Movatterモバイル変換

[0]ホーム
URL:

CodeQL documentation
CodeQL resources

CWE coverage for C#

An overview of CWE coverage for C# in the latest release of CodeQL.

Overview

CWELanguageQuery idQuery name
CWE-11C#cs/web/debug-binaryCreating an ASP.NET debug binary may reveal sensitive information
CWE-12C#cs/web/missing-global-error-handlerMissing global error handler
CWE-13C#cs/password-in-configurationPassword in configuration file
CWE-20C#cs/count-untrusted-data-external-apiFrequency counts for external APIs that are used with untrusted data
CWE-20C#cs/serialization-check-bypassSerialization check bypass
CWE-20C#cs/untrusted-data-to-external-apiUntrusted data passed to external API
CWE-20C#cs/xml/missing-validationMissing XML validation
CWE-20C#cs/assembly-path-injectionAssembly path injection
CWE-22C#cs/path-injectionUncontrolled data used in path expression
CWE-22C#cs/zipslipArbitrary file access during archive extraction ("Zip Slip")
CWE-22C#cs/webclient-path-injectionUncontrolled data used in a WebClient
CWE-23C#cs/path-injectionUncontrolled data used in path expression
CWE-23C#cs/webclient-path-injectionUncontrolled data used in a WebClient
CWE-36C#cs/path-injectionUncontrolled data used in path expression
CWE-36C#cs/webclient-path-injectionUncontrolled data used in a WebClient
CWE-73C#cs/path-injectionUncontrolled data used in path expression
CWE-73C#cs/webclient-path-injectionUncontrolled data used in a WebClient
CWE-74C#cs/path-injectionUncontrolled data used in path expression
CWE-74C#cs/command-line-injectionUncontrolled command line
CWE-74C#cs/web/xssCross-site scripting
CWE-74C#cs/sql-injectionSQL query built from user-controlled sources
CWE-74C#cs/ldap-injectionLDAP query built from user-controlled sources
CWE-74C#cs/xml-injectionXML injection
CWE-74C#cs/code-injectionImproper control of generation of code
CWE-74C#cs/resource-injectionResource injection
CWE-74C#cs/uncontrolled-format-stringUncontrolled format string
CWE-74C#cs/xml/xpath-injectionXPath injection
CWE-74C#cs/web/disabled-header-checkingHeader checking disabled
CWE-74C#cs/webclient-path-injectionUncontrolled data used in a WebClient
CWE-77C#cs/command-line-injectionUncontrolled command line
CWE-78C#cs/command-line-injectionUncontrolled command line
CWE-79C#cs/web/xssCross-site scripting
CWE-88C#cs/command-line-injectionUncontrolled command line
CWE-89C#cs/sql-injectionSQL query built from user-controlled sources
CWE-90C#cs/ldap-injectionLDAP query built from user-controlled sources
CWE-91C#cs/xml-injectionXML injection
CWE-91C#cs/xml/xpath-injectionXPath injection
CWE-93C#cs/web/disabled-header-checkingHeader checking disabled
CWE-94C#cs/code-injectionImproper control of generation of code
CWE-95C#cs/code-injectionImproper control of generation of code
CWE-96C#cs/code-injectionImproper control of generation of code
CWE-99C#cs/path-injectionUncontrolled data used in path expression
CWE-99C#cs/resource-injectionResource injection
CWE-99C#cs/webclient-path-injectionUncontrolled data used in a WebClient
CWE-112C#cs/xml/missing-validationMissing XML validation
CWE-113C#cs/web/disabled-header-checkingHeader checking disabled
CWE-114C#cs/assembly-path-injectionAssembly path injection
CWE-116C#cs/web/xssCross-site scripting
CWE-116C#cs/log-forgingLog entries created from user input
CWE-116C#cs/inappropriate-encodingInappropriate encoding
CWE-117C#cs/log-forgingLog entries created from user input
CWE-118C#cs/unvalidated-local-pointer-arithmeticUnvalidated local pointer arithmetic
CWE-119C#cs/unvalidated-local-pointer-arithmeticUnvalidated local pointer arithmetic
CWE-120C#cs/unvalidated-local-pointer-arithmeticUnvalidated local pointer arithmetic
CWE-122C#cs/unvalidated-local-pointer-arithmeticUnvalidated local pointer arithmetic
CWE-134C#cs/uncontrolled-format-stringUncontrolled format string
CWE-190C#cs/loss-of-precisionPossible loss of precision
CWE-193C#cs/index-out-of-boundsOff-by-one comparison against container length
CWE-197C#cs/loss-of-precisionPossible loss of precision
CWE-200C#cs/web/debug-binaryCreating an ASP.NET debug binary may reveal sensitive information
CWE-200C#cs/sensitive-data-transmissionInformation exposure through transmitted data
CWE-200C#cs/information-exposure-through-exceptionInformation exposure through an exception
CWE-200C#cs/cleartext-storage-of-sensitive-informationClear text storage of sensitive information
CWE-200C#cs/exposure-of-sensitive-informationExposure of private information
CWE-200C#cs/web/directory-browse-enabledASP.NET config file enables directory browsing
CWE-200C#cs/web/persistent-cookieCookie security: persistent cookie
CWE-201C#cs/sensitive-data-transmissionInformation exposure through transmitted data
CWE-209C#cs/information-exposure-through-exceptionInformation exposure through an exception
CWE-215C#cs/web/debug-binaryCreating an ASP.NET debug binary may reveal sensitive information
CWE-221C#cs/catch-of-all-exceptionsGeneric catch clause
CWE-221C#cs/web/missing-x-frame-optionsMissing X-Frame-Options HTTP header
CWE-227C#cs/inconsistent-equals-and-gethashcodeInconsistent Equals(object) and GetHashCode()
CWE-227C#cs/invalid-dynamic-callBad dynamic call
CWE-227C#cs/web/missing-x-frame-optionsMissing X-Frame-Options HTTP header
CWE-247C#cs/user-controlled-bypassUser-controlled bypass of sensitive method
CWE-248C#cs/web/missing-global-error-handlerMissing global error handler
CWE-252C#cs/unchecked-return-valueUnchecked return value
CWE-256C#cs/password-in-configurationPassword in configuration file
CWE-258C#cs/empty-password-in-configurationEmpty password in configuration file
CWE-259C#cs/hardcoded-connection-string-credentialsHard-coded connection string with credentials
CWE-259C#cs/hardcoded-credentialsHard-coded credentials
CWE-260C#cs/empty-password-in-configurationEmpty password in configuration file
CWE-260C#cs/password-in-configurationPassword in configuration file
CWE-284C#cs/empty-password-in-configurationEmpty password in configuration file
CWE-284C#cs/password-in-configurationPassword in configuration file
CWE-284C#cs/web/missing-function-level-access-controlMissing function level access control
CWE-284C#cs/hard-coded-symmetric-encryption-keyHard-coded symmetric encryption key
CWE-284C#cs/session-reuseFailure to abandon session
CWE-284C#cs/web/insecure-direct-object-referenceInsecure Direct Object Reference
CWE-284C#cs/hardcoded-connection-string-credentialsHard-coded connection string with credentials
CWE-284C#cs/hardcoded-credentialsHard-coded credentials
CWE-284C#cs/user-controlled-bypassUser-controlled bypass of sensitive method
CWE-284C#cs/web/broad-cookie-domainCookie security: overly broad domain
CWE-284C#cs/web/broad-cookie-pathCookie security: overly broad path
CWE-285C#cs/empty-password-in-configurationEmpty password in configuration file
CWE-285C#cs/web/missing-function-level-access-controlMissing function level access control
CWE-285C#cs/web/insecure-direct-object-referenceInsecure Direct Object Reference
CWE-287C#cs/empty-password-in-configurationEmpty password in configuration file
CWE-287C#cs/password-in-configurationPassword in configuration file
CWE-287C#cs/hard-coded-symmetric-encryption-keyHard-coded symmetric encryption key
CWE-287C#cs/session-reuseFailure to abandon session
CWE-287C#cs/hardcoded-connection-string-credentialsHard-coded connection string with credentials
CWE-287C#cs/hardcoded-credentialsHard-coded credentials
CWE-287C#cs/user-controlled-bypassUser-controlled bypass of sensitive method
CWE-287C#cs/web/broad-cookie-domainCookie security: overly broad domain
CWE-287C#cs/web/broad-cookie-pathCookie security: overly broad path
CWE-290C#cs/user-controlled-bypassUser-controlled bypass of sensitive method
CWE-311C#cs/password-in-configurationPassword in configuration file
CWE-311C#cs/cleartext-storage-of-sensitive-informationClear text storage of sensitive information
CWE-311C#cs/web/requiressl-not-set'requireSSL' attribute is not set to true
CWE-311C#cs/web/cookie-secure-not-set'Secure' attribute is not set to true
CWE-312C#cs/password-in-configurationPassword in configuration file
CWE-312C#cs/cleartext-storage-of-sensitive-informationClear text storage of sensitive information
CWE-313C#cs/password-in-configurationPassword in configuration file
CWE-315C#cs/cleartext-storage-of-sensitive-informationClear text storage of sensitive information
CWE-319C#cs/web/requiressl-not-set'requireSSL' attribute is not set to true
CWE-319C#cs/web/cookie-secure-not-set'Secure' attribute is not set to true
CWE-321C#cs/hard-coded-symmetric-encryption-keyHard-coded symmetric encryption key
CWE-321C#cs/hardcoded-connection-string-credentialsHard-coded connection string with credentials
CWE-321C#cs/hardcoded-credentialsHard-coded credentials
CWE-326C#cs/insufficient-key-sizeWeak encryption: Insufficient key size
CWE-327C#cs/adding-cert-to-root-storeDo not add certificates to the system root store.
CWE-327C#cs/insecure-sql-connectionInsecure SQL connection
CWE-327C#cs/ecb-encryptionEncryption using ECB
CWE-327C#cs/inadequate-rsa-paddingWeak encryption: inadequate RSA padding
CWE-327C#cs/weak-encryptionWeak encryption
CWE-327C#cs/azure-storage/unsafe-usage-of-client-side-encryption-versionUnsafe usage of v1 version of Azure Storage client-side encryption (CVE-2022-30187).
CWE-327C#cs/hash-without-saltUse of a hash function without a salt
CWE-330C#cs/random-used-onceRandom used only once
CWE-330C#cs/hard-coded-symmetric-encryption-keyHard-coded symmetric encryption key
CWE-330C#cs/hardcoded-connection-string-credentialsHard-coded connection string with credentials
CWE-330C#cs/hardcoded-credentialsHard-coded credentials
CWE-330C#cs/insecure-randomnessInsecure randomness
CWE-335C#cs/random-used-onceRandom used only once
CWE-338C#cs/insecure-randomnessInsecure randomness
CWE-344C#cs/hard-coded-symmetric-encryption-keyHard-coded symmetric encryption key
CWE-344C#cs/hardcoded-connection-string-credentialsHard-coded connection string with credentials
CWE-344C#cs/hardcoded-credentialsHard-coded credentials
CWE-345C#cs/web/ambiguous-client-variableValue shadowing
CWE-345C#cs/web/ambiguous-server-variableValue shadowing: server variable
CWE-345C#cs/web/missing-token-validationMissing cross-site request forgery token validation
CWE-348C#cs/web/ambiguous-client-variableValue shadowing
CWE-348C#cs/web/ambiguous-server-variableValue shadowing: server variable
CWE-350C#cs/user-controlled-bypassUser-controlled bypass of sensitive method
CWE-352C#cs/web/missing-token-validationMissing cross-site request forgery token validation
CWE-359C#cs/cleartext-storage-of-sensitive-informationClear text storage of sensitive information
CWE-359C#cs/exposure-of-sensitive-informationExposure of private information
CWE-362C#cs/unsafe-sync-on-fieldFutile synchronization on field
CWE-362C#cs/unsynchronized-static-accessUnsynchronized access to static collection member in non-static context
CWE-362C#cs/thread-unsafe-icryptotransform-field-in-classThread-unsafe use of a static ICryptoTransform field
CWE-362C#cs/thread-unsafe-icryptotransform-captured-in-lambdaThread-unsafe capturing of an ICryptoTransform object
CWE-366C#cs/unsafe-sync-on-fieldFutile synchronization on field
CWE-384C#cs/session-reuseFailure to abandon session
CWE-390C#cs/empty-catch-blockPoor error handling: empty catch block
CWE-391C#cs/empty-catch-blockPoor error handling: empty catch block
CWE-395C#cs/catch-nullreferenceexceptionPoor error handling: catch of NullReferenceException
CWE-396C#cs/catch-of-all-exceptionsGeneric catch clause
CWE-398C#cs/call-to-obsolete-methodCall to obsolete method
CWE-398C#cs/todo-commentTODO comment
CWE-398C#cs/dereferenced-value-is-always-nullDereferenced variable is always null
CWE-398C#cs/dereferenced-value-may-be-nullDereferenced variable may be null
CWE-398C#cs/unused-reftypeDead reference types
CWE-398C#cs/useless-assignment-to-localUseless assignment to local variable
CWE-398C#cs/unused-fieldUnused field
CWE-398C#cs/unused-methodUnused method
CWE-398C#cs/useless-cast-to-selfCast to same type
CWE-398C#cs/useless-is-before-asUseless 'is' before 'as'
CWE-398C#cs/coalesce-of-identical-expressionsUseless ?? expression
CWE-398C#cs/useless-type-testUseless type test
CWE-398C#cs/useless-upcastUseless upcast
CWE-398C#cs/empty-collectionContainer contents are never initialized
CWE-398C#cs/unused-collectionContainer contents are never accessed
CWE-398C#cs/empty-lock-statementEmpty lock statement
CWE-398C#cs/linq/useless-selectRedundant Select
CWE-400C#cs/redosDenial of Service from comparison of user input against expensive regex
CWE-400C#cs/regex-injectionRegular expression injection
CWE-404C#cs/dispose-not-called-on-throwDispose may not be called if an exception is thrown during execution
CWE-404C#cs/member-not-disposedMissing Dispose call
CWE-404C#cs/missing-dispose-methodMissing Dispose method
CWE-404C#cs/local-not-disposedMissing Dispose call on local IDisposable
CWE-405C#cs/xml/insecure-dtd-handlingUntrusted XML is read insecurely
CWE-405C#cs/insecure-xml-readXML is read insecurely
CWE-409C#cs/xml/insecure-dtd-handlingUntrusted XML is read insecurely
CWE-409C#cs/insecure-xml-readXML is read insecurely
CWE-434C#cs/web/file-uploadUse of file upload
CWE-441C#cs/request-forgeryServer-side request forgery
CWE-451C#cs/web/missing-x-frame-optionsMissing X-Frame-Options HTTP header
CWE-457C#cs/unassigned-fieldField is never assigned a non-default value
CWE-459C#cs/dispose-not-called-on-throwDispose may not be called if an exception is thrown during execution
CWE-459C#cs/member-not-disposedMissing Dispose call
CWE-459C#cs/missing-dispose-methodMissing Dispose method
CWE-459C#cs/local-not-disposedMissing Dispose call on local IDisposable
CWE-460C#cs/dispose-not-called-on-throwDispose may not be called if an exception is thrown during execution
CWE-460C#cs/local-not-disposedMissing Dispose call on local IDisposable
CWE-471C#cs/web/html-hidden-inputUse of HTMLInputHidden
CWE-472C#cs/web/html-hidden-inputUse of HTMLInputHidden
CWE-476C#cs/dereferenced-value-is-always-nullDereferenced variable is always null
CWE-476C#cs/dereferenced-value-may-be-nullDereferenced variable may be null
CWE-477C#cs/call-to-obsolete-methodCall to obsolete method
CWE-480C#cs/non-short-circuitPotentially dangerous use of non-short-circuit logic
CWE-485C#cs/class-name-comparisonErroneous class compare
CWE-485C#cs/cast-from-abstract-to-concrete-collectionCast from abstract to concrete collection
CWE-485C#cs/expose-implementationExposing internal representation
CWE-485C#cs/web/debug-codeASP.NET: leftover debug code
CWE-486C#cs/class-name-comparisonErroneous class compare
CWE-489C#cs/web/debug-codeASP.NET: leftover debug code
CWE-497C#cs/information-exposure-through-exceptionInformation exposure through an exception
CWE-502C#cs/deserialized-delegateDeserialized delegate
CWE-502C#cs/unsafe-deserializationUnsafe deserializer
CWE-502C#cs/unsafe-deserialization-untrusted-inputDeserialization of untrusted data
CWE-521C#cs/empty-password-in-configurationEmpty password in configuration file
CWE-522C#cs/empty-password-in-configurationEmpty password in configuration file
CWE-522C#cs/password-in-configurationPassword in configuration file
CWE-532C#cs/web/debug-binaryCreating an ASP.NET debug binary may reveal sensitive information
CWE-538C#cs/web/debug-binaryCreating an ASP.NET debug binary may reveal sensitive information
CWE-538C#cs/web/directory-browse-enabledASP.NET config file enables directory browsing
CWE-538C#cs/web/persistent-cookieCookie security: persistent cookie
CWE-539C#cs/web/persistent-cookieCookie security: persistent cookie
CWE-546C#cs/todo-commentTODO comment
CWE-548C#cs/web/directory-browse-enabledASP.NET config file enables directory browsing
CWE-552C#cs/web/debug-binaryCreating an ASP.NET debug binary may reveal sensitive information
CWE-552C#cs/web/directory-browse-enabledASP.NET config file enables directory browsing
CWE-561C#cs/unused-reftypeDead reference types
CWE-561C#cs/unused-fieldUnused field
CWE-561C#cs/unused-methodUnused method
CWE-561C#cs/useless-cast-to-selfCast to same type
CWE-561C#cs/useless-is-before-asUseless 'is' before 'as'
CWE-561C#cs/coalesce-of-identical-expressionsUseless ?? expression
CWE-561C#cs/useless-type-testUseless type test
CWE-561C#cs/useless-upcastUseless upcast
CWE-561C#cs/empty-collectionContainer contents are never initialized
CWE-561C#cs/unused-collectionContainer contents are never accessed
CWE-561C#cs/linq/useless-selectRedundant Select
CWE-563C#cs/useless-assignment-to-localUseless assignment to local variable
CWE-567C#cs/unsynchronized-static-accessUnsynchronized access to static collection member in non-static context
CWE-573C#cs/inconsistent-equals-and-gethashcodeInconsistent Equals(object) and GetHashCode()
CWE-573C#cs/invalid-dynamic-callBad dynamic call
CWE-581C#cs/inconsistent-equals-and-gethashcodeInconsistent Equals(object) and GetHashCode()
CWE-582C#cs/static-arrayArray constant vulnerable to change
CWE-585C#cs/empty-lock-statementEmpty lock statement
CWE-592C#cs/user-controlled-bypassUser-controlled bypass of sensitive method
CWE-595C#cs/reference-equality-with-objectReference equality test on System.Object
CWE-595C#cs/reference-equality-on-valuetypesCall to ReferenceEquals(...) on value type expressions
CWE-601C#cs/web/unvalidated-url-redirectionURL redirection from remote source
CWE-609C#cs/unsafe-double-checked-lockDouble-checked lock is not thread-safe
CWE-610C#cs/path-injectionUncontrolled data used in path expression
CWE-610C#cs/web/unvalidated-url-redirectionURL redirection from remote source
CWE-610C#cs/xml/insecure-dtd-handlingUntrusted XML is read insecurely
CWE-610C#cs/insecure-xml-readXML is read insecurely
CWE-610C#cs/webclient-path-injectionUncontrolled data used in a WebClient
CWE-610C#cs/request-forgeryServer-side request forgery
CWE-611C#cs/xml/insecure-dtd-handlingUntrusted XML is read insecurely
CWE-611C#cs/insecure-xml-readXML is read insecurely
CWE-614C#cs/web/requiressl-not-set'requireSSL' attribute is not set to true
CWE-614C#cs/web/cookie-secure-not-set'Secure' attribute is not set to true
CWE-628C#cs/invalid-dynamic-callBad dynamic call
CWE-639C#cs/web/insecure-direct-object-referenceInsecure Direct Object Reference
CWE-642C#cs/web/html-hidden-inputUse of HTMLInputHidden
CWE-642C#cs/path-injectionUncontrolled data used in path expression
CWE-642C#cs/webclient-path-injectionUncontrolled data used in a WebClient
CWE-643C#cs/xml/xpath-injectionXPath injection
CWE-657C#cs/hard-coded-symmetric-encryption-keyHard-coded symmetric encryption key
CWE-657C#cs/hardcoded-connection-string-credentialsHard-coded connection string with credentials
CWE-657C#cs/hardcoded-credentialsHard-coded credentials
CWE-662C#cs/unsafe-sync-on-fieldFutile synchronization on field
CWE-662C#cs/inconsistent-lock-sequenceInconsistent lock sequence
CWE-662C#cs/lock-thisLocking the 'this' object in a lock statement
CWE-662C#cs/locked-waitA lock is held during a wait
CWE-662C#cs/unsynchronized-getterInconsistently synchronized property
CWE-662C#cs/unsafe-double-checked-lockDouble-checked lock is not thread-safe
CWE-662C#cs/unsynchronized-static-accessUnsynchronized access to static collection member in non-static context
CWE-664C#cs/dispose-not-called-on-throwDispose may not be called if an exception is thrown during execution
CWE-664C#cs/member-not-disposedMissing Dispose call
CWE-664C#cs/missing-dispose-methodMissing Dispose method
CWE-664C#cs/local-not-disposedMissing Dispose call on local IDisposable
CWE-664C#cs/class-name-comparisonErroneous class compare
CWE-664C#cs/cast-from-abstract-to-concrete-collectionCast from abstract to concrete collection
CWE-664C#cs/expose-implementationExposing internal representation
CWE-664C#cs/static-arrayArray constant vulnerable to change
CWE-664C#cs/web/debug-codeASP.NET: leftover debug code
CWE-664C#cs/web/html-hidden-inputUse of HTMLInputHidden
CWE-664C#cs/unsafe-sync-on-fieldFutile synchronization on field
CWE-664C#cs/inconsistent-lock-sequenceInconsistent lock sequence
CWE-664C#cs/lock-thisLocking the 'this' object in a lock statement
CWE-664C#cs/locked-waitA lock is held during a wait
CWE-664C#cs/unsynchronized-getterInconsistently synchronized property
CWE-664C#cs/unsafe-double-checked-lockDouble-checked lock is not thread-safe
CWE-664C#cs/unsynchronized-static-accessUnsynchronized access to static collection member in non-static context
CWE-664C#cs/empty-password-in-configurationEmpty password in configuration file
CWE-664C#cs/password-in-configurationPassword in configuration file
CWE-664C#cs/unassigned-fieldField is never assigned a non-default value
CWE-664C#cs/web/file-uploadUse of file upload
CWE-664C#cs/catch-of-all-exceptionsGeneric catch clause
CWE-664C#cs/loss-of-precisionPossible loss of precision
CWE-664C#cs/web/debug-binaryCreating an ASP.NET debug binary may reveal sensitive information
CWE-664C#cs/path-injectionUncontrolled data used in path expression
CWE-664C#cs/zipslipArbitrary file access during archive extraction ("Zip Slip")
CWE-664C#cs/code-injectionImproper control of generation of code
CWE-664C#cs/sensitive-data-transmissionInformation exposure through transmitted data
CWE-664C#cs/information-exposure-through-exceptionInformation exposure through an exception
CWE-664C#cs/web/missing-function-level-access-controlMissing function level access control
CWE-664C#cs/cleartext-storage-of-sensitive-informationClear text storage of sensitive information
CWE-664C#cs/hard-coded-symmetric-encryption-keyHard-coded symmetric encryption key
CWE-664C#cs/exposure-of-sensitive-informationExposure of private information
CWE-664C#cs/session-reuseFailure to abandon session
CWE-664C#cs/web/missing-x-frame-optionsMissing X-Frame-Options HTTP header
CWE-664C#cs/deserialized-delegateDeserialized delegate
CWE-664C#cs/unsafe-deserializationUnsafe deserializer
CWE-664C#cs/unsafe-deserialization-untrusted-inputDeserialization of untrusted data
CWE-664C#cs/web/directory-browse-enabledASP.NET config file enables directory browsing
CWE-664C#cs/web/unvalidated-url-redirectionURL redirection from remote source
CWE-664C#cs/xml/insecure-dtd-handlingUntrusted XML is read insecurely
CWE-664C#cs/insecure-xml-readXML is read insecurely
CWE-664C#cs/web/insecure-direct-object-referenceInsecure Direct Object Reference
CWE-664C#cs/redosDenial of Service from comparison of user input against expensive regex
CWE-664C#cs/regex-injectionRegular expression injection
CWE-664C#cs/hardcoded-connection-string-credentialsHard-coded connection string with credentials
CWE-664C#cs/hardcoded-credentialsHard-coded credentials
CWE-664C#cs/user-controlled-bypassUser-controlled bypass of sensitive method
CWE-664C#cs/web/broad-cookie-domainCookie security: overly broad domain
CWE-664C#cs/web/broad-cookie-pathCookie security: overly broad path
CWE-664C#cs/web/persistent-cookieCookie security: persistent cookie
CWE-664C#cs/webclient-path-injectionUncontrolled data used in a WebClient
CWE-664C#cs/request-forgeryServer-side request forgery
CWE-665C#cs/unassigned-fieldField is never assigned a non-default value
CWE-667C#cs/locked-waitA lock is held during a wait
CWE-667C#cs/unsafe-double-checked-lockDouble-checked lock is not thread-safe
CWE-668C#cs/static-arrayArray constant vulnerable to change
CWE-668C#cs/web/html-hidden-inputUse of HTMLInputHidden
CWE-668C#cs/empty-password-in-configurationEmpty password in configuration file
CWE-668C#cs/password-in-configurationPassword in configuration file
CWE-668C#cs/web/debug-binaryCreating an ASP.NET debug binary may reveal sensitive information
CWE-668C#cs/path-injectionUncontrolled data used in path expression
CWE-668C#cs/zipslipArbitrary file access during archive extraction ("Zip Slip")
CWE-668C#cs/sensitive-data-transmissionInformation exposure through transmitted data
CWE-668C#cs/information-exposure-through-exceptionInformation exposure through an exception
CWE-668C#cs/cleartext-storage-of-sensitive-informationClear text storage of sensitive information
CWE-668C#cs/exposure-of-sensitive-informationExposure of private information
CWE-668C#cs/web/directory-browse-enabledASP.NET config file enables directory browsing
CWE-668C#cs/web/persistent-cookieCookie security: persistent cookie
CWE-668C#cs/webclient-path-injectionUncontrolled data used in a WebClient
CWE-669C#cs/web/file-uploadUse of file upload
CWE-669C#cs/web/missing-x-frame-optionsMissing X-Frame-Options HTTP header
CWE-669C#cs/xml/insecure-dtd-handlingUntrusted XML is read insecurely
CWE-669C#cs/insecure-xml-readXML is read insecurely
CWE-670C#cs/non-short-circuitPotentially dangerous use of non-short-circuit logic
CWE-671C#cs/hard-coded-symmetric-encryption-keyHard-coded symmetric encryption key
CWE-671C#cs/hardcoded-connection-string-credentialsHard-coded connection string with credentials
CWE-671C#cs/hardcoded-credentialsHard-coded credentials
CWE-674C#cs/xml/insecure-dtd-handlingUntrusted XML is read insecurely
CWE-674C#cs/insecure-xml-readXML is read insecurely
CWE-681C#cs/loss-of-precisionPossible loss of precision
CWE-682C#cs/index-out-of-boundsOff-by-one comparison against container length
CWE-682C#cs/loss-of-precisionPossible loss of precision
CWE-684C#cs/web/missing-x-frame-optionsMissing X-Frame-Options HTTP header
CWE-691C#cs/catch-nullreferenceexceptionPoor error handling: catch of NullReferenceException
CWE-691C#cs/constant-conditionConstant condition
CWE-691C#cs/unsafe-sync-on-fieldFutile synchronization on field
CWE-691C#cs/inconsistent-lock-sequenceInconsistent lock sequence
CWE-691C#cs/lock-thisLocking the 'this' object in a lock statement
CWE-691C#cs/locked-waitA lock is held during a wait
CWE-691C#cs/unsynchronized-getterInconsistently synchronized property
CWE-691C#cs/unsafe-double-checked-lockDouble-checked lock is not thread-safe
CWE-691C#cs/unsynchronized-static-accessUnsynchronized access to static collection member in non-static context
CWE-691C#cs/catch-of-all-exceptionsGeneric catch clause
CWE-691C#cs/non-short-circuitPotentially dangerous use of non-short-circuit logic
CWE-691C#cs/thread-unsafe-icryptotransform-field-in-classThread-unsafe use of a static ICryptoTransform field
CWE-691C#cs/thread-unsafe-icryptotransform-captured-in-lambdaThread-unsafe capturing of an ICryptoTransform object
CWE-691C#cs/linq/inconsistent-enumerationBad multiple iteration
CWE-691C#cs/code-injectionImproper control of generation of code
CWE-691C#cs/web/missing-global-error-handlerMissing global error handler
CWE-691C#cs/xml/insecure-dtd-handlingUntrusted XML is read insecurely
CWE-691C#cs/insecure-xml-readXML is read insecurely
CWE-693C#cs/empty-password-in-configurationEmpty password in configuration file
CWE-693C#cs/password-in-configurationPassword in configuration file
CWE-693C#cs/web/ambiguous-client-variableValue shadowing
CWE-693C#cs/web/ambiguous-server-variableValue shadowing: server variable
CWE-693C#cs/count-untrusted-data-external-apiFrequency counts for external APIs that are used with untrusted data
CWE-693C#cs/serialization-check-bypassSerialization check bypass
CWE-693C#cs/untrusted-data-to-external-apiUntrusted data passed to external API
CWE-693C#cs/xml/missing-validationMissing XML validation
CWE-693C#cs/assembly-path-injectionAssembly path injection
CWE-693C#cs/web/missing-function-level-access-controlMissing function level access control
CWE-693C#cs/cleartext-storage-of-sensitive-informationClear text storage of sensitive information
CWE-693C#cs/hard-coded-symmetric-encryption-keyHard-coded symmetric encryption key
CWE-693C#cs/adding-cert-to-root-storeDo not add certificates to the system root store.
CWE-693C#cs/insecure-sql-connectionInsecure SQL connection
CWE-693C#cs/web/missing-token-validationMissing cross-site request forgery token validation
CWE-693C#cs/session-reuseFailure to abandon session
CWE-693C#cs/web/requiressl-not-set'requireSSL' attribute is not set to true
CWE-693C#cs/web/insecure-direct-object-referenceInsecure Direct Object Reference
CWE-693C#cs/hardcoded-connection-string-credentialsHard-coded connection string with credentials
CWE-693C#cs/hardcoded-credentialsHard-coded credentials
CWE-693C#cs/user-controlled-bypassUser-controlled bypass of sensitive method
CWE-693C#cs/web/broad-cookie-domainCookie security: overly broad domain
CWE-693C#cs/web/broad-cookie-pathCookie security: overly broad path
CWE-693C#cs/ecb-encryptionEncryption using ECB
CWE-693C#cs/inadequate-rsa-paddingWeak encryption: inadequate RSA padding
CWE-693C#cs/insufficient-key-sizeWeak encryption: Insufficient key size
CWE-693C#cs/weak-encryptionWeak encryption
CWE-693C#cs/azure-storage/unsafe-usage-of-client-side-encryption-versionUnsafe usage of v1 version of Azure Storage client-side encryption (CVE-2022-30187).
CWE-693C#cs/web/cookie-secure-not-set'Secure' attribute is not set to true
CWE-693C#cs/hash-without-saltUse of a hash function without a salt
CWE-697C#cs/class-name-comparisonErroneous class compare
CWE-697C#cs/reference-equality-with-objectReference equality test on System.Object
CWE-697C#cs/reference-equality-on-valuetypesCall to ReferenceEquals(...) on value type expressions
CWE-703C#cs/dispose-not-called-on-throwDispose may not be called if an exception is thrown during execution
CWE-703C#cs/local-not-disposedMissing Dispose call on local IDisposable
CWE-703C#cs/unchecked-return-valueUnchecked return value
CWE-703C#cs/catch-nullreferenceexceptionPoor error handling: catch of NullReferenceException
CWE-703C#cs/empty-catch-blockPoor error handling: empty catch block
CWE-703C#cs/catch-of-all-exceptionsGeneric catch clause
CWE-703C#cs/information-exposure-through-exceptionInformation exposure through an exception
CWE-703C#cs/web/missing-global-error-handlerMissing global error handler
CWE-704C#cs/loss-of-precisionPossible loss of precision
CWE-705C#cs/catch-nullreferenceexceptionPoor error handling: catch of NullReferenceException
CWE-705C#cs/catch-of-all-exceptionsGeneric catch clause
CWE-705C#cs/web/missing-global-error-handlerMissing global error handler
CWE-706C#cs/path-injectionUncontrolled data used in path expression
CWE-706C#cs/zipslipArbitrary file access during archive extraction ("Zip Slip")
CWE-706C#cs/xml/insecure-dtd-handlingUntrusted XML is read insecurely
CWE-706C#cs/insecure-xml-readXML is read insecurely
CWE-706C#cs/webclient-path-injectionUncontrolled data used in a WebClient
CWE-707C#cs/path-injectionUncontrolled data used in path expression
CWE-707C#cs/command-line-injectionUncontrolled command line
CWE-707C#cs/web/xssCross-site scripting
CWE-707C#cs/sql-injectionSQL query built from user-controlled sources
CWE-707C#cs/ldap-injectionLDAP query built from user-controlled sources
CWE-707C#cs/xml-injectionXML injection
CWE-707C#cs/code-injectionImproper control of generation of code
CWE-707C#cs/resource-injectionResource injection
CWE-707C#cs/log-forgingLog entries created from user input
CWE-707C#cs/uncontrolled-format-stringUncontrolled format string
CWE-707C#cs/xml/xpath-injectionXPath injection
CWE-707C#cs/inappropriate-encodingInappropriate encoding
CWE-707C#cs/web/disabled-header-checkingHeader checking disabled
CWE-707C#cs/webclient-path-injectionUncontrolled data used in a WebClient
CWE-710C#cs/call-to-obsolete-methodCall to obsolete method
CWE-710C#cs/inconsistent-equals-and-gethashcodeInconsistent Equals(object) and GetHashCode()
CWE-710C#cs/todo-commentTODO comment
CWE-710C#cs/dereferenced-value-is-always-nullDereferenced variable is always null
CWE-710C#cs/dereferenced-value-may-be-nullDereferenced variable may be null
CWE-710C#cs/unused-reftypeDead reference types
CWE-710C#cs/useless-assignment-to-localUseless assignment to local variable
CWE-710C#cs/unused-fieldUnused field
CWE-710C#cs/unused-methodUnused method
CWE-710C#cs/useless-cast-to-selfCast to same type
CWE-710C#cs/useless-is-before-asUseless 'is' before 'as'
CWE-710C#cs/coalesce-of-identical-expressionsUseless ?? expression
CWE-710C#cs/useless-type-testUseless type test
CWE-710C#cs/useless-upcastUseless upcast
CWE-710C#cs/empty-collectionContainer contents are never initialized
CWE-710C#cs/unused-collectionContainer contents are never accessed
CWE-710C#cs/invalid-dynamic-callBad dynamic call
CWE-710C#cs/empty-lock-statementEmpty lock statement
CWE-710C#cs/linq/useless-selectRedundant Select
CWE-710C#cs/hard-coded-symmetric-encryption-keyHard-coded symmetric encryption key
CWE-710C#cs/web/missing-x-frame-optionsMissing X-Frame-Options HTTP header
CWE-710C#cs/hardcoded-connection-string-credentialsHard-coded connection string with credentials
CWE-710C#cs/hardcoded-credentialsHard-coded credentials
CWE-754C#cs/unchecked-return-valueUnchecked return value
CWE-755C#cs/dispose-not-called-on-throwDispose may not be called if an exception is thrown during execution
CWE-755C#cs/local-not-disposedMissing Dispose call on local IDisposable
CWE-755C#cs/catch-nullreferenceexceptionPoor error handling: catch of NullReferenceException
CWE-755C#cs/empty-catch-blockPoor error handling: empty catch block
CWE-755C#cs/catch-of-all-exceptionsGeneric catch clause
CWE-755C#cs/information-exposure-through-exceptionInformation exposure through an exception
CWE-755C#cs/web/missing-global-error-handlerMissing global error handler
CWE-756C#cs/web/missing-global-error-handlerMissing global error handler
CWE-759C#cs/hash-without-saltUse of a hash function without a salt
CWE-776C#cs/xml/insecure-dtd-handlingUntrusted XML is read insecurely
CWE-776C#cs/insecure-xml-readXML is read insecurely
CWE-780C#cs/inadequate-rsa-paddingWeak encryption: inadequate RSA padding
CWE-787C#cs/unvalidated-local-pointer-arithmeticUnvalidated local pointer arithmetic
CWE-788C#cs/unvalidated-local-pointer-arithmeticUnvalidated local pointer arithmetic
CWE-798C#cs/hard-coded-symmetric-encryption-keyHard-coded symmetric encryption key
CWE-798C#cs/hardcoded-connection-string-credentialsHard-coded connection string with credentials
CWE-798C#cs/hardcoded-credentialsHard-coded credentials
CWE-807C#cs/user-controlled-bypassUser-controlled bypass of sensitive method
CWE-820C#cs/unsynchronized-static-accessUnsynchronized access to static collection member in non-static context
CWE-827C#cs/xml/insecure-dtd-handlingUntrusted XML is read insecurely
CWE-827C#cs/insecure-xml-readXML is read insecurely
CWE-829C#cs/web/missing-x-frame-optionsMissing X-Frame-Options HTTP header
CWE-829C#cs/xml/insecure-dtd-handlingUntrusted XML is read insecurely
CWE-829C#cs/insecure-xml-readXML is read insecurely
CWE-833C#cs/locked-waitA lock is held during a wait
CWE-834C#cs/constant-conditionConstant condition
CWE-834C#cs/linq/inconsistent-enumerationBad multiple iteration
CWE-834C#cs/xml/insecure-dtd-handlingUntrusted XML is read insecurely
CWE-834C#cs/insecure-xml-readXML is read insecurely
CWE-835C#cs/constant-conditionConstant condition
CWE-838C#cs/inappropriate-encodingInappropriate encoding
CWE-862C#cs/empty-password-in-configurationEmpty password in configuration file
CWE-862C#cs/web/missing-function-level-access-controlMissing function level access control
CWE-862C#cs/web/insecure-direct-object-referenceInsecure Direct Object Reference
CWE-913C#cs/code-injectionImproper control of generation of code
CWE-913C#cs/deserialized-delegateDeserialized delegate
CWE-913C#cs/unsafe-deserializationUnsafe deserializer
CWE-913C#cs/unsafe-deserialization-untrusted-inputDeserialization of untrusted data
CWE-916C#cs/hash-without-saltUse of a hash function without a salt
CWE-918C#cs/request-forgeryServer-side request forgery
CWE-922C#cs/password-in-configurationPassword in configuration file
CWE-922C#cs/cleartext-storage-of-sensitive-informationClear text storage of sensitive information
CWE-923C#cs/user-controlled-bypassUser-controlled bypass of sensitive method
CWE-943C#cs/sql-injectionSQL query built from user-controlled sources
CWE-943C#cs/ldap-injectionLDAP query built from user-controlled sources
CWE-943C#cs/xml/xpath-injectionXPath injection
CWE-1004C#cs/web/cookie-httponly-not-set'HttpOnly' attribute is not set to true
CWE-1333C#cs/redosDenial of Service from comparison of user input against expensive regex
[8]ページ先頭
©2009-2025 Movatter.jp