CWE-572 – Call to Thread run() instead of start()
Description The program calls a thread's run() method instead of calling start(), which causes the code to run in the thread of the caller instead...
CWE-571 – Expression is Always True
Description The software contains an expression that will always evaluate to true. Modes of Introduction: - Implementation Related Weaknesses CWE-710 CWE-561 Consequences...
CWE-570 – Expression is Always False
Description The software contains an expression that will always evaluate to false. Modes of Introduction: - Implementation Related Weaknesses CWE-710 CWE-561 Consequences...
CWE-57 – Path Equivalence: ‘fakedir/../realdir/filename’
Description The software contains protection mechanisms to restrict access to 'realdir/filename', but it constructs pathnames using external input in the form of 'fakedir/../realdir/filename' that are...
CWE-568 – finalize() Method Without super.finalize()
Description The software contains a finalize() method that does not call super.finalize(). The Java Language Specification states that it is a good practice for a...
CWE-567 – Unsynchronized Access to Shared Data in a Multithreaded Context
Description The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes....
CWE-566 – Authorization Bypass Through User-Controlled SQL Primary Key
Description The software uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with...
CWE-565 – Reliance on Cookies without Validation and Integrity Checking
Description The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is...
CWE-564 – SQL Injection: Hibernate
Description Using Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement's meaning or to execute...
CWE-563 – Assignment to Variable without Use
Description The variable's value is assigned but never used, making it a dead store. After the assignment, the variable is either assigned another value or...