CWE-836 – Use of Password Hash Instead of Password for Authentication
Description The software records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to...
CWE-835 – Loop with Unreachable Exit Condition (‘Infinite Loop’)
Description The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. If the loop can be...
CWE-834 – Excessive Iteration
Description The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed. If the iteration can be...
CWE-833 – Deadlock
Description The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock. Modes of...
CWE-832 – Unlock of a Resource that is not Locked
Description The software attempts to unlock a resource that is not locked. Depending on the locking functionality, an unlock of a non-locked resource might cause...
CWE-831 – Signal Handler Function Associated with Multiple Signals
Description The software defines a function that is used as a handler for more than one signal. Modes of Introduction: Likelihood of Exploit: Related...
CWE-830 – Inclusion of Web Functionality from an Untrusted Source
Description The software includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the software,...
CWE-83 – Improper Neutralization of Script in Attributes in a Web Page
Description The software does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style....
CWE-829 – Inclusion of Functionality from Untrusted Control Sphere
Description The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. Modes...
CWE-828 – Signal Handler with Functionality that is not Asynchronous-Safe
Description The software defines a signal handler that contains code sequences that are not asynchronous-safe, i.e., the functionality is not reentrant, or it can be...