Improper Restriction of Operations within the Bounds of a Memory Buffer | 119 | 12617 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | 120 | 2833 |
Stack-based Buffer Overflow | 121 | 1712 |
Heap-based Buffer Overflow | 122 | 1229 |
Write-what-where Condition | 123 | 34 |
Buffer Underwrite ('Buffer Underflow') | 124 | 13 |
Out-of-bounds Read | 125 | 6651 |
Buffer Over-read | 126 | 265 |
Buffer Under-read | 127 | 5 |
Wrap-around Error | 128 | 2 |
Improper Validation of Array Index | 129 | 386 |
Improper Handling of Length Parameter Inconsistency | 130 | 51 |
Incorrect Calculation of Buffer Size | 131 | 133 |
Use of Externally-Controlled Format String | 134 | 336 |
Incorrect Calculation of Multi-Byte String Length | 135 | 0 |
Improper Neutralization of Special Elements | 138 | 10 |
Improper Neutralization of Delimiters | 140 | 8 |
Improper Neutralization of Parameter/Argument Delimiters | 141 | 5 |
Improper Neutralization of Value Delimiters | 142 | 0 |
Improper Neutralization of Record Delimiters | 143 | 0 |
Improper Neutralization of Line Delimiters | 144 | 0 |
Improper Neutralization of Section Delimiters | 145 | 0 |
Improper Neutralization of Expression/Command Delimiters | 146 | 3 |
Improper Neutralization of Input Terminators | 147 | 2 |
Improper Neutralization of Input Leaders | 148 | 1 |
Improper Neutralization of Quoting Syntax | 149 | 1 |
Improper Neutralization of Escape, Meta, or Control Sequences | 150 | 17 |
Improper Neutralization of Comment Delimiters | 151 | 0 |
Improper Neutralization of Macro Symbols | 152 | 0 |
Improper Neutralization of Substitution Characters | 153 | 0 |
Improper Neutralization of Variable Name Delimiters | 154 | 1 |
Improper Neutralization of Wildcards or Matching Symbols | 155 | 8 |
Improper Neutralization of Whitespace | 156 | 0 |
Failure to Sanitize Paired Delimiters | 157 | 0 |
Improper Neutralization of Null Byte or NUL Character | 158 | 12 |
Improper Handling of Invalid Use of Special Elements | 159 | 9 |
Improper Neutralization of Leading Special Elements | 160 | 0 |
Improper Neutralization of Multiple Leading Special Elements | 161 | 0 |
Improper Neutralization of Trailing Special Elements | 162 | 0 |
Improper Neutralization of Multiple Trailing Special Elements | 163 | 0 |
Improper Neutralization of Internal Special Elements | 164 | 0 |
Improper Neutralization of Multiple Internal Special Elements | 165 | 1 |
Improper Handling of Missing Special Element | 166 | 2 |
Improper Handling of Additional Special Element | 167 | 3 |
Improper Handling of Inconsistent Special Elements | 168 | 2 |
Improper Null Termination | 170 | 30 |
Encoding Error | 172 | 13 |
Improper Handling of Alternate Encoding | 173 | 2 |
Double Decoding of the Same Data | 174 | 0 |
Improper Handling of Mixed Encoding | 175 | 0 |
Improper Handling of Unicode Encoding | 176 | 8 |
Improper Handling of URL Encoding (Hex Encoding) | 177 | 6 |
Improper Handling of Case Sensitivity | 178 | 41 |
Incorrect Behavior Order: Early Validation | 179 | 3 |
Incorrect Behavior Order: Validate Before Canonicalize | 180 | 2 |
Incorrect Behavior Order: Validate Before Filter | 181 | 0 |
Collapse of Data into Unsafe Value | 182 | 2 |
Permissive List of Allowed Inputs | 183 | 11 |
Incomplete List of Disallowed Inputs | 184 | 41 |
Incorrect Regular Expression | 185 | 28 |
Overly Restrictive Regular Expression | 186 | 0 |
Partial String Comparison | 187 | 4 |
Reliance on Data/Memory Layout | 188 | 0 |
Integer Overflow or Wraparound | 190 | 2579 |
Integer Underflow (Wrap or Wraparound) | 191 | 274 |
Integer Coercion Error | 192 | 6 |
Off-by-one Error | 193 | 131 |
Unexpected Sign Extension | 194 | 4 |
Signed to Unsigned Conversion Error | 195 | 10 |
Unsigned to Signed Conversion Error | 196 | 3 |
Numeric Truncation Error | 197 | 32 |
Use of Incorrect Byte Ordering | 198 | 0 |
Exposure of Sensitive Information to an Unauthorized Actor | 200 | 8807 |
Insertion of Sensitive Information Into Sent Data | 201 | 74 |
Exposure of Sensitive Information Through Data Queries | 202 | 19 |
Observable Discrepancy | 203 | 578 |
Observable Response Discrepancy | 204 | 54 |
Observable Behavioral Discrepancy | 205 | 3 |
Observable Internal Behavioral Discrepancy | 206 | 0 |
Observable Behavioral Discrepancy With Equivalent Products | 207 | 0 |
Observable Timing Discrepancy | 208 | 75 |
Generation of Error Message Containing Sensitive Information | 209 | 375 |
Self-generated Error Message Containing Sensitive Information | 210 | 2 |
Externally-Generated Error Message Containing Sensitive Information | 211 | 0 |
Improper Removal of Sensitive Information Before Storage or Transfer | 212 | 76 |
Exposure of Sensitive Information Due to Incompatible Policies | 213 | 22 |
Invocation of Process Using Visible Sensitive Information | 214 | 12 |
Insertion of Sensitive Information Into Debugging Code | 215 | 7 |
Storage of File with Sensitive Data Under Web Root | 219 | 5 |
Storage of File With Sensitive Data Under FTP Root | 220 | 0 |
Information Loss or Omission | 221 | 1 |
Truncation of Security-relevant Information | 222 | 2 |
Omission of Security-relevant Information | 223 | 4 |
Obscured Security-relevant Information by Alternate Name | 224 | 0 |
Sensitive Information in Resource Not Removed Before Reuse | 226 | 11 |
Improper Handling of Syntactically Invalid Structure | 228 | 10 |
Improper Handling of Values | 229 | 13 |
Improper Handling of Missing Values | 230 | 6 |
Improper Handling of Extra Values | 231 | 4 |
Improper Handling of Undefined Values | 232 | 5 |