CWE-562 – Return of Stack Variable Address
Description A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash. Because local...
CWE-563 – Assignment to Variable without Use
Description The variable's value is assigned but never used, making it a dead store. After the assignment, the variable is either assigned another value or...
CWE-564 – SQL Injection: Hibernate
Description Using Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement's meaning or to execute...
CWE-527 – Exposure of Version-Control Repository to an Unauthorized Control Sphere
Description The product stores a CVS, git, or other repository in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible...
CWE-528 – Exposure of Core Dump File to an Unauthorized Control Sphere
Description The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized...
CWE-529 – Exposure of Access Control List Files to an Unauthorized Control Sphere
Description The product stores access control list files in a directory or other container that is accessible to actors outside of the intended control sphere....
CWE-53 – Path Equivalence: ‘multiple\internalbackslash’
Description A software system that accepts path input in the form of multiple internal backslash ('multipletrailing\slash') without appropriate validation can lead to ambiguous path resolution...
CWE-530 – Exposure of Backup File to an Unauthorized Control Sphere
Description A backup file is stored in a directory or archive that is made accessible to unauthorized actors. Often, older backup files are renamed with...
CWE-531 – Inclusion of Sensitive Information in Test Code
Description Accessible test applications can pose a variety of security risks. Since developers or administrators rarely consider that someone besides themselves would even know about...
CWE-532 – Insertion of Sensitive Information into Log File
Description Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Modes...