Pretraži prema CWE oznaci - CERT CVE

CWE lista

CWE ID Opis
CWE-556 Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.
CWE-558 The application uses the getlogin() function in a multithreaded context, potentially causing it to return incorrect values.
CWE-56 A software system that accepts path input in the form of asterisk wildcard ('filedir*') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
CWE-560 The product calls umask() with an incorrect argument that is specified as if it is an argument to chmod().
CWE-561 The software contains dead code, which can never be executed.
CWE-562 A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash.
CWE-563 The variable's value is assigned but never used, making it a dead store.
CWE-564 Using Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.
CWE-565 The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.
CWE-566 The software uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.