| CWE-115 |
The software misinterprets an input, whether from an attacker or another product, in a security-relevant fashion. |
| CWE-116 |
The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. |
| CWE-1164 |
The program contains code that is not essential for execution,
i.e. makes no state changes and has no side effects that alter
data or control flow, such that removal of the code would have no impact
to functionality or correctness. |
| CWE-117 |
The software does not neutralize or incorrectly neutralizes output that is written to logs. |
| CWE-1173 |
The application does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library. |
| CWE-1174 |
The ASP.NET application does not use, or incorrectly uses, the model validation framework. |
| CWE-1176 |
The program performs CPU computations using
algorithms that are not as efficient as they could be for the
needs of the developer, i.e., the computations can be
optimized further. |
| CWE-1177 |
The software uses a function, library, or third party component
that has been explicitly prohibited, whether by the developer or
the customer. |
| CWE-118 |
The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files. |
| CWE-1187 |
This entry has been deprecated because it was a duplicate of CWE-908. All content has been transferred to CWE-908. |
