Contenuto principale

La traduzione di questa pagina non è aggiornata. Fai clic qui per vedere l'ultima versione in inglese.

Enumerazione delle vulnerabilità comuni (CWE)

Elenco e descrizione delle regole dello standard di sicurezza CWE supportate da Polyspace®

L'enumerazione delle vulnerabilità comuni (CWE™) è un elenco dei tipi di vulnerabilità che possono verificarsi nell'architettura, nella progettazione, nel codice o nell'implementazione di un software. Queste debolezze possono portare a vulnerabilità di sicurezza.

Polyspace può controllare il codice rispetto a sottoinsiemi dell'elenco CWE, inclusi sottoinsiemi o debolezze specifiche del codice C o C++. Per attivare i sottoinsiemi dell'elenco CWE, utilizzare l'opzione di analisi Controllo CWE (-cwe). Polyspace supporta la versione 4.12 dello standard CWE.

Risultati di Polyspace

espandi tutto

CWE Rule 14Compiler Removal of Code to Clear Buffers (Da R2023a)
CWE Rule 15External Control of System or Configuration Setting (Da R2024a)
CWE Rule 20Improper Input Validation (Da R2024a)
CWE Rule 22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (Da R2024a)
CWE Rule 23Relative Path Traversal (Da R2024a)
CWE Rule 36Absolute Path Traversal (Da R2024a)
CWE Rule 67Improper Handling of Windows Device Names (Da R2024a)
CWE Rule 77Improper Neutralization of Special Elements used in a Command ('Command Injection') (Da R2024a)
CWE Rule 78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (Da R2024a)
CWE Rule 88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (Da R2024a)
CWE Rule 89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (Da R2023a)
CWE Rule 90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (Da R2023a)
CWE Rule 99Improper Control of Resource Identifiers ('Resource Injection') (Da R2024b)
CWE Rule 114Process Control (Da R2024a)
CWE Rule 119Improper Restriction of Operations within the Bounds of a Memory Buffer (Da R2023a)
CWE Rule 120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (Da R2023a)
CWE Rule 121Stack-based Buffer Overflow (Da R2023a)
CWE Rule 122Heap-based Buffer Overflow (Da R2023a)
CWE Rule 123Write-what-where Condition (Da R2023a)
CWE Rule 124Buffer Underwrite ('Buffer Underflow') (Da R2023a)
CWE Rule 125Out-of-bounds Read (Da R2023a)
CWE Rule 126Buffer Over-read (Da R2023a)
CWE Rule 127Buffer Under-read (Da R2023a)
CWE Rule 128Wrap-around Error (Da R2023a)
CWE Rule 129Improper Validation of Array Index (Da R2023a)
CWE Rule 130Improper Handling of Length Parameter Inconsistency (Da R2023a)
CWE Rule 131Incorrect Calculation of Buffer Size (Da R2023a)
CWE Rule 134Use of Externally-Controlled Format String (Da R2023a)
CWE Rule 135Incorrect Calculation of Multi-Byte String Length (Da R2023a)
CWE Rule 170Improper Null Termination (Da R2023a)
CWE Rule 188Reliance on Data/Memory Layout (Da R2023a)
CWE Rule 190Integer Overflow or Wraparound (Da R2024b)
CWE Rule 191Integer Underflow (Wrap or Wraparound) (Da R2023a)
CWE Rule 192Integer Coercion Error (Da R2023a)
CWE Rule 194Unexpected Sign Extension (Da R2023a)
CWE Rule 195Signed to Unsigned Conversion Error (Da R2023a)
CWE Rule 196Unsigned to Signed Conversion Error (Da R2023a)
CWE Rule 197Numeric Truncation Error (Da R2023a)
CWE Rule 198Use of Incorrect Byte Ordering (Da R2024a)
CWE Rule 226Sensitive Information in Resource Not Removed Before Reuse (Da R2024a)
CWE Rule 240Improper Handling of Inconsistent Structural Elements (Da R2024a)
CWE Rule 242Use of Inherently Dangerous Function (Da R2023a)
CWE Rule 243Creation of chroot Jail Without Changing Working Directory (Da R2023a)
CWE Rule 244Improper Clearing of Heap Memory Before Release ('Heap Inspection') (Da R2023a)
CWE Rule 248Uncaught Exception (Da R2023a)
CWE Rule 250Execution with Unnecessary Privileges (Da R2024a)
CWE Rule 252Unchecked Return Value (Da R2023a)
CWE Rule 253Incorrect Check of Function Return Value (Da R2023a)
CWE Rule 256Plaintext storage of a password (Da R2023a)
CWE Rule 273Improper Check for Dropped Privileges (Da R2024a)
CWE Rule 287Improper Authentication (Da R2024a)
CWE Rule 297Improper Validation of Certificate with Host Mismatch (Da R2024a)
CWE Rule 304Missing Critical Step in Authentication (Da R2024a)
CWE Rule 311Missing Encryption of Sensitive Data (Da R2023b)
CWE Rule 312Cleartext Storage of Sensitive Information (Da R2023a)
CWE Rule 316Cleartext Storage of Sensitive Information in Memory (Da R2024a)
CWE Rule 319Cleartext Transmission of Sensitive Information (Da R2023b)
CWE Rule 321Use of Hard-coded Cryptographic Key (Da R2023b)
CWE Rule 322Key Exchange without Entity Authentication (Da R2024a)
CWE Rule 325Missing Cryptographic Step (Da R2024a)
CWE Rule 326Inadequate Encryption Strength (Da R2024a)
CWE Rule 327Use of a Broken or Risky Cryptographic Algorithm (Da R2024a)
CWE Rule 328Use of Weak Hash (Da R2024a)
CWE Rule 329Generation of Predictable IV with CBC Mode (Da R2024a)
CWE Rule 330Use of Insufficiently Random Values (Da R2024a)
CWE Rule 335Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) (Da R2023a)
CWE Rule 336Same Seed in Pseudo-Random Number Generator (PRNG) (Da R2024a)
CWE Rule 337Predictable Seed in Pseudo-Random Number Generator (PRNG) (Da R2024a)
CWE Rule 338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (Da R2023a)
CWE Rule 353Missing Support for Integrity Check (Da R2023a)
CWE Rule 354Improper Validation of Integrity Check Value (Da R2024a)
CWE Rule 362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (Da R2023a)
CWE Rule 364Signal Handler Race Condition (Da R2023a)
CWE Rule 366Race Condition within a Thread (Da R2023a)
CWE Rule 367Time-of-check Time-of-use (TOCTOU) Race Condition (Da R2024a)
CWE Rule 369Divide By Zero (Da R2023a)
CWE Rule 372Incomplete Internal State Distinction (Da R2024a)
CWE Rule 374Passing Mutable Objects to an Untrusted Method (Da R2023b)
CWE Rule 375Returning a Mutable Object to an Untrusted Caller (Da R2023a)
CWE Rule 377Insecure Temporary File (Da R2024a)
CWE Rule 391Unchecked Error Condition (Da R2024a)
CWE Rule 396Declaration of Catch for Generic Exception (Da R2023a)
CWE Rule 397Declaration of Throws for Generic Exception (Da R2023a)
CWE Rule 401Missing Release of Memory after Effective Lifetime (Da R2023a)
CWE Rule 404Improper Resource Shutdown or Release (Da R2024a)
CWE Rule 413Improper Resource Locking (Da R2023a)
CWE Rule 415Double Free (Da R2023a)
CWE Rule 416Use After Free (Da R2023a)
CWE Rule 426Untrusted Search Path (Da R2024a)
CWE Rule 427Uncontrolled Search Path Element (Da R2024a)
CWE Rule 456Missing Initialization of a Variable (Da R2024a)
CWE Rule 457Use of Uninitialized Variable (Da R2023a)
CWE Rule 460Improper Cleanup on Thrown Exception (Da R2023a)
CWE Rule 463Deletion of Data Structure Sentinel (Da R2023a)
CWE Rule 466Return of Pointer Value Outside of Expected Range (Da R2023a)
CWE Rule 467Use of sizeof() on a Pointer Type (Da R2023a)
CWE Rule 468Incorrect Pointer Scaling (Da R2023a)
CWE Rule 469Use of Pointer Subtraction to Determine Size (Da R2023a)
CWE Rule 471Modification of Assumed-Immutable Data (MAID) (Da R2024a)
CWE Rule 474Use of Function with Inconsistent Implementations (Da R2023a)
CWE Rule 475Undefined Behavior for Input to API (Da R2024a)
CWE Rule 476NULL Pointer Dereference (Da R2023a)
CWE Rule 477Use of Obsolete Function (Da R2023a)
CWE Rule 478Missing Default Case in Multiple Condition Expression (Da R2023a)
CWE Rule 479Signal Handler Use of a Non-reentrant Function (Da R2023a)
CWE Rule 480Use of Incorrect Operator (Da R2023a)
CWE Rule 481Assigning instead of Comparing (Da R2023a)
CWE Rule 482Comparing instead of Assigning (Da R2023a)
CWE Rule 483Incorrect Block Delimitation (Da R2023a)
CWE Rule 484Omitted Break Statement in Switch (Da R2023a)
CWE Rule 489Active Debug Code (Da R2023a)
CWE Rule 493Critical Public Variable Without Final Modifier (Da R2023b)
CWE Rule 495Private Data Structure Returned From A Public Method (Da R2023a)
CWE Rule 496Public Data Assigned to Private Array-Typed Field (Da R2023b)
CWE Rule 498Cloneable class containing sensitive information (Da R2023b)
CWE Rule 500Public Static Field Not Marked Final (Da R2023a)
CWE Rule 522Insufficiently Protected Credentials (Da R2023a)
CWE Rule 532Insertion of Sensitive Information into Log File (Da R2024a)
CWE Rule 535Exposure of Information Through Shell Error Message (Da R2024a)
CWE Rule 543Use of Singleton Pattern Without Synchronization in a Multithreaded Context (Da R2024a)
CWE Rule 547Use of Hard-coded, Security-relevant Constants (Da R2023a)
CWE Rule 558Use of getlogin() in Multithreaded Application (Da R2023a)
CWE Rule 560Use of umask() with chmod-style Argument (Da R2023a)
CWE Rule 561Dead Code (Da R2023a)
CWE Rule 562Return of Stack Variable Address (Da R2023a)
CWE Rule 563Assignment to Variable without Use (Da R2023a)
CWE Rule 570Expression is Always False (Da R2023a)
CWE Rule 571Expression is Always True (Da R2023a)
CWE Rule 573Improper Following of Specification by Caller (Da R2024a)
CWE Rule 587Assignment of a Fixed Address to a Pointer (Da R2023a)
CWE Rule 590Free of Memory not on the Heap (Da R2024a)
CWE Rule 606Unchecked Input for Loop Condition (Da R2023b)
CWE Rule 617Reachable Assertion (Da R2023a)
CWE Rule 628Function Call with Incorrectly Specified Arguments (Da R2024a)
CWE Rule 663Use of a Non-reentrant Function in a Concurrent Context (Da R2024a)
CWE Rule 664Improper Control of a Resource Through its Lifetime (Da R2024a)
CWE Rule 665Improper Initialization (Da R2024a)
CWE Rule 666Operation on Resource in Wrong Phase of Lifetime (Da R2024a)
CWE Rule 667Improper Locking (Da R2024a)
CWE Rule 672Operation on a Resource after Expiration or Release (Da R2024a)
CWE Rule 674Uncontrolled Recursion (Da R2024a)
CWE Rule 675Multiple Operations on Resource in Single-Operation Context (Da R2024a)
CWE Rule 676Use of Potentially Dangerous Function (Da R2023a)
CWE Rule 681Incorrect Conversion between Numeric Types (Da R2024a)
CWE Rule 682Incorrect Calculation (Da R2024a)
CWE Rule 683Function Call With Incorrect Order of Arguments (Da R2023b)
CWE Rule 685Function Call With Incorrect Number of Arguments (Da R2023a)
CWE Rule 686Function Call With Incorrect Argument Type (Da R2023b)
CWE Rule 687Function Call With Incorrectly Specified Argument Value (Da R2023b)
CWE Rule 688Function Call With Incorrect Variable or Reference as Argument (Da R2023b)
CWE Rule 690Unchecked Return Value to NULL Pointer Dereference (Da R2023a)
CWE Rule 691Insufficient Control Flow Management (Da R2024a)
CWE Rule 693Protection Mechanism Failure (Da R2024a)
CWE Rule 696Incorrect Behavior Order (Da R2024a)
CWE Rule 703Improper Check or Handling of Exceptional Conditions (Da R2024a)
CWE Rule 704Incorrect Type Conversion or Cast (Da R2023a)
CWE Rule 705Incorrect Control Flow Scoping (Da R2024a)
CWE Rule 710Improper Adherence to Coding Standards (Da R2024a)
CWE Rule 732Incorrect Permission Assignment for Critical Resource (Da R2024a)
CWE Rule 733Compiler Optimization Removal or Modification of Security-critical Code (Da R2023a)
CWE Rule 754Improper Check for Unusual or Exceptional Conditions (Da R2024a)
CWE Rule 755Improper Handling of Exceptional Conditions (Da R2024a)
CWE Rule 758Reliance on Undefined, Unspecified, or Implementation-Defined Behavior (Da R2024a)
CWE Rule 759Use of a One-Way Hash without a Salt (Da R2024a)
CWE Rule 762Mismatched Memory Management Routines (Da R2023a)
CWE Rule 763Release of Invalid Pointer or Reference (Da R2023a)
CWE Rule 764Multiple Locks of a Critical Resource (Da R2024a)
CWE Rule 765Multiple Unlocks of a Critical Resource (Da R2024a)
CWE Rule 766Critical Data Element Declared Public (Da R2023a)
CWE Rule 767Access to Critical Private Variable via Public Method (Da R2023a)
CWE Rule 770Allocation of Resources Without Limits or Throttling (Da R2024a)
CWE Rule 772Missing Release of Resource after Effective Lifetime (Da R2024a)
CWE Rule 780Use of RSA Algorithm without OAEP (Da R2024a)
CWE Rule 783Operator Precedence Logic Error (Da R2023a)
CWE Rule 785Use of Path Manipulation Function without Maximum-sized Buffer (Da R2023a)
CWE Rule 786Access of Memory Location Before Start of Buffer (Da R2024a)
CWE Rule 787Out-of-bounds Write (Da R2023a)
CWE Rule 789Memory Allocation with Excessive Size Value (Da R2023a)
CWE Rule 798Use of Hard-coded Credentials (Da R2023a)
CWE Rule 805Buffer Access with Incorrect Length Value (Da R2023a)
CWE Rule 806Buffer Access Using Size of Source Buffer (Da R2023a)
CWE Rule 822Untrusted Pointer Dereference (Da R2023b)
CWE Rule 823Use of Out-of-range Pointer Offset (Da R2024a)
CWE Rule 824Access of Uninitialized Pointer (Da R2023a)
CWE Rule 825Expired Pointer Dereference (Da R2023a)
CWE Rule 826Premature Release of Resource During Expected Lifetime (Da R2024a)
CWE Rule 828Signal Handler with Functionality that is not Asynchronous-Safe (Da R2024a)
CWE Rule 832Unlock of a Resource that is not Locked (Da R2024a)
CWE Rule 833Deadlock (Da R2024a)
CWE Rule 839Numeric Range Comparison Without Minimum Check (Da R2023a)
CWE Rule 843Access of Resource Using Incompatible Type ('Type Confusion') (Da R2023a)
CWE Rule 908Use of Uninitialized Resource (Da R2024a)
CWE Rule 910Use of Expired File Descriptor (Da R2023a)
CWE Rule 922Insecure Storage of Sensitive Information (Da R2023a)
CWE Rule 1071Empty code block (Da R2023a)
CWE Rule 1335Incorrect Bitwise Shift of Integer (Da R2023a)
CWE Rule 1341Multiple Releases of Same Resource or Handle (Da R2023a)

CWE-658

CWE Rule 14Compiler Removal of Code to Clear Buffers (Da R2023a)
CWE Rule 119Improper Restriction of Operations within the Bounds of a Memory Buffer (Da R2023a)
CWE Rule 120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (Da R2023a)
CWE Rule 121Stack-based Buffer Overflow (Da R2023a)
CWE Rule 122Heap-based Buffer Overflow (Da R2023a)
CWE Rule 123Write-what-where Condition (Da R2023a)
CWE Rule 124Buffer Underwrite ('Buffer Underflow') (Da R2023a)
CWE Rule 125Out-of-bounds Read (Da R2023a)
CWE Rule 126Buffer Over-read (Da R2023a)
CWE Rule 127Buffer Under-read (Da R2023a)
CWE Rule 128Wrap-around Error (Da R2023a)
CWE Rule 129Improper Validation of Array Index (Da R2023a)
CWE Rule 130Improper Handling of Length Parameter Inconsistency (Da R2023a)
CWE Rule 131Incorrect Calculation of Buffer Size (Da R2023a)
CWE Rule 134Use of Externally-Controlled Format String (Da R2023a)
CWE Rule 135Incorrect Calculation of Multi-Byte String Length (Da R2023a)
CWE Rule 170Improper Null Termination (Da R2023a)
CWE Rule 188Reliance on Data/Memory Layout (Da R2023a)
CWE Rule 190Integer Overflow or Wraparound (Da R2024b)
CWE Rule 191Integer Underflow (Wrap or Wraparound) (Da R2023a)
CWE Rule 192Integer Coercion Error (Da R2023a)
CWE Rule 194Unexpected Sign Extension (Da R2023a)
CWE Rule 195Signed to Unsigned Conversion Error (Da R2023a)
CWE Rule 196Unsigned to Signed Conversion Error (Da R2023a)
CWE Rule 197Numeric Truncation Error (Da R2023a)
CWE Rule 242Use of Inherently Dangerous Function (Da R2023a)
CWE Rule 243Creation of chroot Jail Without Changing Working Directory (Da R2023a)
CWE Rule 244Improper Clearing of Heap Memory Before Release ('Heap Inspection') (Da R2023a)
CWE Rule 362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (Da R2023a)
CWE Rule 364Signal Handler Race Condition (Da R2023a)
CWE Rule 366Race Condition within a Thread (Da R2023a)
CWE Rule 374Passing Mutable Objects to an Untrusted Method (Da R2023b)
CWE Rule 375Returning a Mutable Object to an Untrusted Caller (Da R2023a)
CWE Rule 401Missing Release of Memory after Effective Lifetime (Da R2023a)
CWE Rule 415Double Free (Da R2023a)
CWE Rule 416Use After Free (Da R2023a)
CWE Rule 457Use of Uninitialized Variable (Da R2023a)
CWE Rule 460Improper Cleanup on Thrown Exception (Da R2023a)
CWE Rule 463Deletion of Data Structure Sentinel (Da R2023a)
CWE Rule 466Return of Pointer Value Outside of Expected Range (Da R2023a)
CWE Rule 467Use of sizeof() on a Pointer Type (Da R2023a)
CWE Rule 468Incorrect Pointer Scaling (Da R2023a)
CWE Rule 469Use of Pointer Subtraction to Determine Size (Da R2023a)
CWE Rule 474Use of Function with Inconsistent Implementations (Da R2023a)
CWE Rule 476NULL Pointer Dereference (Da R2023a)
CWE Rule 478Missing Default Case in Multiple Condition Expression (Da R2023a)
CWE Rule 479Signal Handler Use of a Non-reentrant Function (Da R2023a)
CWE Rule 480Use of Incorrect Operator (Da R2023a)
CWE Rule 481Assigning instead of Comparing (Da R2023a)
CWE Rule 482Comparing instead of Assigning (Da R2023a)
CWE Rule 483Incorrect Block Delimitation (Da R2023a)
CWE Rule 484Omitted Break Statement in Switch (Da R2023a)
CWE Rule 495Private Data Structure Returned From A Public Method (Da R2023a)
CWE Rule 496Public Data Assigned to Private Array-Typed Field (Da R2023b)
CWE Rule 558Use of getlogin() in Multithreaded Application (Da R2023a)
CWE Rule 560Use of umask() with chmod-style Argument (Da R2023a)
CWE Rule 562Return of Stack Variable Address (Da R2023a)
CWE Rule 587Assignment of a Fixed Address to a Pointer (Da R2023a)
CWE Rule 676Use of Potentially Dangerous Function (Da R2023a)
CWE Rule 685Function Call With Incorrect Number of Arguments (Da R2023a)
CWE Rule 688Function Call With Incorrect Variable or Reference as Argument (Da R2023b)
CWE Rule 690Unchecked Return Value to NULL Pointer Dereference (Da R2023a)
CWE Rule 704Incorrect Type Conversion or Cast (Da R2023a)
CWE Rule 733Compiler Optimization Removal or Modification of Security-critical Code (Da R2023a)
CWE Rule 762Mismatched Memory Management Routines (Da R2023a)
CWE Rule 783Operator Precedence Logic Error (Da R2023a)
CWE Rule 785Use of Path Manipulation Function without Maximum-sized Buffer (Da R2023a)
CWE Rule 787Out-of-bounds Write (Da R2023a)
CWE Rule 789Memory Allocation with Excessive Size Value (Da R2023a)
CWE Rule 805Buffer Access with Incorrect Length Value (Da R2023a)
CWE Rule 806Buffer Access Using Size of Source Buffer (Da R2023a)
CWE Rule 839Numeric Range Comparison Without Minimum Check (Da R2023a)
CWE Rule 843Access of Resource Using Incompatible Type ('Type Confusion') (Da R2023a)
CWE Rule 910Use of Expired File Descriptor (Da R2023a)
CWE Rule 1335Incorrect Bitwise Shift of Integer (Da R2023a)
CWE Rule 1341Multiple Releases of Same Resource or Handle (Da R2023a)

CWE-659

CWE Rule 14Compiler Removal of Code to Clear Buffers (Da R2023a)
CWE Rule 119Improper Restriction of Operations within the Bounds of a Memory Buffer (Da R2023a)
CWE Rule 120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (Da R2023a)
CWE Rule 121Stack-based Buffer Overflow (Da R2023a)
CWE Rule 122Heap-based Buffer Overflow (Da R2023a)
CWE Rule 123Write-what-where Condition (Da R2023a)
CWE Rule 124Buffer Underwrite ('Buffer Underflow') (Da R2023a)
CWE Rule 125Out-of-bounds Read (Da R2023a)
CWE Rule 126Buffer Over-read (Da R2023a)
CWE Rule 127Buffer Under-read (Da R2023a)
CWE Rule 128Wrap-around Error (Da R2023a)
CWE Rule 129Improper Validation of Array Index (Da R2023a)
CWE Rule 130Improper Handling of Length Parameter Inconsistency (Da R2023a)
CWE Rule 131Incorrect Calculation of Buffer Size (Da R2023a)
CWE Rule 134Use of Externally-Controlled Format String (Da R2023a)
CWE Rule 135Incorrect Calculation of Multi-Byte String Length (Da R2023a)
CWE Rule 170Improper Null Termination (Da R2023a)
CWE Rule 188Reliance on Data/Memory Layout (Da R2023a)
CWE Rule 190Integer Overflow or Wraparound (Da R2024b)
CWE Rule 191Integer Underflow (Wrap or Wraparound) (Da R2023a)
CWE Rule 192Integer Coercion Error (Da R2023a)
CWE Rule 194Unexpected Sign Extension (Da R2023a)
CWE Rule 195Signed to Unsigned Conversion Error (Da R2023a)
CWE Rule 196Unsigned to Signed Conversion Error (Da R2023a)
CWE Rule 197Numeric Truncation Error (Da R2023a)
CWE Rule 242Use of Inherently Dangerous Function (Da R2023a)
CWE Rule 243Creation of chroot Jail Without Changing Working Directory (Da R2023a)
CWE Rule 244Improper Clearing of Heap Memory Before Release ('Heap Inspection') (Da R2023a)
CWE Rule 248Uncaught Exception (Da R2023a)
CWE Rule 362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (Da R2023a)
CWE Rule 364Signal Handler Race Condition (Da R2023a)
CWE Rule 366Race Condition within a Thread (Da R2023a)
CWE Rule 374Passing Mutable Objects to an Untrusted Method (Da R2023b)
CWE Rule 375Returning a Mutable Object to an Untrusted Caller (Da R2023a)
CWE Rule 396Declaration of Catch for Generic Exception (Da R2023a)
CWE Rule 397Declaration of Throws for Generic Exception (Da R2023a)
CWE Rule 401Missing Release of Memory after Effective Lifetime (Da R2023a)
CWE Rule 415Double Free (Da R2023a)
CWE Rule 416Use After Free (Da R2023a)
CWE Rule 457Use of Uninitialized Variable (Da R2023a)
CWE Rule 460Improper Cleanup on Thrown Exception (Da R2023a)
CWE Rule 463Deletion of Data Structure Sentinel (Da R2023a)
CWE Rule 466Return of Pointer Value Outside of Expected Range (Da R2023a)
CWE Rule 467Use of sizeof() on a Pointer Type (Da R2023a)
CWE Rule 468Incorrect Pointer Scaling (Da R2023a)
CWE Rule 469Use of Pointer Subtraction to Determine Size (Da R2023a)
CWE Rule 476NULL Pointer Dereference (Da R2023a)
CWE Rule 478Missing Default Case in Multiple Condition Expression (Da R2023a)
CWE Rule 479Signal Handler Use of a Non-reentrant Function (Da R2023a)
CWE Rule 480Use of Incorrect Operator (Da R2023a)
CWE Rule 481Assigning instead of Comparing (Da R2023a)
CWE Rule 482Comparing instead of Assigning (Da R2023a)
CWE Rule 483Incorrect Block Delimitation (Da R2023a)
CWE Rule 484Omitted Break Statement in Switch (Da R2023a)
CWE Rule 493Critical Public Variable Without Final Modifier (Da R2023b)
CWE Rule 495Private Data Structure Returned From A Public Method (Da R2023a)
CWE Rule 496Public Data Assigned to Private Array-Typed Field (Da R2023b)
CWE Rule 498Cloneable class containing sensitive information (Da R2023b)
CWE Rule 500Public Static Field Not Marked Final (Da R2023a)
CWE Rule 543Use of Singleton Pattern Without Synchronization in a Multithreaded Context (Da R2024a)
CWE Rule 558Use of getlogin() in Multithreaded Application (Da R2023a)
CWE Rule 562Return of Stack Variable Address (Da R2023a)
CWE Rule 587Assignment of a Fixed Address to a Pointer (Da R2023a)
CWE Rule 676Use of Potentially Dangerous Function (Da R2023a)
CWE Rule 690Unchecked Return Value to NULL Pointer Dereference (Da R2023a)
CWE Rule 704Incorrect Type Conversion or Cast (Da R2023a)
CWE Rule 733Compiler Optimization Removal or Modification of Security-critical Code (Da R2023a)
CWE Rule 762Mismatched Memory Management Routines (Da R2023a)
CWE Rule 766Critical Data Element Declared Public (Da R2023a)
CWE Rule 767Access to Critical Private Variable via Public Method (Da R2023a)
CWE Rule 783Operator Precedence Logic Error (Da R2023a)
CWE Rule 785Use of Path Manipulation Function without Maximum-sized Buffer (Da R2023a)
CWE Rule 787Out-of-bounds Write (Da R2023a)
CWE Rule 789Memory Allocation with Excessive Size Value (Da R2023a)
CWE Rule 805Buffer Access with Incorrect Length Value (Da R2023a)
CWE Rule 806Buffer Access Using Size of Source Buffer (Da R2023a)
CWE Rule 839Numeric Range Comparison Without Minimum Check (Da R2023a)
CWE Rule 843Access of Resource Using Incompatible Type ('Type Confusion') (Da R2023a)
CWE Rule 910Use of Expired File Descriptor (Da R2023a)
CWE Rule 1335Incorrect Bitwise Shift of Integer (Da R2023a)
CWE Rule 1341Multiple Releases of Same Resource or Handle (Da R2023a)

Errori API/funzione

CWE Rule 242Use of Inherently Dangerous Function (Da R2023a)
CWE Rule 474Use of Function with Inconsistent Implementations (Da R2023a)
CWE Rule 475Undefined Behavior for Input to API (Da R2024a)
CWE Rule 477Use of Obsolete Function (Da R2023a)
CWE Rule 676Use of Potentially Dangerous Function (Da R2023a)

Cattive pratiche di codifica

CWE Rule 478Missing Default Case in Multiple Condition Expression (Da R2023a)
CWE Rule 489Active Debug Code (Da R2023a)
CWE Rule 547Use of Hard-coded, Security-relevant Constants (Da R2023a)
CWE Rule 561Dead Code (Da R2023a)
CWE Rule 562Return of Stack Variable Address (Da R2023a)
CWE Rule 563Assignment to Variable without Use (Da R2023a)
CWE Rule 628Function Call with Incorrectly Specified Arguments (Da R2024a)
CWE Rule 1071Empty code block (Da R2023a)

Problemi comportamentali

CWE Rule 480Use of Incorrect Operator (Da R2023a)
CWE Rule 483Incorrect Block Delimitation (Da R2023a)
CWE Rule 484Omitted Break Statement in Switch (Da R2023a)
CWE Rule 733Compiler Optimization Removal or Modification of Security-critical Code (Da R2023a)
CWE Rule 783Operator Precedence Logic Error (Da R2023a)

Problemi di concorrenza

CWE Rule 366Race Condition within a Thread (Da R2023a)
CWE Rule 367Time-of-check Time-of-use (TOCTOU) Race Condition (Da R2024a)
CWE Rule 663Use of a Non-reentrant Function in a Concurrent Context (Da R2024a)

Errori di gestione delle credenziali

CWE Rule 798Use of Hard-coded Credentials (Da R2023a)
CWE Rule 256Plaintext storage of a password (Da R2023a)

Problemi crittografici

CWE Rule 325Missing Cryptographic Step (Da R2024a)
CWE Rule 328Use of Weak Hash (Da R2024a)

Problemi di integrità dei dati

CWE Rule 353Missing Support for Integrity Check (Da R2023a)
CWE Rule 354Improper Validation of Integrity Check Value (Da R2024a)

Problemi di neutralizzazione dei dati

CWE Rule 78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (Da R2024a)
CWE Rule 88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (Da R2024a)
CWE Rule 89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (Da R2023a)
CWE Rule 90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (Da R2023a)
CWE Rule 170Improper Null Termination (Da R2023a)
CWE Rule 188Reliance on Data/Memory Layout (Da R2023a)
CWE Rule 463Deletion of Data Structure Sentinel (Da R2023a)

Errori di elaborazione dei dati

CWE Rule 130Improper Handling of Length Parameter Inconsistency (Da R2023a)

Problemi di validazione dei dati

CWE Rule 129Improper Validation of Array Index (Da R2023a)
CWE Rule 606Unchecked Input for Loop Condition (Da R2023b)

Condizioni di errore, valori di ritorno, codici di stato

CWE Rule 248Uncaught Exception (Da R2023a)
CWE Rule 252Unchecked Return Value (Da R2023a)
CWE Rule 253Incorrect Check of Function Return Value (Da R2023a)
CWE Rule 391Unchecked Error Condition (Da R2024a)
CWE Rule 396Declaration of Catch for Generic Exception (Da R2023a)
CWE Rule 397Declaration of Throws for Generic Exception (Da R2023a)
CWE Rule 617Reachable Assertion (Da R2023a)

Problemi di espressione

CWE Rule 570Expression is Always False (Da R2023a)
CWE Rule 571Expression is Always True (Da R2023a)

Problemi di gestione dei file

CWE Rule 22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (Da R2024a)
CWE Rule 426Untrusted Search Path (Da R2024a)
CWE Rule 427Uncontrolled Search Path Element (Da R2024a)

Errori del gestore

CWE Rule 479Signal Handler Use of a Non-reentrant Function (Da R2023a)

Errori nella gestione delle informazioni

CWE Rule 312Cleartext Storage of Sensitive Information (Da R2023a)
CWE Rule 319Cleartext Transmission of Sensitive Information (Da R2023b)
CWE Rule 321Use of Hard-coded Cryptographic Key (Da R2023b)

Errori di inizializzazione e pulizia

CWE Rule 460Improper Cleanup on Thrown Exception (Da R2023a)

Errori di gestione delle chiavi

CWE Rule 322Key Exchange without Entity Authentication (Da R2024a)

Errori del buffer di memoria

CWE Rule 120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (Da R2023a)
CWE Rule 123Write-what-where Condition (Da R2023a)
CWE Rule 124Buffer Underwrite ('Buffer Underflow') (Da R2023a)
CWE Rule 125Out-of-bounds Read (Da R2023a)
CWE Rule 131Incorrect Calculation of Buffer Size (Da R2023a)
CWE Rule 786Access of Memory Location Before Start of Buffer (Da R2024a)
CWE Rule 787Out-of-bounds Write (Da R2023a)
CWE Rule 805Buffer Access with Incorrect Length Value (Da R2023a)

Errori numerici

CWE Rule 128Wrap-around Error (Da R2023a)
CWE Rule 191Integer Underflow (Wrap or Wraparound) (Da R2023a)
CWE Rule 192Integer Coercion Error (Da R2023a)
CWE Rule 197Numeric Truncation Error (Da R2023a)
CWE Rule 369Divide By Zero (Da R2023a)
CWE Rule 681Incorrect Conversion between Numeric Types (Da R2024a)
CWE Rule 839Numeric Range Comparison Without Minimum Check (Da R2023a)

Validazione input

CWE Rule 20Improper Input Validation (Da R2024a)
CWE Rule 77Improper Neutralization of Special Elements used in a Command ('Command Injection') (Da R2024a)
CWE Rule 78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (Da R2024a)
CWE Rule 88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (Da R2024a)
CWE Rule 89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (Da R2023a)
CWE Rule 90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (Da R2023a)
CWE Rule 99Improper Control of Resource Identifiers ('Resource Injection') (Da R2024b)

Altri

CWE Rule 14Compiler Removal of Code to Clear Buffers (Da R2023a)
CWE Rule 20Improper Input Validation (Da R2024a)
CWE Rule 23Relative Path Traversal (Da R2024a)
CWE Rule 36Absolute Path Traversal (Da R2024a)
CWE Rule 67Improper Handling of Windows Device Names (Da R2024a)
CWE Rule 77Improper Neutralization of Special Elements used in a Command ('Command Injection') (Da R2024a)
CWE Rule 88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (Da R2024a)
CWE Rule 114Process Control (Da R2024a)
CWE Rule 119Improper Restriction of Operations within the Bounds of a Memory Buffer (Da R2023a)
CWE Rule 121Stack-based Buffer Overflow (Da R2023a)
CWE Rule 122Heap-based Buffer Overflow (Da R2023a)
CWE Rule 126Buffer Over-read (Da R2023a)
CWE Rule 127Buffer Under-read (Da R2023a)
CWE Rule 190Integer Overflow or Wraparound (Da R2024b)
CWE Rule 194Unexpected Sign Extension (Da R2023a)
CWE Rule 195Signed to Unsigned Conversion Error (Da R2023a)
CWE Rule 196Unsigned to Signed Conversion Error (Da R2023a)
CWE Rule 198Use of Incorrect Byte Ordering (Da R2024a)
CWE Rule 226Sensitive Information in Resource Not Removed Before Reuse (Da R2024a)
CWE Rule 240Improper Handling of Inconsistent Structural Elements (Da R2024a)
CWE Rule 244Improper Clearing of Heap Memory Before Release ('Heap Inspection') (Da R2023a)
CWE Rule 287Improper Authentication (Da R2024a)
CWE Rule 297Improper Validation of Certificate with Host Mismatch (Da R2024a)
CWE Rule 304Missing Critical Step in Authentication (Da R2024a)
CWE Rule 311Missing Encryption of Sensitive Data (Da R2023b)
CWE Rule 316Cleartext Storage of Sensitive Information in Memory (Da R2024a)
CWE Rule 326Inadequate Encryption Strength (Da R2024a)
CWE Rule 327Use of a Broken or Risky Cryptographic Algorithm (Da R2024a)
CWE Rule 329Generation of Predictable IV with CBC Mode (Da R2024a)
CWE Rule 330Use of Insufficiently Random Values (Da R2024a)
CWE Rule 336Same Seed in Pseudo-Random Number Generator (PRNG) (Da R2024a)
CWE Rule 337Predictable Seed in Pseudo-Random Number Generator (PRNG) (Da R2024a)
CWE Rule 362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (Da R2023a)
CWE Rule 377Insecure Temporary File (Da R2024a)
CWE Rule 401Missing Release of Memory after Effective Lifetime (Da R2023a)
CWE Rule 404Improper Resource Shutdown or Release (Da R2024a)
CWE Rule 415Double Free (Da R2023a)
CWE Rule 416Use After Free (Da R2023a)
CWE Rule 456Missing Initialization of a Variable (Da R2024a)
CWE Rule 457Use of Uninitialized Variable (Da R2023a)
CWE Rule 471Modification of Assumed-Immutable Data (MAID) (Da R2024a)
CWE Rule 481Assigning instead of Comparing (Da R2023a)
CWE Rule 482Comparing instead of Assigning (Da R2023a)
CWE Rule 493Critical Public Variable Without Final Modifier (Da R2023b)
CWE Rule 495Private Data Structure Returned From A Public Method (Da R2023a)
CWE Rule 496Public Data Assigned to Private Array-Typed Field (Da R2023b)
CWE Rule 498Cloneable class containing sensitive information (Da R2023b)
CWE Rule 500Public Static Field Not Marked Final (Da R2023a)
CWE Rule 522Insufficiently Protected Credentials (Da R2023a)
CWE Rule 532Insertion of Sensitive Information into Log File (Da R2024a)
CWE Rule 535Exposure of Information Through Shell Error Message (Da R2024a)
CWE Rule 543Use of Singleton Pattern Without Synchronization in a Multithreaded Context (Da R2024a)
CWE Rule 558Use of getlogin() in Multithreaded Application (Da R2023a)
CWE Rule 560Use of umask() with chmod-style Argument (Da R2023a)
CWE Rule 573Improper Following of Specification by Caller (Da R2024a)
CWE Rule 590Free of Memory not on the Heap (Da R2024a)
CWE Rule 664Improper Control of a Resource Through its Lifetime (Da R2024a)
CWE Rule 665Improper Initialization (Da R2024a)
CWE Rule 666Operation on Resource in Wrong Phase of Lifetime (Da R2024a)
CWE Rule 667Improper Locking (Da R2024a)
CWE Rule 672Operation on a Resource after Expiration or Release (Da R2024a)
CWE Rule 674Uncontrolled Recursion (Da R2024a)
CWE Rule 675Multiple Operations on Resource in Single-Operation Context (Da R2024a)
CWE Rule 682Incorrect Calculation (Da R2024a)
CWE Rule 683Function Call With Incorrect Order of Arguments (Da R2023b)
CWE Rule 685Function Call With Incorrect Number of Arguments (Da R2023a)
CWE Rule 686Function Call With Incorrect Argument Type (Da R2023b)
CWE Rule 687Function Call With Incorrectly Specified Argument Value (Da R2023b)
CWE Rule 688Function Call With Incorrect Variable or Reference as Argument (Da R2023b)
CWE Rule 690Unchecked Return Value to NULL Pointer Dereference (Da R2023a)
CWE Rule 691Insufficient Control Flow Management (Da R2024a)
CWE Rule 693Protection Mechanism Failure (Da R2024a)
CWE Rule 696Incorrect Behavior Order (Da R2024a)
CWE Rule 703Improper Check or Handling of Exceptional Conditions (Da R2024a)
CWE Rule 704Incorrect Type Conversion or Cast (Da R2023a)
CWE Rule 705Incorrect Control Flow Scoping (Da R2024a)
CWE Rule 710Improper Adherence to Coding Standards (Da R2024a)
CWE Rule 732Incorrect Permission Assignment for Critical Resource (Da R2024a)
CWE Rule 754Improper Check for Unusual or Exceptional Conditions (Da R2024a)
CWE Rule 755Improper Handling of Exceptional Conditions (Da R2024a)
CWE Rule 758Reliance on Undefined, Unspecified, or Implementation-Defined Behavior (Da R2024a)
CWE Rule 759Use of a One-Way Hash without a Salt (Da R2024a)
CWE Rule 762Mismatched Memory Management Routines (Da R2023a)
CWE Rule 780Use of RSA Algorithm without OAEP (Da R2024a)
CWE Rule 785Use of Path Manipulation Function without Maximum-sized Buffer (Da R2023a)
CWE Rule 789Memory Allocation with Excessive Size Value (Da R2023a)
CWE Rule 806Buffer Access Using Size of Source Buffer (Da R2023a)
CWE Rule 828Signal Handler with Functionality that is not Asynchronous-Safe (Da R2024a)
CWE Rule 922Insecure Storage of Sensitive Information (Da R2023a)
CWE Rule 1335Incorrect Bitwise Shift of Integer (Da R2023a)
CWE Rule 1341Multiple Releases of Same Resource or Handle (Da R2023a)

Problemi di autorizzazione

CWE Rule 766Critical Data Element Declared Public (Da R2023a)
CWE Rule 767Access to Critical Private Variable via Public Method (Da R2023a)

Problemi di puntatore

CWE Rule 466Return of Pointer Value Outside of Expected Range (Da R2023a)
CWE Rule 467Use of sizeof() on a Pointer Type (Da R2023a)
CWE Rule 468Incorrect Pointer Scaling (Da R2023a)
CWE Rule 469Use of Pointer Subtraction to Determine Size (Da R2023a)
CWE Rule 476NULL Pointer Dereference (Da R2023a)
CWE Rule 587Assignment of a Fixed Address to a Pointer (Da R2023a)
CWE Rule 763Release of Invalid Pointer or Reference (Da R2023a)
CWE Rule 822Untrusted Pointer Dereference (Da R2023b)
CWE Rule 823Use of Out-of-range Pointer Offset (Da R2024a)
CWE Rule 824Access of Uninitialized Pointer (Da R2023a)
CWE Rule 825Expired Pointer Dereference (Da R2023a)

Problemi di privilegi

CWE Rule 243Creation of chroot Jail Without Changing Working Directory (Da R2023a)
CWE Rule 250Execution with Unnecessary Privileges (Da R2024a)
CWE Rule 273Improper Check for Dropped Privileges (Da R2024a)

Problemi di numeri casuali

CWE Rule 335Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) (Da R2023a)
CWE Rule 338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (Da R2023a)

Problemi di blocco delle risorse

CWE Rule 413Improper Resource Locking (Da R2023a)
CWE Rule 764Multiple Locks of a Critical Resource (Da R2024a)
CWE Rule 765Multiple Unlocks of a Critical Resource (Da R2024a)
CWE Rule 832Unlock of a Resource that is not Locked (Da R2024a)
CWE Rule 833Deadlock (Da R2024a)

Errori di gestione delle risorse

CWE Rule 770Allocation of Resources Without Limits or Throttling (Da R2024a)
CWE Rule 772Missing Release of Resource after Effective Lifetime (Da R2024a)
CWE Rule 826Premature Release of Resource During Expected Lifetime (Da R2024a)
CWE Rule 908Use of Uninitialized Resource (Da R2024a)
CWE Rule 910Use of Expired File Descriptor (Da R2023a)

Errori di segnale

CWE Rule 364Signal Handler Race Condition (Da R2023a)

Problemi di stato

CWE Rule 15External Control of System or Configuration Setting (Da R2024a)
CWE Rule 372Incomplete Internal State Distinction (Da R2024a)
CWE Rule 374Passing Mutable Objects to an Untrusted Method (Da R2023b)
CWE Rule 375Returning a Mutable Object to an Untrusted Caller (Da R2023a)

Errori di stringa

CWE Rule 134Use of Externally-Controlled Format String (Da R2023a)
CWE Rule 135Incorrect Calculation of Multi-Byte String Length (Da R2023a)

Errori di tipo

CWE Rule 843Access of Resource Using Incompatible Type ('Type Confusion') (Da R2023a)

Argomenti