A.3.1.1. [BVQ] Unspecified Functionality
A.3.1.2. [KLK] Distinguished Values in Data Types
A.3.2. Environment
A.3.2.1. [XYN] Adherence to Least Privilege
A.3.2.2. [XYO] Privilege Sandbox Issues
A.3.2.3. [XYS] Executing or Loading Untrusted Code
A.3.3. Resource Management
A.3.3.1. Memory Management
A.3.3.1.1. [XZX] Memory Locking
A.3.3.1.2. [XZP] Resource Exhaustion
A.3.3.2. Input
A.3.3.2.1. [CBF] Unrestricted file upload
A.3.3.2.2. [HTS] Resource names
A.3.3.2.3. [RST] Injection
A.3.3.2.4. [XYT] Cross-site Scripting
A.3.3.2.6. [XZR] Improperly Verified Signature
A.3.3.2.7. [XZL] Discrepancy Information Leak
A.3.3.2.8. [EFS] Use of unchecked data from an uncontrolled or tainted source
A.3.3.2.9. [SHL] Uncontrolled Format String
A.3.3.3. Output
A.3.3.3.1. [XZK] Sensitive Information Uncleared Before Use
A.3.3.4. Files
A.3.3.4.1. [EWR] Path Traversal
A.3.5. Flaws in Security Functions
A.3.5.2. [MVX] Use of a One-Way Hash without a Salt
A.3.5.2. Authentication
A.3.35..2.16. [XZR] Improperly Verified Signature
A.3.5.2.21. [XYM] Insufficiently Protected Credentials
A.3.5.2.32. [XZN] Missing or Inconsistent Access Control
A.3.5.2.54. [XYP] Hard-coded Password
A.3.5.2.65. [DLB] Download of Code Without Integrity Check
A.3.5.2.76. [BJE] Incorrect Authorization
A.3.5.2.87. [DHU] Inclusion of Functionality from Untrusted Control Sphere
A.3.5.2.98. [WPL] Improper Restriction of Excessive Authentication Attempts
Code
|
Vulnerability Name
|
Sub-clause
|
Page
|
[AMV]
|
Type-breaking Reinterpretation of Data
|
6.38
|
125
|
[BJL]
|
Namespace Issues
|
6.21
|
77
|
[BJE]
|
Incorrect Authorization
|
7.23
|
231
|
[BLP]
|
Violations of the Liskov Substitution Principle
|
6.43
|
|
[BQF]
|
Unspecified Behaviour
|
6.56
|
168
|
[BRS]
|
Obscure Language Features
|
6.55
|
166
|
[BVQ]
|
Unspecified Functionality
|
7.25
|
195
|
[CBF]
|
Unrestricted File Upload
|
7.210
|
201
|
[CCB]
|
Enumerator Issues
|
6.5
|
38
|
[CCI]
|
Clock Issues
|
7.32
|
|
[CCM]
|
Time Consumption Measurement
|
7.22
|
|
[CDJ]
|
Clock Drift and Jitter
|
7.33
|
|
[CGA]
|
Concurrency - Activation
|
6.60
|
Error: Reference source not found
|
[CGM]
|
Protocol Lock Errors
|
6.64
|
Error: Reference source not found
|
[CGS]
|
Concurrency - Premature Termination
|
6.63
|
Error: Reference source not found
|
[CGT]
|
Concurrency - Directed termination
|
6.61
|
Error: Reference source not found
|
[CGX]
|
Concurrent Data Access
|
6.62
|
Error: Reference source not found
|
[CGY]
|
Inadequately Secure Communication of Shared Resources
|
7.19
|
Error: Reference source not found
|
[CJM]
|
String Termination
|
6.7
|
44
|
[CLL]
|
Switch Statements and Static Analysis
|
6.27
|
94
|
[CSJ]
|
Passing Parameters and Return Values
|
6.32
|
104
|
[DCM]
|
Dangling References to Stack Frames
|
6.33
|
108
|
[DHU]
|
Inclusion of Functionality from Untrusted Control Sphere
|
7.4
|
233
|
[DJS]
|
Inter-language Calling
|
6.48
|
151
|
[DLB]
|
Download of Code Without Integrity Check
|
7.3
|
Error: Reference source not found
|
[EFS]
|
Use of unchecked data from an uncontrolled or tainted source
|
7.6
|
Error: Reference source not found
|
[EOJ]
|
Demarcation of Control Flow
|
6.28
|
96
|
[EWD]
|
Structured Programming
|
6.31
|
102
|
[EWF]
|
Undefined Behaviour
|
6.57
|
170
|
[EWR]
|
Path Traversal
|
7.31
|
Error: Reference source not found
|
[FAB]
|
Implementation-defined Behaviour
|
6.58
|
173
|
[FIF]
|
Arithmetic Wrap-around Error
|
6.15
|
63
|
[FLC]
|
Numeric Conversion Errors
|
6.6
|
41
|
[GDL]
|
Recursion
|
6.35
|
114
|
[HCB]
|
Buffer Boundary Violation (Buffer Overflow)
|
6.8
|
46
|
[HFC]
|
Pointer Casting and Pointer Type Changes
|
6.11
|
54
|
[HJW]
|
Unanticipated Exceptions from Library Routines
|
6.51
|
158
|
[HTS]
|
Resource Names
|
7.27
|
Error: Reference source not found
|
[IHN]
|
Type System
|
6.2
|
27
|
[JCW]
|
Operator Precedence/Order of Evaluation
|
6.23
|
83
|
[KLK]
|
Distinguished Values in Data Types
|
7.26
|
Error: Reference source not found
|
[KOA]
|
Likely Incorrect Expression
|
6.25
|
87
|
[LAV]
|
Initialization of Variables
|
6.22
|
79
|
[LRM]
|
Extra Intrinsics
|
6.46
|
139
|
[MEM]
|
Deprecated Language Features
|
6.59
|
176
|
[MVX]
|
Use of a One-Way Hash without a Salt
|
7.18
|
Error: Reference source not found
|
[MXB]
|
Suppression of Language-defined Run-time Checking
|
6.53
|
162
|
[NAI]
|
Choice of Clear Names
|
6.17
|
67
|
[NMP]
|
Pre-processor Directives
|
6.52
|
160
|
[NSQ]
|
Library Signature
|
6.50
|
156
|
[NYY]
|
Dynamically-linked Code and Self-modifying Code
|
6.49
|
154
|
[OTR]
|
Subprogram Signature Mismatch
|
6.34
|
111
|
[OYB]
|
Ignored Error Status and Unhandled Exceptions
|
6.36
|
116
|
[PIK]
|
Using Shift Operations for Multiplication and Division
|
6.16
|
65
|
[PLF]
|
Floating-point Arithmetic
|
6.4
|
33
|
[PPH]
|
Redispatching
|
6.44
|
|
[PYQ]
|
URL Redirection to Untrusted Site
|
7.5
|
Error: Reference source not found
|
[REU]
|
Fault Tolerance and Failure Strategies
|
6.37
|
120
|
[RIP]
|
Inheritance
|
6.42
|
136
|
[RST]
|
Injection
|
7.28
|
212
|
[RVG]
|
Pointer Arithmetic
|
6.12
|
56
|
[SAM]
|
Side-effects and Order of Evaluation
|
6.24
|
85
|
[SKL]
|
Provision of Inherently Unsafe Operations
|
6.54
|
164
|
[SHL]
|
Reliance on ExternalUncontrolled Format String
|
6.65
|
Error: Reference source not found
|
[SKL]
|
Provision of Inherently Unsafe Operations
|
6.54
|
164
|
[STR]
|
Bit Representations
|
6.3
|
31
|
[SYM]
|
Templates and Generics
|
6.41
|
133
|
[TEX]
|
Loop Control Variables
|
6.29
|
98
|
[TRJ]
|
Argument Passing to Library Functions
|
6.47
|
150
|
[WPL]
|
Improper Restriction of Excessive Authentication Attempts
|
7.24
|
Error: Reference source not found
|
[WXQ]
|
Dead Store
|
6.18
|
70
|
[XYH]
|
Null Pointer Dereference
|
6.13
|
58
|
[XYK]
|
Dangling Reference to Heap
|
6.14
|
59
|
[XYL]
|
Memory Leak and Heap Fragmentation
|
6.40
|
128
|
[XYM]
|
Insufficiently Protected Credentials
|
7.12
|
Error: Reference source not found
|
[XYN]
|
Adherence to Least Privilege
|
7.8
|
Error: Reference source not found
|
[XYO]
|
Privilege Sandbox Issues
|
7.9
|
Error: Reference source not found
|
[XYP]
|
Hard-coded Password
|
7.15
|
Error: Reference source not found
|
[XYQ]
|
Dead and Deactivated Code
|
6.26
|
90
|
[XYS]
|
Executing or Loading Untrusted Code
|
7.7
|
Error: Reference source not found
|
[XYT]
|
Cross-site Scripting
|
7.7
|
Error: Reference source not found
|
[XYW]
|
Unchecked Array Copying
|
6.10
|
52
|
[XYZ]
|
Unchecked Array Indexing
|
6.9
|
50
|
[XZH]
|
Off-by-one Error
|
6.30
|
100
|
[XZK]
|
Sensitive Information Uncleared Before Use
|
7.16
|
220
|
[XZL]
|
Discrepancy Information Leak
|
7.30
|
Error: Reference source not found
|
[XZN]
|
Missing or Inconsistent Access Control
|
7.13
|
226
|
[XZO]
|
Authentication Logic Error
|
7.14
|
Error: Reference source not found
|
[XZP]
|
Resource Exhaustion
|
7.21
|
Error: Reference source not found
|
[XZQ]
|
Unquoted Search Path or Element
|
7.29
|
215
|
[XZR]
|
Improperly Verified Signature
|
7.17
|
Error: Reference source not found
|
[XZS]
|
Missing Required Cryptographic Step
|
7.11
|
Error: Reference source not found
|
[XZX]
|
Memory Locking
|
7.20
|
Error: Reference source not found
|
[YAN]
|
Deep vs Shallow Copying
|
6.39
|
|
[YOW]
|
Identifier Name Reuse
|
6.20
|
73
|
[YZS]
|
Unused Variable
|
6.19
|
72
|