Assignment of a Fixed Address to a Pointer | 587 | 1 |
Attempt to Access Child of a Non-structure Pointer | 588 | 2 |
Call to Non-ubiquitous API | 589 | 0 |
Free of Memory not on the Heap | 590 | 11 |
Sensitive Data Storage in Improperly Locked Memory | 591 | 50 |
Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created | 593 | 0 |
J2EE Framework: Saving Unserializable Objects to Disk | 594 | 0 |
Comparison of Object References Instead of Object Contents | 595 | 1 |
Use of Wrong Operator in String Comparison | 597 | 3 |
Use of GET Request Method With Sensitive Query Strings | 598 | 26 |
Missing Validation of OpenSSL Certificate | 599 | 8 |
Uncaught Exception in Servlet | 600 | 1 |
URL Redirection to Untrusted Site ('Open Redirect') | 601 | 1060 |
Client-Side Enforcement of Server-Side Security | 602 | 28 |
Use of Client-Side Authentication | 603 | 10 |
Multiple Binds to the Same Port | 605 | 1 |
Unchecked Input for Loop Condition | 606 | 11 |
Public Static Final Field References Mutable Object | 607 | 0 |
Struts: Non-private Field in ActionForm Class | 608 | 0 |
Double-Checked Locking | 609 | 1 |
Externally Controlled Reference to a Resource in Another Sphere | 610 | 178 |
Improper Restriction of XML External Entity Reference | 611 | 1062 |
Improper Authorization of Index Containing Sensitive Information | 612 | 6 |
Insufficient Session Expiration | 613 | 341 |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | 614 | 29 |
Inclusion of Sensitive Information in Source Code Comments | 615 | 1 |
Incomplete Identification of Uploaded File Variables (PHP) | 616 | 5 |
Reachable Assertion | 617 | 490 |
Exposed Unsafe ActiveX Method | 618 | 0 |
Dangling Database Cursor ('Cursor Injection') | 619 | 0 |
Unverified Password Change | 620 | 25 |
Variable Extraction Error | 621 | 1 |
Improper Validation of Function Hook Arguments | 622 | 2 |
Unsafe ActiveX Control Marked Safe For Scripting | 623 | 1 |
Executable Regular Expression Error | 624 | 1 |
Permissive Regular Expression | 625 | 5 |
Null Byte Interaction Error (Poison Null Byte) | 626 | 4 |
Dynamic Variable Evaluation | 627 | 1 |
Function Call with Incorrectly Specified Arguments | 628 | 2 |
Not Failing Securely ('Failing Open') | 636 | 10 |
Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') | 637 | 0 |
Not Using Complete Mediation | 638 | 0 |
Authorization Bypass Through User-Controlled Key | 639 | 713 |
Weak Password Recovery Mechanism for Forgotten Password | 640 | 177 |
Improper Restriction of Names for Files and Other Resources | 641 | 7 |
External Control of Critical State Data | 642 | 10 |
Improper Neutralization of Data within XPath Expressions ('XPath Injection') | 643 | 7 |
Improper Neutralization of HTTP Headers for Scripting Syntax | 644 | 19 |
Overly Restrictive Account Lockout Mechanism | 645 | 4 |
Reliance on File Name or Extension of Externally-Supplied File | 646 | 6 |
Use of Non-Canonical URL Paths for Authorization Decisions | 647 | 0 |
Incorrect Use of Privileged APIs | 648 | 34 |
Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking | 649 | 3 |
Trusting HTTP Permission Methods on the Server Side | 650 | 6 |
Exposure of WSDL File Containing Sensitive Information | 651 | 0 |
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') | 652 | 0 |
Improper Isolation or Compartmentalization | 653 | 11 |
Reliance on a Single Factor in a Security Decision | 654 | 1 |
Insufficient Psychological Acceptability | 655 | 0 |
Reliance on Security Through Obscurity | 656 | 4 |
Violation of Secure Design Principles | 657 | 17 |
Improper Synchronization | 662 | 60 |
Use of a Non-reentrant Function in a Concurrent Context | 663 | 0 |
Improper Control of a Resource Through its Lifetime | 664 | 28 |
Improper Initialization | 665 | 311 |
Operation on Resource in Wrong Phase of Lifetime | 666 | 0 |
Improper Locking | 667 | 284 |
Exposure of Resource to Wrong Sphere | 668 | 1085 |
Incorrect Resource Transfer Between Spheres | 669 | 52 |
Always-Incorrect Control Flow Implementation | 670 | 92 |
Lack of Administrator Control over Security | 671 | 4 |
Operation on a Resource after Expiration or Release | 672 | 49 |
External Influence of Sphere Definition | 673 | 1 |
Uncontrolled Recursion | 674 | 267 |
Multiple Operations on Resource in Single-Operation Context | 675 | 1 |
Use of Potentially Dangerous Function | 676 | 6 |
Integer Overflow to Buffer Overflow | 680 | 89 |
Incorrect Conversion between Numeric Types | 681 | 94 |
Incorrect Calculation | 682 | 106 |
Function Call With Incorrect Order of Arguments | 683 | 1 |
Incorrect Provision of Specified Functionality | 684 | 9 |
Function Call With Incorrect Number of Arguments | 685 | 0 |
Function Call With Incorrect Argument Type | 686 | 2 |
Function Call With Incorrectly Specified Argument Value | 687 | 1 |
Function Call With Incorrect Variable or Reference as Argument | 688 | 1 |
Permission Race Condition During Resource Copy | 689 | 1 |
Unchecked Return Value to NULL Pointer Dereference | 690 | 23 |
Insufficient Control Flow Management | 691 | 14 |
Incomplete Denylist to Cross-Site Scripting | 692 | 3 |
Protection Mechanism Failure | 693 | 203 |
Use of Multiple Resources with Duplicate Identifier | 694 | 3 |
Use of Low-Level Functionality | 695 | 0 |
Incorrect Behavior Order | 696 | 10 |
Incorrect Comparison | 697 | 137 |
Execution After Redirect (EAR) | 698 | 7 |
Improper Check or Handling of Exceptional Conditions | 703 | 84 |
Incorrect Type Conversion or Cast | 704 | 239 |
Incorrect Control Flow Scoping | 705 | 1 |
Use of Incorrectly-Resolved Name or Reference | 706 | 70 |
Improper Neutralization | 707 | 239 |