CWE-768 – Incorrect Short Circuit Evaluation
Description The software contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead...
CWE-767 – Access to Critical Private Variable via Public Method
Description The software defines a public method that reads or modifies a private variable. If an attacker modifies the variable to contain unexpected values, this...
CWE-766 – Critical Data Element Declared Public
Description The software declares a critical variable, field, or member to be public when intended security policy requires it to be private. Modes of Introduction:...
CWE-765 – Multiple Unlocks of a Critical Resource
Description The software unlocks a critical resource more times than intended, leading to an unexpected state in the system. When software is operating in a...
CWE-764 – Multiple Locks of a Critical Resource
Description The software locks a critical resource more times than intended, leading to an unexpected state in the system. When software is operating in a...
CWE-763 – Release of Invalid Pointer or Reference
Description The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly....
CWE-762 – Mismatched Memory Management Routines
Description The application attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function...
CWE-761 – Free of Pointer not at Start of Buffer
Description The application calls free() on a pointer to a memory resource that was allocated on the heap, but the pointer is not at the...
CWE-760 – Use of a One-Way Hash with a Predictable Salt
Description The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software uses a...
CWE-76 – Improper Neutralization of Equivalent Special Elements
Description The software properly neutralizes certain special elements, but it improperly neutralizes equivalent special elements. The software may have a fixed list of special characters...