CWE-500 – Public Static Field Not Marked Final
Description An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways. Public static...
CWE-501 – Trust Boundary Violation
Description The product mixes trusted and untrusted data in the same data structure or structured message. A trust boundary can be thought of as line...
CWE-464 – Addition of Data Structure Sentinel
Description The accidental addition of a data-structure sentinel can cause serious programming logic problems. Data-structure sentinels are often used to mark the structure of data....
CWE-466 – Return of Pointer Value Outside of Expected Range
Description A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference. Modes of Introduction:...
CWE-467 – Use of sizeof() on a Pointer Type
Description The code calls sizeof() on a malloced pointer type, which always returns the wordsize/8. This can produce an unexpected result if the programmer intended...
CWE-468 – Incorrect Pointer Scaling
Description In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled....
CWE-469 – Use of Pointer Subtraction to Determine Size
Description The application subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist...
CWE-47 – Path Equivalence: ‘ filename’ (Leading Space)
Description A software system that accepts path input in the form of leading space (' filedir') without appropriate validation can lead to ambiguous path resolution...
CWE-470 – Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’)
Description The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from...
CWE-471 – Modification of Assumed-Immutable Data (MAID)
Description The software does not properly protect an assumed-immutable element from being modified by an attacker. This occurs when a particular input is critical enough...