CWE-619 – Dangling Database Cursor (‘Cursor Injection’)
Description If a database cursor is not closed properly, then it could become accessible to other users while retaining the same privileges that were originally...
CWE-62 – UNIX Hard Link
Description The software, when opening a file or directory, does not sufficiently account for when the name is associated with a hard link to a...
CWE-620 – Unverified Password Change
Description When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication....
CWE-584 – Return Inside Finally Block
Description The code has a return statement inside a finally block, which will cause any thrown exception in the try block to be discarded. Modes...
CWE-585 – Empty Synchronized Block
Description The software contains an empty synchronized block. An empty synchronized block does not actually accomplish any synchronization and may indicate a troubled section of...
CWE-586 – Explicit Call to Finalize()
Description The software makes an explicit call to the finalize() method from outside the finalizer. While the Java Language Specification allows an object's finalize() method...
CWE-587 – Assignment of a Fixed Address to a Pointer
Description The software sets a pointer to a specific address other than NULL or 0. Using a fixed address is not portable, because that address...
CWE-588 – Attempt to Access Child of a Non-structure Pointer
Description Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption. Modes of Introduction:...
CWE-589 – Call to Non-ubiquitous API
Description The software uses an API function that does not exist on all versions of the target platform. This could cause portability problems or inconsistencies...
CWE-59 – Improper Link Resolution Before File Access (‘Link Following’)
Description The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or...