CWE-628 – Function Call with Incorrectly Specified Arguments
Description The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses. Modes of...
CWE-627 – Dynamic Variable Evaluation
Description In a language where the user can influence the name of a variable at runtime, if the variable names are not controlled, an attacker...
CWE-626 – Null Byte Interaction Error (Poison Null Byte)
Description The product does not properly handle null bytes or NUL characters when passing data between different representations or components. Modes of Introduction: - Implementation...
CWE-625 – Permissive Regular Expression
Description The product uses a regular expression that does not sufficiently restrict the set of allowed values. Modes of Introduction: - Implementation Related...
CWE-624 – Executable Regular Expression Error
Description The product uses a regular expression that either (1) contains an executable component with user-controlled inputs, or (2) allows a user to enable execution...
CWE-623 – Unsafe ActiveX Control Marked Safe For Scripting
Description An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting. This might allow attackers to use dangerous functionality via...
CWE-622 – Improper Validation of Function Hook Arguments
Description The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities. Such hooks...
CWE-621 – Variable Extraction Error
Description The product uses external input to determine the names of variables into which information is extracted, without verifying that the names of the specified...
CWE-620 – Unverified Password Change
Description When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication....
CWE-62 – UNIX Hard Link
Description The software, when opening a file or directory, does not sufficiently account for when the name is associated with a hard link to a...