...
CERT Rule | Related Guidelines |
|---|---|
| STR34-C | CWE-704, Incorrect Type Conversion or Cast |
| MSC41-C | CWE-259, Use of Hard-Coded Password |
| MSC41-C | CWE-798, Use of Hard-Coded Credentials |
| API00-C | CWE-476 |
| API07-C | CWE-192 |
| API07-C | CWE-227 |
| API07-C | CWE-590 |
| API07-C | CWE-686 |
| API07-C | CWE-704 |
| API07-C | CWE-761 |
| API07-C | CWE-762 |
| API07-C | CWE-843 |
| ARR01-C | CWE-569 |
| ARR01-C | CWE-783 |
| CON05-C | CWE-557 |
| CON05-C | CWE-662 |
| CON07-C | CWE-366, Race condition within a thread |
| CON07-C | CWE-413, Improper resource locking |
| CON07-C | CWE-567, Unsynchronized access to shared data in a multithreaded context |
| CON07-C | CWE-667, Improper locking |
| CON08-C | CWE-362, Concurrent execution using shared resource with improper synchronization ("race condition") |
| CON08-C | CWE-366, Race condition within a thread |
| CON08-C | CWE-662, Improper synchronization |
| DCL06-C | CWE-547, Use of hard-coded, security-relevant constants |
| DCL10-C | CWE-628, Function call with incorrectly specified arguments |
| ENV01-C | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
| ENV01-C | CWE-123, Write-what-where Condition |
| ENV01-C | CWE-125, Out-of-bounds Read |
| ENV02-C | CWE-462, Duplicate key in associative list (Alist) |
| ENV02-C | CWE-807, Reliance on untrusted inputs in a security decision |
| ENV03-C | CWE-78, Failure to sanitize data into an OS command (aka "OS command injection") |
| ENV03-C | CWE-88, Argument injection or modification |
| ENV03-C | CWE-426, Untrusted search path |
| ENV03-C | CWE-471, Modification of Assumed-Immutable Data (MAID) |
| ENV03-C | CWE-807, Reliance on intrusted inputs in a security decision |
| ERR00-C | CWE-391, Unchecked error condition |
| ERR00-C | CWE-544, Missing standardized error handling mechanism |
| ERR04-C | CWE-705, Incorrect control flow scoping |
| ERR07-C | CWE-20, Improper Input Validation |
| ERR07-C | CWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| ERR07-C | CWE-89, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| ERR07-C | CWE-91, XML Injection (aka Blind XPath Injection) |
| ERR07-C | CWE-94, Improper Control of Generation of Code ('Code Injection') |
| ERR07-C | CWE-114, Process Control |
| ERR07-C | CWE-601, URL Redirection to Untrusted Site ('Open Redirect') |
| ERR07-C | CWE-676, Use of potentially dangerous function |
| EXP02-C | CWE-768, Incorrect short circuit evaluation |
| EXP05-C | CWE-704, Incorrect type conversion or cast |
| EXP08-C | CWE-468, Incorrect pointer scaling |
| EXP09-C | CWE-805, Buffer access with incorrect length value |
| EXP12-C | CWE-754, Improper check for unusual or exceptional conditions |
| EXP15-C | CWE-480, Use of incorrect operator |
| EXP16-C | CWE-480, Use of incorrect operator |
| EXP16-C | CWE-482, Comparing instead of assigning |
| FIO01-C | CWE-73, External control of file name or path |
| FIO01-C | CWE-367, Time-of-check, time-of-use race condition |
| FIO01-C | CWE-676, Use of potentially dangerous function |
| FIO02-C | CWE-22, Path traversal |
| FIO02-C | CWE-23, Relative Path Traversal |
| FIO02-C | CWE-28, Path Traversal: '..\filedir' |
| FIO02-C | CWE-40, Path Traversal: '\\UNC\share\name\' (Windows UNC Share) |
| FIO02-C | CWE-41, Failure to resolve path equivalence |
| FIO02-C | CWE-59, Failure to resolve links before file access (aka "link following") |
| FIO02-C | CWE-73, External control of file name or path |
| FIO05-C | CWE-37, Path issue—Slash absolute path |
| FIO05-C | CWE-38, Path Issue—Backslash absolute path |
| FIO05-C | CWE-39, Path Issue—Drive letter or Windows volume |
| FIO05-C | CWE-62, UNIX hard link |
| FIO05-C | CWE-64, Windows shortcut following (.LNK) |
| FIO05-C | CWE-65, Windows hard link |
| FIO06-C | CWE-276, Insecure default permissions |
| FIO06-C | CWE-279, Insecure execution-assigned permissions |
| FIO06-C | CWE-732, Incorrect permission assignment for critical resource |
| FIO15-C | CWE-379, Creation of temporary file in directory with insecure permissions |
| FIO15-C | CWE-552, Files or directories accessible to external parties |
| FIO21-C | CWE-379, Creation of temporary file in directory with insecure permissions |
| FIO22-C | CWE-403, UNIX file descriptor leak |
| FIO22-C | CWE-404, Improper resource shutdown or release |
| FIO22-C | CWE-770, Allocation of resources without limits or throttling |
| FIO24-C | CWE-362, Concurrent Execution Using Shared Resource with Improper Synchronization ("Race Condition") |
| FIO24-C | CWE-675, Duplicate Operations on Resource |
| FLP03-C | CWE-369, Divide by zero |
| FLP06-C | CWE-681, Incorrect conversion between numeric types |
| FLP06-C | CWE-682, Incorrect calculation |
| INT02-C | CWE-192, Integer coercion error |
| INT02-C | CWE-197, Numeric truncation error |
| INT05-C | CWE-192, Integer coercion error |
| INT05-C | CWE-197, Numeric truncation error |
| INT07-C | CWE-682, Incorrect calculation |
| INT10-C | CWE-682, Incorrect calculation |
| INT10-C | CWE-129, Unchecked array indexing |
| INT13-C | CWE-682, Incorrect calculation |
| INT15-C | CWE-681, Incorrect conversion between numeric types |
| INT18-C | CWE-681, Incorrect conversion between numeric types |
| INT18-C | CWE-190, Integer overflow (wrap or wraparound) |
| MEM00-C | CWE-415, Double free |
| MEM00-C | CWE-416, Use after free |
| MEM01-C | CWE-415, Double free |
| MEM01-C | CWE-416, Use after free |
| MEM03-C | CWE-226, Sensitive information uncleared before release |
| MEM03-C | CWE-244, Failure to clear heap memory before release ("heap inspection") |
| MEM04-C | CWE-687, Function call with incorrectly specified argument value |
| MEM06-C | CWE-591, Sensitive data storage in improperly locked memory |
| MEM06-C | CWE-528, Information leak through core dump files |
| MEM07-C | CWE-190, Integer overflow (wrap or wraparound) |
| MEM07-C | CWE-128, Wrap-around error |
| MEM10-C | CWE-20, Improper Input Validation |
| MEM10-C | CWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| MEM10-C | CWE-89, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| MEM10-C | CWE-91, XML Injection (aka Blind XPath Injection) |
| MEM10-C | CWE-94, Improper Control of Generation of Code ('Code Injection') |
| MEM10-C | CWE-114, Process Control |
| MEM10-C | CWE-601, URL Redirection to Untrusted Site ('Open Redirect') |
| MEM11-C | CWE-770, Allocation of resources without limits or throttling |
| MSC00-C | CWE-563, Unused variable |
| MSC00-C | CWE-570, Expression is always false |
| MSC00-C | CWE-571, Expression is always true |
| MSC06-C | CWE-14, Compiler removal of code to clear buffers |
| MSC07-C | CWE-561, Dead code |
| MSC09-C | CWE-116, Improper encoding or escaping of output |
| MSC10-C | CWE-176, Failure to handle Unicode encoding |
| MSC10-C | CWE-116, Improper encoding or escaping of output |
| MSC11-C | CWE-190, Reachable assertion |
| MSC18-C | CWE-259, Use of Hard-coded Password |
| MSC18-C | CWE-261, Weak Cryptography for Passwords |
| MSC18-C | CWE-311, Missing encryption of sensitive data |
| MSC18-C | CWE-319, Cleartext Transmission of Sensitive Information |
| MSC18-C | CWE-321, Use of Hard-coded Cryptographic Key |
| MSC18-C | CWE-326, Inadequate encryption strength |
| MSC18-C | CWE-798, Use of hard-coded credentials |
| MSC24-C | CWE-20, Insufficient input validation |
| MSC24-C | CWE-73, External control of file name or path |
| MSC24-C | CWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| MSC24-C | CWE-89, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| MSC24-C | CWE-91, XML Injection (aka Blind XPath Injection) |
| MSC24-C | CWE-94, Improper Control of Generation of Code ('Code Injection') |
| MSC24-C | CWE-114, Process Control |
| MSC24-C | CWE-120, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| MSC24-C | CWE-192, Integer coercion error |
| MSC24-C | CWE-197, Numeric truncation error |
| MSC24-C | CWE-367, Time-of-check, time-of-use race condition |
| MSC24-C | CWE-464, Addition of data structure sentinel |
| MSC24-C | CWE-601, URL Redirection to Untrusted Site ('Open Redirect') |
| MSC24-C | CWE-676, Use of potentially dangerous function |
| POS01-C | CWE-59, Failure to resolve links before file access (aka "link following") |
| POS01-C | CWE-362, Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
| POS01-C | CWE-367, Time-of-check, time-of-use (TOCTOU) race condition |
| POS02-C | CWE-250, Execution with unnecessary privileges |
| POS02-C | CWE-272, Least privilege violation |
| PRE09-C | CWE-684, Failure to provide specified functionality |
| SIG00-C | CWE-662, Insufficient synchronization |
| STR02-C | CWE-88, Argument injection or modification |
| STR02-C | CWE-78, Failure to sanitize data into an OS command (aka "OS command injection") |
| STR03-C | CWE-170, Improper null termination |
| STR03-C | CWE-464, Addition of data structure sentinel |
| STR06-C | CWE-464, Addition of data structure sentinel |
| WIN02-C | CWE-250, Execution with unnecessary privileges |
| WIN02-C | CWE-272, Least privilege violation |
| WIN04-C | CWE-311, Missing encryption of sensitive data |
| WIN04-C | CWE-319, Cleartext Transmission of Sensitive Information |