CWE-543 – Use of Singleton Pattern Without Synchronization in a Multithreaded Context
Description The software uses the singleton pattern when creating a resource within a multithreaded environment. The use of a singleton pattern may not be thread-safe....
CWE-544 – Missing Standardized Error Handling Mechanism
Description The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses. If...
CWE-502 – Deserialization of Untrusted Data
Description The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. Serialization and deserialization refer to the process of taking...
CWE-506 – Embedded Malicious Code
Description The application contains code that appears to be malicious in nature. Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb....
CWE-507 – Trojan Horse
Description The software appears to contain benign or useful functionality, but it also contains code that is hidden from normal operation that violates the intended...
CWE-508 – Non-Replicating Malicious Code
Description Non-replicating malicious code only resides on the target system or software that is attacked; it does not attempt to spread to other systems. Modes...
CWE-509 – Replicating Malicious Code (Virus or Worm)
Description Replicating malicious code, including viruses and worms, will attempt to attack other systems once it has successfully compromised the target system or software. Modes...
CWE-51 – Path Equivalence: ‘/multiple//internal/slash’
Description A software system that accepts path input in the form of multiple internal slash ('/multiple//internal/slash/') without appropriate validation can lead to ambiguous path resolution...
CWE-510 – Trapdoor
Description A trapdoor is a hidden piece of code that responds to a special input, allowing its user access to resources without passing through the...
CWE-511 – Logic/Time Bomb
Description The software contains code that is designed to disrupt the legitimate operation of the software (or its environment) when a certain time passes, or...