CWE-688 – Function Call With Incorrect Variable or Reference as Argument
Description The software calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may...
CWE-689 – Permission Race Condition During Resource Copy
Description The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the...
CWE-69 – Improper Handling of Windows ::DATA Alternate Data Stream
Description The software does not properly prevent access to, or detect usage of, alternate data streams (ADS). An attacker can use an ADS to hide...
CWE-647 – Use of Non-Canonical URL Paths for Authorization Decisions
Description The software defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL...
CWE-648 – Incorrect Use of Privileged APIs
Description The application does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges...
CWE-649 – Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
Description The software uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the software does not use integrity...
CWE-65 – Windows Hard Link
Description The software, when opening a file or directory, does not sufficiently handle when the name is associated with a hard link to a target...
CWE-650 – Trusting HTTP Permission Methods on the Server Side
Description The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to...
CWE-651 – Exposure of WSDL File Containing Sensitive Information
Description The Web services architecture may require exposing a Web Service Definition Language (WSDL) file that contains information on the publicly accessible services and how...
CWE-652 – Improper Neutralization of Data within XQuery Expressions (‘XQuery Injection’)
Description The software uses external input to dynamically construct an XQuery expression used to retrieve data from an XML database, but it does not neutralize...