Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-260 |
Password in Configuration File
The product stores a password in a configuration file that might be accessible to actors who do not know the password. |
|
| CWE-263 |
Password Aging with Long Expiration
The product supports password aging, but the expiration period is too long. |
|
| CWE-374 |
Passing Mutable Objects to an Untrusted Method
The product sends non-cloned mutable data as an argument to a method or function. |
|
| CWE-187 |
Partial String Comparison
The product performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses. |
|
| CWE-1079 |
Parent Class without Virtual Destructor Method
A parent class contains one or more child classes, but the parent class does not have a virtual destructor method. |
|
| CWE-1045 |
Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor
A parent class has a virtual destructor method, but the parent has a child class that does not have a virtual destructor. |
|
| CWE-1062 |
Parent Class with References to Child Class
The code has a parent class that contains references to a child class, its methods, or its members. |
|
| CWE-473 |
PHP External Variable Modification
A PHP application does not properly protect against the modification of variables from external sources, such as query parameters or cookies. This can expose the application to numerous weaknesses that would not exist otherwise. |
|
| CWE-186 |
Overly Restrictive Regular Expression
A regular expression is overly restrictive, which prevents dangerous values from being detected. |
|
| CWE-645 |
Overly Restrictive Account Lockout Mechanism
The product contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny service to legitimate users by causing their accounts to be locked out. |
|
| CWE-787 |
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer. |
|
| CWE-125 |
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer. |
|
| CWE-346 |
Origin Validation Error
The product does not properly verify that the source of data or communication is valid. |
|
| CWE-783 |
Operator Precedence Logic Error
The product uses an expression in which operator precedence causes incorrect logic to be used. |
|
| CWE-672 |
Operation on a Resource after Expiration or Release
The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked. |
|
| CWE-666 |
Operation on Resource in Wrong Phase of Lifetime
The product performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpected behaviors. |
|
| CWE-797 |
Only Filtering Special Elements at an Absolute Position
The product receives data from an upstream component, but only accounts for special elements at an absolute position (e.g. "byte number 10"), thereby missing remaining special elements that may exist before sending it to a downstream component. |
|
| CWE-795 |
Only Filtering Special Elements at a Specified Location
The product receives data from an upstream component, but only accounts for special elements at a specified location, thereby missing remaining special elements that may exist before sending it to a downstream component. |
|
| CWE-796 |
Only Filtering Special Elements Relative to a Marker
The product receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. "at the beginning/end of a string; the second argument"), thereby missing remaining special elements that may exist before sending it to a downstream component. |
|
| CWE-793 |
Only Filtering One Instance of a Special Element
The product receives data from an upstream component, but only filters a single instance of a special element before sending it to a downstream component. |