Incorrect Ownership Assignment | 708 | 12 |
Improper Adherence to Coding Standards | 710 | 4 |
Incorrect Permission Assignment for Critical Resource | 732 | 1410 |
Compiler Optimization Removal or Modification of Security-critical Code | 733 | 1 |
Exposed Dangerous Method or Function | 749 | 91 |
Improper Check for Unusual or Exceptional Conditions | 754 | 374 |
Improper Handling of Exceptional Conditions | 755 | 536 |
Missing Custom Error Page | 756 | 2 |
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') | 757 | 13 |
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior | 758 | 1 |
Use of a One-Way Hash without a Salt | 759 | 6 |
Use of a One-Way Hash with a Predictable Salt | 760 | 5 |
Free of Pointer not at Start of Buffer | 761 | 0 |
Mismatched Memory Management Routines | 762 | 5 |
Release of Invalid Pointer or Reference | 763 | 70 |
Multiple Locks of a Critical Resource | 764 | 1 |
Multiple Unlocks of a Critical Resource | 765 | 0 |
Critical Data Element Declared Public | 766 | 0 |
Access to Critical Private Variable via Public Method | 767 | 2 |
Incorrect Short Circuit Evaluation | 768 | 0 |
Allocation of Resources Without Limits or Throttling | 770 | 967 |
Missing Reference to Active Allocated Resource | 771 | 2 |
Missing Release of Resource after Effective Lifetime | 772 | 429 |
Missing Reference to Active File Descriptor or Handle | 773 | 0 |
Allocation of File Descriptors or Handles Without Limits or Throttling | 774 | 1 |
Missing Release of File Descriptor or Handle after Effective Lifetime | 775 | 2 |
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') | 776 | 69 |
Regular Expression without Anchors | 777 | 0 |
Insufficient Logging | 778 | 12 |
Logging of Excessive Data | 779 | 15 |
Use of RSA Algorithm without OAEP | 780 | 0 |
Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code | 781 | 0 |
Exposed IOCTL with Insufficient Access Control | 782 | 22 |
Operator Precedence Logic Error | 783 | 13 |
Reliance on Cookies without Validation and Integrity Checking in a Security Decision | 784 | 6 |
Use of Path Manipulation Function without Maximum-sized Buffer | 785 | 0 |
Access of Memory Location Before Start of Buffer | 786 | 8 |
Out-of-bounds Write | 787 | 11243 |
Access of Memory Location After End of Buffer | 788 | 159 |
Memory Allocation with Excessive Size Value | 789 | 51 |
Improper Filtering of Special Elements | 790 | 8 |
Incomplete Filtering of Special Elements | 791 | 8 |
Incomplete Filtering of One or More Instances of Special Elements | 792 | 1 |
Only Filtering One Instance of a Special Element | 793 | 0 |
Incomplete Filtering of Multiple Instances of Special Elements | 794 | 4 |
Only Filtering Special Elements at a Specified Location | 795 | 0 |
Only Filtering Special Elements Relative to a Marker | 796 | 0 |
Only Filtering Special Elements at an Absolute Position | 797 | 0 |
Use of Hard-coded Credentials | 798 | 1311 |
Improper Control of Interaction Frequency | 799 | 27 |
Guessable CAPTCHA | 804 | 4 |
Buffer Access with Incorrect Length Value | 805 | 16 |
Buffer Access Using Size of Source Buffer | 806 | 0 |
Reliance on Untrusted Inputs in a Security Decision | 807 | 15 |
Missing Synchronization | 820 | 3 |
Incorrect Synchronization | 821 | 9 |
Untrusted Pointer Dereference | 822 | 99 |
Use of Out-of-range Pointer Offset | 823 | 62 |
Access of Uninitialized Pointer | 824 | 226 |
Expired Pointer Dereference | 825 | 19 |
Premature Release of Resource During Expected Lifetime | 826 | 1 |
Improper Control of Document Type Definition | 827 | 0 |
Signal Handler with Functionality that is not Asynchronous-Safe | 828 | 1 |
Inclusion of Functionality from Untrusted Control Sphere | 829 | 143 |
Inclusion of Web Functionality from an Untrusted Source | 830 | 4 |
Signal Handler Function Associated with Multiple Signals | 831 | 0 |
Unlock of a Resource that is not Locked | 832 | 1 |
Deadlock | 833 | 14 |
Excessive Iteration | 834 | 96 |
Loop with Unreachable Exit Condition ('Infinite Loop') | 835 | 637 |
Use of Password Hash Instead of Password for Authentication | 836 | 5 |
Improper Enforcement of a Single, Unique Action | 837 | 5 |
Inappropriate Encoding for Output Context | 838 | 12 |
Numeric Range Comparison Without Minimum Check | 839 | 2 |
Improper Enforcement of Behavioral Workflow | 841 | 13 |
Placement of User into Incorrect Group | 842 | 10 |
Access of Resource Using Incompatible Type ('Type Confusion') | 843 | 541 |
Missing Authorization | 862 | 3425 |
Incorrect Authorization | 863 | 2416 |
Use of Uninitialized Resource | 908 | 442 |
Missing Initialization of Resource | 909 | 94 |
Use of Expired File Descriptor | 910 | 1 |
Improper Update of Reference Count | 911 | 10 |
Hidden Functionality | 912 | 37 |
Improper Control of Dynamically-Managed Code Resources | 913 | 60 |
Improper Control of Dynamically-Identified Variables | 914 | 1 |
Improperly Controlled Modification of Dynamically-Determined Object Attributes | 915 | 112 |
Use of Password Hash With Insufficient Computational Effort | 916 | 88 |
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') | 917 | 167 |
Server-Side Request Forgery (SSRF) | 918 | 1286 |
Improper Restriction of Power Consumption | 920 | 4 |
Storage of Sensitive Data in a Mechanism without Access Control | 921 | 4 |
Insecure Storage of Sensitive Information | 922 | 231 |
Improper Restriction of Communication Channel to Intended Endpoints | 923 | 22 |
Improper Enforcement of Message Integrity During Transmission in a Communication Channel | 924 | 28 |
Improper Verification of Intent by Broadcast Receiver | 925 | 0 |
Improper Export of Android Application Components | 926 | 18 |
Use of Implicit Intent for Sensitive Communication | 927 | 12 |
Improper Authorization in Handler for Custom URL Scheme | 939 | 7 |
Improper Verification of Source of a Communication Channel | 940 | 25 |