CWE-916 – Use of Password Hash With Insufficient Computational Effort
Description The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that...
CWE-915 – Improperly Controlled Modification of Dynamically-Determined Object Attributes
Description The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an...
CWE-914 – Improper Control of Dynamically-Identified Variables
Description The software does not properly restrict reading from or writing to dynamically-identified variables. Many languages offer powerful features that allow the programmer to access...
CWE-913 – Improper Control of Dynamically-Managed Code Resources
Description The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions...
CWE-912 – Hidden Functionality
Description The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is...
CWE-911 – Improper Update of Reference Count
Description The software uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count. Reference counts can...
CWE-910 – Use of Expired File Descriptor
Description The software uses or accesses a file descriptor after it has been closed. After a file descriptor for a particular file or device has...
CWE-91 – XML Injection (aka Blind XPath Injection)
Description The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the...
CWE-909 – Missing Initialization of Resource
Description The software does not initialize a critical resource. Many resources require initialization before they can be properly used. If a resource is not initialized,...
CWE-908 – Use of Uninitialized Resource
Description The software uses or accesses a resource that has not been initialized. When a resource has not been properly initialized, the software may behave...