MITRE CWE
This page was automatically generated and should not be edited.
The information on this page was provided by outside contributors and has not been verified by SEI CERT.
| CERT Rule | Related Guidelines |
| STR34-C | CWE-704 , Incorrect Type Conversion or Cast |
| MSC41-C | CWE-259 , Use of Hard-Coded Password |
| MSC41-C | CWE-798 , Use of Hard-Coded Credentials |
| API00-C | CWE-476 |
| API07-C | CWE-192 |
| API07-C | CWE-227 |
| API07-C | CWE-590 |
| API07-C | CWE-686 |
| API07-C | CWE-704 |
| API07-C | CWE-761 |
| API07-C | CWE-762 |
| API07-C | CWE-843 |
| ARR01-C | CWE-569 |
| ARR01-C | CWE-783 |
| CON05-C | CWE-557 |
| CON05-C | CWE-662 |
| CON07-C | CWE-366 , Race condition within a thread |
| CON07-C | CWE-413, Improper resource locking |
| CON07-C | CWE-567, Unsynchronized access to shared data in a multithreaded context |
| CON07-C | CWE-667 , Improper locking |
| CON08-C | CWE-362 , Concurrent execution using shared resource with improper synchronization ("race condition") |
| CON08-C | CWE-366, Race condition within a thread |
| CON08-C | CWE-662 , Improper synchronization |
| DCL06-C | CWE-547 , Use of hard-coded, security-relevant constants |
| DCL10-C | CWE-628 , Function call with incorrectly specified arguments |
| ENV01-C | CWE-119 , Improper Restriction of Operations within the Bounds of a Memory Buffer |
| ENV01-C | CWE-123 , Write-what-where Condition |
| ENV01-C | CWE-125 , Out-of-bounds Read |
| ENV02-C | CWE-462 , Duplicate key in associative list (Alist) |
| ENV02-C | CWE-807 , Reliance on untrusted inputs in a security decision |
| ENV03-C | CWE-78 , Failure to sanitize data into an OS command (aka "OS command injection") |
| ENV03-C | CWE-88 , Argument injection or modification |
| ENV03-C | CWE-426 , Untrusted search path |
| ENV03-C | CWE-471 , Modification of Assumed-Immutable Data (MAID) |
| ENV03-C | CWE-807 , Reliance on intrusted inputs in a security decision |
| ERR00-C | CWE-391 , Unchecked error condition |
| ERR00-C | CWE-544 , Missing standardized error handling mechanism |
| ERR04-C | CWE-705 , Incorrect control flow scoping |
| ERR07-C | CWE-20 , Improper Input Validation |
| ERR07-C | CWE-79 , Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| ERR07-C | CWE-89 , Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| ERR07-C | CWE-91 , XML Injection (aka Blind XPath Injection) |
| ERR07-C | CWE-94 , Improper Control of Generation of Code ('Code Injection') |
| ERR07-C | CWE-114 , Process Control |
| ERR07-C | CWE-601 , URL Redirection to Untrusted Site ('Open Redirect') |
| ERR07-C | CWE-676 , Use of potentially dangerous function |
| EXP02-C | CWE-768 , Incorrect short circuit evaluation |
| EXP05-C | CWE-704 , Incorrect type conversion or cast |
| EXP08-C | CWE-468 , Incorrect pointer scaling |
| EXP09-C | CWE-805 , Buffer access with incorrect length value |
| EXP12-C | CWE-754 , Improper check for unusual or exceptional conditions |
| EXP15-C | CWE-480 , Use of incorrect operator |
| EXP16-C | CWE-480 , Use of incorrect operator |
| EXP16-C | CWE-482 , Comparing instead of assigning |
| FIO01-C | CWE-73 , External control of file name or path |
| FIO01-C | CWE-367 , Time-of-check, time-of-use race condition |
| FIO01-C | CWE-676 , Use of potentially dangerous function |
| FIO02-C | CWE-22 , Path traversal |
| FIO02-C | CWE-23 , Relative Path Traversal |
| FIO02-C | CWE-28 , Path Traversal: '..\filedir' |
| FIO02-C | CWE-40 , Path Traversal: '\\UNC\share\name\' (Windows UNC Share) |
| FIO02-C | CWE-41 , Failure to resolve path equivalence |
| FIO02-C | CWE-59 , Failure to resolve links before file access (aka "link following") |
| FIO02-C | CWE-73 , External control of file name or path |
| FIO05-C | CWE-37 , Path issue—Slash absolute path |
| FIO05-C | CWE-38 , Path Issue—Backslash absolute path |
| FIO05-C | CWE-39 , Path Issue—Drive letter or Windows volume |
| FIO05-C | CWE-62 , UNIX hard link |
| FIO05-C | CWE-64 , Windows shortcut following (.LNK) |
| FIO05-C | CWE-65 , Windows hard link |
| FIO06-C | CWE-276 , Insecure default permissions |
| FIO06-C | CWE-279 , Insecure execution-assigned permissions |
| FIO06-C | CWE-732 , Incorrect permission assignment for critical resource |
| FIO15-C | CWE-379 , Creation of temporary file in directory with insecure permissions |
| FIO15-C | CWE-552 , Files or directories accessible to external parties |
| FIO21-C | CWE-379 , Creation of temporary file in directory with insecure permissions |
| FIO22-C | CWE-403 , UNIX file descriptor leak |
| FIO22-C | CWE-404 , Improper resource shutdown or release |
| FIO22-C | CWE-770 , Allocation of resources without limits or throttling |
| FIO24-C | CWE-362 , Concurrent Execution Using Shared Resource with Improper Synchronization ("Race Condition") |
| FIO24-C | CWE-675 , Duplicate Operations on Resource |
| FLP03-C | CWE-369 , Divide by zero |
| FLP06-C | CWE-681 , Incorrect conversion between numeric types |
| FLP06-C | CWE-682 , Incorrect calculation |
| INT02-C | CWE-192 , Integer coercion error |
| INT02-C | CWE-197 , Numeric truncation error |
| INT05-C | CWE-192 , Integer coercion error |
| INT05-C | CWE-197 , Numeric truncation error |
| INT07-C | CWE-682 , Incorrect calculation |
| INT10-C | CWE-682 , Incorrect calculation |
| INT10-C | CWE-129 , Unchecked array indexing |
| INT13-C | CWE-682 , Incorrect calculation |
| INT15-C | CWE-681 , Incorrect conversion between numeric types |
| INT18-C | CWE-681 , Incorrect conversion between numeric types |
| INT18-C | CWE-190 , Integer overflow (wrap or wraparound) |
| MEM00-C | CWE-415 , Double free |
| MEM00-C | CWE-416 , Use after free |
| MEM01-C | CWE-415 , Double free |
| MEM01-C | CWE-416 , Use after free |
| MEM03-C | CWE-226 , Sensitive information uncleared before release |
| MEM03-C | CWE-244 , Failure to clear heap memory before release ("heap inspection") |
| MEM04-C | CWE-687 , Function call with incorrectly specified argument value |
| MEM06-C | CWE-591 , Sensitive data storage in improperly locked memory |
| MEM06-C | CWE-528 , Information leak through core dump files |
| MEM07-C | CWE-190 , Integer overflow (wrap or wraparound) |
| MEM07-C | CWE-128 , Wrap-around error |
| MEM10-C | CWE-20 , Improper Input Validation |
| MEM10-C | CWE-79 , Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| MEM10-C | CWE-89 , Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| MEM10-C | CWE-91 , XML Injection (aka Blind XPath Injection) |
| MEM10-C | CWE-94 , Improper Control of Generation of Code ('Code Injection') |
| MEM10-C | CWE-114 , Process Control |
| MEM10-C | CWE-601 , URL Redirection to Untrusted Site ('Open Redirect') |
| MEM11-C | CWE-770 , Allocation of resources without limits or throttling |
| MSC00-C | CWE-563 , Unused variable |
| MSC00-C | CWE-570 , Expression is always false |
| MSC00-C | CWE-571 , Expression is always true |
| MSC06-C | CWE-14 , Compiler removal of code to clear buffers |
| MSC07-C | CWE-561 , Dead code |
| MSC09-C | CWE-116 , Improper encoding or escaping of output |
| MSC10-C | CWE-176 , Failure to handle Unicode encoding |
| MSC10-C | CWE-116 , Improper encoding or escaping of output |
| MSC11-C | CWE-190, Reachable assertion |
| MSC18-C | CWE-259 , Use of Hard-coded Password |
| MSC18-C | CWE-261 , Weak Cryptography for Passwords |
| MSC18-C | CWE-311 , Missing encryption of sensitive data |
| MSC18-C | CWE-319 , Cleartext Transmission of Sensitive Information |
| MSC18-C | CWE-321 , Use of Hard-coded Cryptographic Key |
| MSC18-C | CWE-326 , Inadequate encryption strength |
| MSC18-C | CWE-798 , Use of hard-coded credentials |
| MSC24-C | CWE-20 , Insufficient input validation |
| MSC24-C | CWE-73 , External control of file name or path |
| MSC24-C | CWE-79 , Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| MSC24-C | CWE-89 , Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| MSC24-C | CWE-91 , XML Injection (aka Blind XPath Injection) |
| MSC24-C | CWE-94 , Improper Control of Generation of Code ('Code Injection') |
| MSC24-C | CWE-114 , Process Control |
| MSC24-C | CWE-120 , Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| MSC24-C | CWE-192 , Integer coercion error |
| MSC24-C | CWE-197 , Numeric truncation error |
| MSC24-C | CWE-367 , Time-of-check, time-of-use race condition |
| MSC24-C | CWE-464 , Addition of data structure sentinel |
| MSC24-C | CWE-601 , URL Redirection to Untrusted Site ('Open Redirect') |
| MSC24-C | CWE-676 , Use of potentially dangerous function |
| POS01-C | CWE-59 , Failure to resolve links before file access (aka "link following") |
| POS01-C | CWE-362 , Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
| POS01-C | CWE-367 , Time-of-check, time-of-use (TOCTOU) race condition |
| POS02-C | CWE-250 , Execution with unnecessary privileges |
| POS02-C | CWE-272 , Least privilege violation |
| PRE09-C | CWE-684 , Failure to provide specified functionality |
| SIG00-C | CWE-662 , Insufficient synchronization |
| STR02-C | CWE-88 , Argument injection or modification |
| STR02-C | CWE-78 , Failure to sanitize data into an OS command (aka "OS command injection") |
| STR03-C | CWE-170 , Improper null termination |
| STR03-C | CWE-464 , Addition of data structure sentinel |
| STR06-C | CWE-464 , Addition of data structure sentinel |
| WIN02-C | CWE-250 , Execution with unnecessary privileges |
| WIN02-C | CWE-272 , Least privilege violation |
| WIN04-C | CWE-311 , Missing encryption of sensitive data |
| WIN04-C | CWE-319 , Cleartext Transmission of Sensitive Information |