CWE-279 – Incorrect Execution-Assigned Permissions
Description While it is executing, the software sets the permissions of an object in a way that violates the intended permissions that have been specified...
CWE-28 – Path Traversal: ‘..filedir’
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ".." sequences...
CWE-239 – Failure to Handle Incomplete Element
Description The software does not properly handle when a particular element is not completely specified. Modes of Introduction: - Architecture and Design Related...
CWE-24 – Path Traversal: ‘../filedir’
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences...
CWE-240 – Improper Handling of Inconsistent Structural Elements
Description The software does not handle or incorrectly handles when two or more structural elements should be consistent, but are not. Modes of Introduction: -...
CWE-241 – Improper Handling of Unexpected Data Type
Description The software does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but...
CWE-242 – Use of Inherently Dangerous Function
Description The program calls a function that can never be guaranteed to work safely. Certain functions behave in dangerous ways regardless of how they are...
CWE-243 – Creation of chroot Jail Without Changing Working Directory
Description The program uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access...
CWE-244 – Improper Clearing of Heap Memory Before Release (‘Heap Inspection’)
Description Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory....
CWE-245 – J2EE Bad Practices: Direct Management of Connections
Description The J2EE application directly manages connections, instead of using the container's connection management facilities. The J2EE standard forbids the direct management of connections. It...