CWE-556 |
Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges. |
CWE-558 |
The application uses the getlogin() function in a multithreaded context, potentially causing it to return incorrect values. |
CWE-56 |
A software system that accepts path input in the form of asterisk wildcard ('filedir*') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
CWE-560 |
The product calls umask() with an incorrect argument that is specified as if it is an argument to chmod(). |
CWE-561 |
The software contains dead code, which can never be executed. |
CWE-562 |
A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash. |
CWE-563 |
The variable's value is assigned but never used, making it a dead store. |
CWE-564 |
Using Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. |
CWE-565 |
The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user. |
CWE-566 |
The software uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor. |