Use of Invariant Value in Dynamically Changing Context | 344 | 2 |
Insufficient Verification of Data Authenticity | 345 | 412 |
Origin Validation Error | 346 | 281 |
Improper Verification of Cryptographic Signature | 347 | 469 |
Use of Less Trusted Source | 348 | 19 |
Acceptance of Extraneous Untrusted Data With Trusted Data | 349 | 21 |
Reliance on Reverse DNS Resolution for a Security-Critical Action | 350 | 14 |
Insufficient Type Distinction | 351 | 5 |
Cross-Site Request Forgery (CSRF) | 352 | 6421 |
Missing Support for Integrity Check | 353 | 23 |
Improper Validation of Integrity Check Value | 354 | 123 |
Product UI does not Warn User of Unsafe Actions | 356 | 18 |
Insufficient UI Warning of Dangerous Operations | 357 | 16 |
Improperly Implemented Security Check for Standard | 358 | 82 |
Exposure of Private Personal Information to an Unauthorized Actor | 359 | 71 |
Trust of System Event Data | 360 | 2 |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | 362 | 1595 |
Race Condition Enabling Link Following | 363 | 5 |
Signal Handler Race Condition | 364 | 6 |
Race Condition within a Thread | 366 | 9 |
Time-of-check Time-of-use (TOCTOU) Race Condition | 367 | 360 |
Context Switching Race Condition | 368 | 5 |
Divide By Zero | 369 | 332 |
Missing Check for Certificate Revocation after Initial Check | 370 | 0 |
Incomplete Internal State Distinction | 372 | 6 |
Passing Mutable Objects to an Untrusted Method | 374 | 1 |
Returning a Mutable Object to an Untrusted Caller | 375 | 0 |
Insecure Temporary File | 377 | 68 |
Creation of Temporary File With Insecure Permissions | 378 | 34 |
Creation of Temporary File in Directory with Insecure Permissions | 379 | 41 |
J2EE Bad Practices: Use of System.exit() | 382 | 0 |
J2EE Bad Practices: Direct Use of Threads | 383 | 0 |
Session Fixation | 384 | 318 |
Covert Timing Channel | 385 | 31 |
Symbolic Name not Mapping to Correct Object | 386 | 1 |
Detection of Error Condition Without Action | 390 | 8 |
Unchecked Error Condition | 391 | 24 |
Missing Report of Error Condition | 392 | 5 |
Return of Wrong Status Code | 393 | 5 |
Unexpected Status Code or Return Value | 394 | 8 |
Use of NullPointerException Catch to Detect NULL Pointer Dereference | 395 | 13 |
Declaration of Catch for Generic Exception | 396 | 1 |
Declaration of Throws for Generic Exception | 397 | 0 |
Uncontrolled Resource Consumption | 400 | 2477 |
Missing Release of Memory after Effective Lifetime | 401 | 755 |
Transmission of Private Resources into a New Sphere ('Resource Leak') | 402 | 18 |
Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') | 403 | 1 |
Improper Resource Shutdown or Release | 404 | 391 |
Asymmetric Resource Consumption (Amplification) | 405 | 14 |
Insufficient Control of Network Message Volume (Network Amplification) | 406 | 14 |
Inefficient Algorithmic Complexity | 407 | 29 |
Incorrect Behavior Order: Early Amplification | 408 | 2 |
Improper Handling of Highly Compressed Data (Data Amplification) | 409 | 11 |
Insufficient Resource Pool | 410 | 11 |
Unrestricted Externally Accessible Lock | 412 | 3 |
Improper Resource Locking | 413 | 3 |
Missing Lock Check | 414 | 1 |
Double Free | 415 | 538 |
Use After Free | 416 | 5008 |
Unprotected Primary Channel | 419 | 10 |
Unprotected Alternate Channel | 420 | 10 |
Race Condition During Access to Alternate Channel | 421 | 2 |
Unprotected Windows Messaging Channel ('Shatter') | 422 | 0 |
Improper Protection of Alternate Path | 424 | 13 |
Direct Request ('Forced Browsing') | 425 | 176 |
Untrusted Search Path | 426 | 508 |
Uncontrolled Search Path Element | 427 | 797 |
Unquoted Search Path or Element | 428 | 196 |
Deployment of Wrong Handler | 430 | 0 |
Missing Handler | 431 | 2 |
Dangerous Signal Handler not Disabled During Sensitive Operations | 432 | 0 |
Unparsed Raw Web Content Delivery | 433 | 0 |
Unrestricted Upload of File with Dangerous Type | 434 | 2743 |
Improper Interaction Between Multiple Correctly-Behaving Entities | 435 | 2 |
Interpretation Conflict | 436 | 73 |
Incomplete Model of Endpoint Features | 437 | 3 |
Behavioral Change in New Version or Environment | 439 | 0 |
Expected Behavior Violation | 440 | 29 |
Unintended Proxy or Intermediary ('Confused Deputy') | 441 | 21 |
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') | 444 | 234 |
UI Discrepancy for Security Feature | 446 | 1 |
Unimplemented or Unsupported Feature in UI | 447 | 2 |
Obsolete Feature in UI | 448 | 1 |
The UI Performs the Wrong Action | 449 | 15 |
Multiple Interpretations of UI Input | 450 | 4 |
User Interface (UI) Misrepresentation of Critical Information | 451 | 45 |
Insecure Default Variable Initialization | 453 | 14 |
External Initialization of Trusted Variables or Data Stores | 454 | 0 |
Non-exit on Failed Initialization | 455 | 1 |
Missing Initialization of a Variable | 456 | 7 |
Use of Uninitialized Variable | 457 | 72 |
Incomplete Cleanup | 459 | 132 |
Improper Cleanup on Thrown Exception | 460 | 13 |
Duplicate Key in Associative List (Alist) | 462 | 0 |
Deletion of Data Structure Sentinel | 463 | 2 |
Addition of Data Structure Sentinel | 464 | 0 |
Return of Pointer Value Outside of Expected Range | 466 | 2 |
Use of sizeof() on a Pointer Type | 467 | 2 |
Incorrect Pointer Scaling | 468 | 2 |
Use of Pointer Subtraction to Determine Size | 469 | 0 |