Major |
Relationships |
|
Minor |
None |
322 |
Key Exchange without Entity Authentication |
|
Major |
Relationships |
|
Minor |
None |
323 |
Reusing a Nonce, Key Pair in Encryption |
|
Major |
Relationships |
|
Minor |
None |
324 |
Use of a Key Past its Expiration Date |
|
Major |
Relationships |
|
Minor |
None |
325 |
Missing Cryptographic Step |
|
Major |
Relationships |
|
Minor |
None |
326 |
Inadequate Encryption Strength |
|
Major |
Relationships |
|
Minor |
None |
327 |
Use of a Broken or Risky Cryptographic Algorithm |
|
Major |
Maintenance_Notes, Potential_Mitigations, Relationships |
|
Minor |
None |
328 |
Use of Weak Hash |
|
Major |
Description, Maintenance_Notes, Name, Observed_Examples, References, Relationships |
|
Minor |
None |
329 |
Generation of Predictable IV with CBC Mode |
|
Major |
Relationships |
|
Minor |
None |
330 |
Use of Insufficiently Random Values |
|
Major |
Relationships |
|
Minor |
None |
331 |
Insufficient Entropy |
|
Major |
Relationships |
|
Minor |
None |
332 |
Insufficient Entropy in PRNG |
|
Major |
Observed_Examples |
|
Minor |
None |
335 |
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) |
|
Major |
Relationships |
|
Minor |
None |
336 |
Same Seed in Pseudo-Random Number Generator (PRNG) |
|
Major |
Relationships |
|
Minor |
None |
337 |
Predictable Seed in Pseudo-Random Number Generator (PRNG) |
|
Major |
Relationships |
|
Minor |
None |
338 |
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
|
Major |
Relationships |
|
Minor |
None |
340 |
Generation of Predictable Numbers or Identifiers |
|
Major |
Relationships |
|
Minor |
None |
345 |
Insufficient Verification of Data Authenticity |
|
Major |
Relationships |
|
Minor |
None |
346 |
Origin Validation Error |
|
Major |
Relationships |
|
Minor |
None |
347 |
Improper Verification of Cryptographic Signature |
|
Major |
Relationships |
|
Minor |
None |
352 |
Cross-Site Request Forgery (CSRF) |
|
Major |
Relationships |
|
Minor |
None |
353 |
Missing Support for Integrity Check |
|
Major |
Relationships |
|
Minor |
None |
359 |
Exposure of Private Personal Information to an Unauthorized Actor |
|
Major |
Relationships |
|
Minor |
None |
362 |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
|
Major |
Observed_Examples, References |
|
Minor |
None |
377 |
Insecure Temporary File |
|
Major |
Relationships |
|
Minor |
None |
384 |
Session Fixation |
|
Major |
Relationships |
|
Minor |
None |
402 |
Transmission of Private Resources into a New Sphere ('Resource Leak') |
|
Major |
Relationships |
|
Minor |
None |
415 |
Double Free |
|
Major |
Relationships |
|
Minor |
None |
419 |
Unprotected Primary Channel |
|
Major |
Relationships |
|
Minor |
None |
425 |
Direct Request ('Forced Browsing') |
|
Major |
Relationships |
|
Minor |
None |
426 |
Untrusted Search Path |
|
Major |
Relationships |
|
Minor |
None |
430 |
Deployment of Wrong Handler |
|
Major |
Relationships |
|
Minor |
None |
434 |
Unrestricted Upload of File with Dangerous Type |
|
Major |
Relationships |
|
Minor |
None |
441 |
Unintended Proxy or Intermediary ('Confused Deputy') |
|
Major |
Relationships |
|
Minor |
None |
444 |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') |
|
Major |
Relationships |
|
Minor |
None |
451 |
User Interface (UI) Misrepresentation of Critical Information |
|
Major |
Relationships |
|
Minor |
None |
470 |
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') |
|
Major |
Relationships |
|
Minor |
None |
471 |
Modification of Assumed-Immutable Data (MAID) |
|
Major |
Relationships |
|
Minor |
None |
472 |
External Control of Assumed-Immutable Web Parameter |
|
Major |
Relationships |
|
Minor |
None |
494 |
Download of Code Without Integrity Check |
|
Major |
Observed_Examples, Relationships |
|
Minor |
None |
497 |
Exposure of Sensitive System Information to an Unauthorized Control Sphere |
|
Major |
Relationships |
|
Minor |
None |
501 |
Trust Boundary Violation |
|
Major |
Relationships |
|
Minor |
None |
502 |
Deserialization of Untrusted Data |
|
Major |
Relationships |
|
Minor |
None |
520 |
.NET Misconfiguration: Use of Impersonation |
|
Major |
Relationships |
|
Minor |
None |
521 |
Weak Password Requirements |
|
Major |
Relationships |
|
Minor |
None |
522 |
Insufficiently Protected Credentials |
|
Major |
Relationships |
|
Minor |
None |
523 |
Unprotected Transport of Credentials |
|
Major |
Relationships |
|
Minor |
None |
525 |
Use of Web Browser Cache Containing Sensitive Information |
|
Major |
Relationships |
|
Minor |
None |
526 |
Exposure of Sensitive Information Through Environmental Variables |
|
Major |
Relationships |
|
Minor |
None |
532 |
Insertion of Sensitive Information into Log File |
|
Major |
Relationships |
|
Minor |
None |
537 |
Java Runtime Error Message Containing Sensitive Information |
|
Major |
Relationships |
|
Minor |
None |
538 |
Insertion of Sensitive Information into Externally-Accessible File or Directory |
|
Major |
Relationships |
|
Minor |
None |
539 |
Use of Persistent Cookies Containing Sensitive Information |
|
Major |
Relationships |
|
Minor |
None |
540 |
Inclusion of Sensitive Information in Source Code |
|
Major |
Relationships |
|
Minor |
None |
541 |
Inclusion of Sensitive Information in an Include File |
|
Major |
Relationships |
|
Minor |
None |
547 |
Use of Hard-coded, Security-relevant Constants |
|
Major |
Relationships |
|
Minor |
None |
548 |
Exposure of Information Through Directory Listing |
|
Major |
Relationships |
|
Minor |
None |
552 |
Files or Directories Accessible to External Parties |
|
Major |
Relationships |
|
Minor |
None |
564 |
SQL Injection: Hibernate |
|
Major |
Relationships |
|
Minor |
None |
565 |
Reliance on Cookies without Validation and Integrity Checking |
|
Major |
Relationships |
|
Minor |
None |
566 |
Authorization Bypass Through User-Controlled SQL Primary Key |
|
Major |
Relationships |
|
Minor |
None |
579 |
J2EE Bad Practices: Non-serializable Object Stored in Session |
|
Major |
Relationships |
|
Minor |
None |
598 |
Use of GET Request Method With Sensitive Query Strings |
|
Major |
Relationships |
|
Minor |
None |
601 |
URL Redirection to Untrusted Site ('Open Redirect') |
|
Major |
Relationships |
|
Minor |
None |
602 |
Client-Side Enforcement of Server-Side Security |
|
Major |
Relationships |
|
Minor |
None |
610 |
Externally Controlled Reference to a Resource in Another Sphere |
|
Major |
Relationships |
|
Minor |
None |
611 |
Improper Restriction of XML External Entity Reference |
|
Major |
Relationships |
|
Minor |
None |
613 |
Insufficient Session Expiration |
|
Major |
Relationships |
|
Minor |
None |
614 |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute |
|
Major |
Relationships |
|
Minor |
None |
620 |
Unverified Password Change |
|
Major |
Relationships |
|
Minor |
None |
639 |
Authorization Bypass Through User-Controlled Key |
|
Major |
Relationships |
|
Minor |
None |
640 |
Weak Password Recovery Mechanism for Forgotten Password |
|
Major |
Relationships |
|
Minor |
None |
642 |
External Control of Critical State Data |
|
Major |
Relationships |
|
Minor |
None |
643 |
Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
|
Major |
Relationships |
|
Minor |
None |
644 |
Improper Neutralization of HTTP Headers for Scripting Syntax |
|
Major |
Relationships |
|
Minor |
None |
646 |
Reliance on File Name or Extension of Externally-Supplied File |
|
Major |
Relationships |
|
Minor |
None |
650 |
Trusting HTTP Permission Methods on the Server Side |
|
Major |
Relationships |
|
Minor |
None |
651 |
Exposure of WSDL File Containing Sensitive Information |
|
Major |
Relationships |
|
Minor |
None |
652 |
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') |
|
Major |
Relationships |
|
Minor |
None |
653 |
Improper Isolation or Compartmentalization |
|
Major |
Description, Name, Observed_Examples, References, Relationships |
|
Minor |
Potential_Mitigations, Relationship_Notes |
656 |
Reliance on Security Through Obscurity |
|
Major |
Relationships |
|
Minor |
None |
657 |
Violation of Secure Design Principles |
|
Major |
Relationships |
|
Minor |
None |
668 |
Exposure of Resource to Wrong Sphere |
|
Major |
Relationships |
|
Minor |
None |
670 |
Always-Incorrect Control Flow Implementation |
|
Major |
Observed_Examples |
|
Minor |
None |
672 |
Operation on a Resource after Expiration or Release |
|
Major |
Relationships |
|
Minor |
None |
675 |
Multiple Operations on Resource in Single-Operation Context |
|
Major |
Name, Relationships |
|
Minor |
None |
693 |
Protection Mechanism Failure |
|
Major |
Relationships |
|
Minor |
None |
703 |
Improper Check or Handling of Exceptional Conditions |
|
Major |
Relationships |
|
Minor |
None |
706 |
Use of Incorrectly-Resolved Name or Reference |
|
Major |
Relationships |
|
Minor |
None |
720 |
OWASP Top Ten 2007 Category A9 - Insecure Communications |
|
Major |
Relationships |
|
Minor |
None |
755 |
Improper Handling of Exceptional Conditions |
|
Major |
Observed_Examples |
|
Minor |
None |
756 |
Missing Custom Error Page |
|
Major |
Relationships |
|
Minor |
None |
757 |
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') |
|
Major |
Relationships |
|
Minor |
None |
759 |
Use of a One-Way Hash without a Salt |
|
Major |
Relationships |
|
Minor |
None |
760 |
Use of a One-Way Hash with a Predictable Salt |
|
Major |
Relationships |
|
Minor |
None |
776 |
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') |
|
Major |
Relationships |
|
Minor |
None |
778 |
Insufficient Logging |
|
Major |
Relationships |
|
Minor |
None |
780 |
Use of RSA Algorithm without OAEP |
|
Major |
Relationships |
|
Minor |
None |
784 |
Reliance on Cookies without Validation and Integrity Checking in a Security Decision |
|
Major |
Relationships |
|
Minor |
None |
798 |
Use of Hard-coded Credentials |
|
Major |
Relationships |
|
Minor |
None |
799 |
Improper Control of Interaction Frequency |
|
Major |
Relationships |
|
Minor |
None |
807 |
Reliance on Untrusted Inputs in a Security Decision |
|
Major |
Relationships |
|
Minor |
None |
818 |
OWASP Top Ten 2010 Category A9 - Insufficient Transport Layer Protection |
|
Major |
Relationships |
|
Minor |
None |
829 |
Inclusion of Functionality from Untrusted Control Sphere |
|
Major |
Relationships |
|
Minor |
None |
830 |
Inclusion of Web Functionality from an Untrusted Source |
|
Major |
Relationships |
|
Minor |
None |
840 |
Business Logic Errors |
|
Major |
Relationships |
|
Minor |
None |
841 |
Improper Enforcement of Behavioral Workflow |
|
Major |
Relationships |
|
Minor |
None |
862 |
Missing Authorization |
|
Major |
Relationships |
|
Minor |
None |
863 |
Incorrect Authorization |
|
Major |
Relationships |
|
Minor |
None |
913 |
Improper Control of Dynamically-Managed Code Resources |
|
Major |
Relationships |
|
Minor |
None |
915 |
Improperly Controlled Modification of Dynamically-Determined Object Attributes |
|
Major |
Relationships |
|
Minor |
None |
916 |
Use of Password Hash With Insufficient Computational Effort |
|
Major |
Relationships |
|
Minor |
None |
917 |
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') |
|
Major |
Relationships |
|
Minor |
None |
918 |
Server-Side Request Forgery (SSRF) |
|
Major |
Relationships |
|
Minor |
None |
922 |
Insecure Storage of Sensitive Information |
|
Major |
Relationships |
|
Minor |
None |
927 |
Use of Implicit Intent for Sensitive Communication |
|
Major |
Relationships |
|
Minor |
None |
937 |
OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities |
|
Major |
Relationships |
|
Minor |
None |
940 |
Improper Verification of Source of a Communication Channel |
|
Major |
Relationships |
|
Minor |
None |
942 |
Permissive Cross-domain Policy with Untrusted Domains |
|
Major |
Relationships |
|
Minor |
None |
1004 |
Sensitive Cookie Without 'HttpOnly' Flag |
|
Major |
Relationships |
|
Minor |
None |
1021 |
Improper Restriction of Rendered UI Layers or Frames |
|
Major |
Relationships |
|
Minor |
None |
1032 |
OWASP Top Ten 2017 Category A6 - Security Misconfiguration |
|
Major |
Relationships |
|
Minor |
None |
1035 |
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities |
|
Major |
Relationships |
|
Minor |
None |
1104 |
Use of Unmaintained Third Party Components |
|
Major |
Relationships |
|
Minor |
None |
1173 |
Improper Use of Validation Framework |
|
Major |
Relationships |
|
Minor |
None |
1174 |
ASP.NET Misconfiguration: Improper Model Validation |
|
Major |
Relationships |
|
Minor |
None |
1189 |
Improper Isolation of Shared Resources on System-on-a-Chip (SoC) |
|
Major |
Description, Observed_Examples, References, Relationships, Weakness_Ordinalities |
|
Minor |
Demonstrative_Examples |
1191 |
On-Chip Debug and Test Interface With Improper Access Control |
|
Major |
Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Potential_Mitigations, Relationship_Notes, Relationships, Weakness_Ordinalities |
|
Minor |
None |
1201 |
Core and Compute Issues |
|
Major |
Relationships |
|
Minor |
None |
1209 |
Failure to Disable Reserved Bits |
|
Major |
Potential_Mitigations |
|
Minor |
None |
1216 |
Lockout Mechanism Errors |
|
Major |
Relationships |
|
Minor |
None |
1221 |
Incorrect Register Defaults or Module Parameters |
|
Major |
Common_Consequences |
|
Minor |
None |
1231 |
Improper Prevention of Lock Bit Modification |
|
Major |
Demonstrative_Examples, Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, Relationships, Weakness_Ordinalities |
|
Minor |
None |
1233 |
Security-Sensitive Hardware Controls with Missing Lock Bit Protection |
|
Major |
Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Weakness_Ordinalities |
|
Minor |
None |
1239 |
Improper Zeroization of Hardware Register |
|
Major |
Relationships |
|
Minor |
None |
1240 |
Use of a Cryptographic Primitive with a Risky Implementation |
|
Major |
Background_Details, Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Terminology_Notes, Weakness_Ordinalities |
|
Minor |
None |
1241 |
Use of Predictable Algorithm in Random Number Generator |
|
Major |
None |
|
Minor |
Potential_Mitigations |
1244 |
Internal Asset Exposed to Unsafe Debug Access Level or State |
|
Major |
Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships, Weakness_Ordinalities |
|
Minor |
None |
1247 |
Improper Protection Against Voltage and Clock Glitches |
|
Major |
Description, Detection_Factors, Name, References, Weakness_Ordinalities |
|
Minor |
None |
1253 |
Incorrect Selection of Fuse Values |
|
Major |
Description |
|
Minor |
None |
1255 |
Comparison Logic is Vulnerable to Power Side-Channel Attacks |
|
Major |
Maintenance_Notes, References, Relationships, Type |
|
Minor |
None |
1256 |
Improper Restriction of Software Interfaces to Hardware Features |
|
Major |
Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Modes_of_Introduction, Name, Observed_Examples, References, Relationships, Weakness_Ordinalities |
|
Minor |
None |
1257 |
Improper Access Control Applied to Mirrored or Aliased Memory Regions |
|
Major |
Potential_Mitigations |
|
Minor |
None |
1259 |
Improper Restriction of Security Token Assignment |
|
Major |
Description |
|
Minor |
None |
1260 |
Improper Handling of Overlap Between Protected Memory Ranges |
|
Major |
Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Observed_Examples, Relationships, Weakness_Ordinalities |
|
Minor |
None |
1262 |
Improper Access Control for Register Interface |
|
Major |
Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, Weakness_Ordinalities |
|
Minor |
None |
1263 |
Improper Physical Access Control |
|
Major |
Description |
|
Minor |
None |
1264 |
Hardware Logic with Insecure De-Synchronization between Control and Data Channels |
|
Major |
Weakness_Ordinalities |
|
Minor |
None |
1268 |
Policy Privileges are not Assigned Consistently Between Control and Data Agents |
|
Major |
Potential_Mitigations |
|
Minor |
None |
1271 |
Uninitialized Value on Reset for Registers Holding Security Settings |
|
Major |
Weakness_Ordinalities |
|
Minor |
None |
1272 |
Sensitive Information Uncleared Before Debug/Power State Transition |
|
Major |
Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Observed_Examples, Potential_Mitigations, References, Relationships, Weakness_Ordinalities |
|
Minor |
None |
1273 |
Device Unlock Credential Sharing |
|
Major |
Demonstrative_Examples, Description |
|
Minor |
None |
1274 |
Improper Access Control for Volatile Memory Containing Boot Code |
|
Major |
Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, Relationships, Weakness_Ordinalities |
|
Minor |
None |
1275 |
Sensitive Cookie with Improper SameSite Attribute |
|
Major |
Relationships |
|
Minor |
None |
1277 |
Firmware Not Updateable |
|
Major |
Common_Consequences, Description, Detection_Factors, Maintenance_Notes, Modes_of_Introduction, Observed_Examples, References, Relationships, Terminology_Notes, Weakness_Ordinalities |
|
Minor |
None |
1289 |
Improper Validation of Unsafe Equivalence in Input |
|
Major |
Description |
|
Minor |
None |
1290 |
Incorrect Decoding of Security Identifiers |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
1292 |
Incorrect Conversion of Security Identifiers |
|
Major |
None |
|
Minor |
Potential_Mitigations |
1294 |
Insecure Security Identifier Mechanism |
|
Major |
None |
|
Minor |
Potential_Mitigations |
1300 |
Improper Protection of Physical Side Channels |
|
Major |
Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, References, Relationships, Weakness_Ordinalities |
|
Minor |
None |
1301 |
Insufficient or Incomplete Data Removal within Hardware Component |
|
Major |
Description |
|
Minor |
None |
1302 |
Missing Security Identifier |
|
Major |
Demonstrative_Examples, Relationships |
|
Minor |
None |
1312 |
Missing Protection for Mirrored Regions in On-Chip Fabric Firewall |
|
Major |
Potential_Mitigations |
|
Minor |
None |
1315 |
Improper Setting of Bus Controlling Capability in Fabric End-point |
|
Major |
Maintenance_Notes |
|
Minor |
None |
1316 |
Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges |
|
Major |
Maintenance_Notes |
|
Minor |
None |
1317 |
Missing Security Checks in Fabric Bridge |
|
Major |
Observed_Examples |
|
Minor |
None |
1321 |
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') |
|
Major |
Relationships |
|
Minor |
None |
1323 |
Improper Management of Sensitive Trace Data |
|
Major |
Common_Consequences |
|
Minor |
None |
1324 |
Sensitive Information Accessible by Physical Probing of JTAG Interface |
|
Major |
Potential_Mitigations |
|
Minor |
None |
1326 |
Missing Immutable Root of Trust in Hardware |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
1328 |
Security Version Number Mutable to Older Versions |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
1331 |
Improper Isolation of Shared Resources in Network On Chip (NoC) |
|
Major |
Background_Details, Demonstrative_Examples, Description, Detection_Factors, Name, References, Relationships, Weakness_Ordinalities |
|
Minor |
None |
1332 |
Improper Handling of Faults that Lead to Instruction Skips |
|
Major |
Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Weakness_Ordinalities |
|
Minor |
None |
1333 |
Inefficient Regular Expression Complexity |
|
Major |
Description |
|
Minor |
None |
1337 |
Weaknesses in the 2021 CWE Top 25 Most Dangerous Software Weaknesses |
|
Major |
View_Audience |
|
Minor |
None |
1350 |
Weaknesses in the 2020 CWE Top 25 Most Dangerous Software Weaknesses |
|
Major |
View_Audience |
|
Minor |
None |
1351 |
Improper Handling of Hardware Behavior in Exceptionally Cold Environments |
|
Major |
None |
|
Minor |
Common_Consequences, Potential_Mitigations |