Contenu principal

Énumération des faiblesses communes (CWE)

Liste et description des règles de la norme de sécurité CWE supportées par Polyspace®

L'énumération des faiblesses communes (CWE™) répertorie les types de faiblesses logicielles qui peuvent apparaître dans l'architecture, le design, le code ou l‘implémentation des logiciels. Ces faiblesses peuvent conduire à des vulnérabilités de sécurité.

Polyspace peut vérifier votre code par rapport à des sous-ensembles de la liste CWE, y compris des sous-ensembles ou des faiblesses propres au code C ou C++. Pour activer des sous-ensembles de la liste CWE, utilisez l'option d'analyse Check CWE (-cwe). Polyspace supporte la version 4.12 de la norme CWE.

Résultats Polyspace

développer tout

CWE Rule 14Compiler Removal of Code to Clear Buffers (depuis R2023a)
CWE Rule 15External Control of System or Configuration Setting (depuis R2024a)
CWE Rule 20Improper Input Validation (depuis R2024a)
CWE Rule 22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (depuis R2024a)
CWE Rule 23Relative Path Traversal (depuis R2024a)
CWE Rule 36Absolute Path Traversal (depuis R2024a)
CWE Rule 67Improper Handling of Windows Device Names (depuis R2024a)
CWE Rule 77Improper Neutralization of Special Elements used in a Command ('Command Injection') (depuis R2024a)
CWE Rule 78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (depuis R2024a)
CWE Rule 88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (depuis R2024a)
CWE Rule 89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (depuis R2023a)
CWE Rule 90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (depuis R2023a)
CWE Rule 99Improper Control of Resource Identifiers ('Resource Injection') (depuis R2024b)
CWE Rule 114Process Control (depuis R2024a)
CWE Rule 119Improper Restriction of Operations within the Bounds of a Memory Buffer (depuis R2023a)
CWE Rule 120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (depuis R2023a)
CWE Rule 121Stack-based Buffer Overflow (depuis R2023a)
CWE Rule 122Heap-based Buffer Overflow (depuis R2023a)
CWE Rule 123Write-what-where Condition (depuis R2023a)
CWE Rule 124Buffer Underwrite ('Buffer Underflow') (depuis R2023a)
CWE Rule 125Out-of-bounds Read (depuis R2023a)
CWE Rule 126Buffer Over-read (depuis R2023a)
CWE Rule 127Buffer Under-read (depuis R2023a)
CWE Rule 128Wrap-around Error (depuis R2023a)
CWE Rule 129Improper Validation of Array Index (depuis R2023a)
CWE Rule 130Improper Handling of Length Parameter Inconsistency (depuis R2023a)
CWE Rule 131Incorrect Calculation of Buffer Size (depuis R2023a)
CWE Rule 134Use of Externally-Controlled Format String (depuis R2023a)
CWE Rule 135Incorrect Calculation of Multi-Byte String Length (depuis R2023a)
CWE Rule 170Improper Null Termination (depuis R2023a)
CWE Rule 188Reliance on Data/Memory Layout (depuis R2023a)
CWE Rule 190Integer Overflow or Wraparound (depuis R2024b)
CWE Rule 191Integer Underflow (Wrap or Wraparound) (depuis R2023a)
CWE Rule 192Integer Coercion Error (depuis R2023a)
CWE Rule 194Unexpected Sign Extension (depuis R2023a)
CWE Rule 195Signed to Unsigned Conversion Error (depuis R2023a)
CWE Rule 196Unsigned to Signed Conversion Error (depuis R2023a)
CWE Rule 197Numeric Truncation Error (depuis R2023a)
CWE Rule 198Use of Incorrect Byte Ordering (depuis R2024a)
CWE Rule 226Sensitive Information in Resource Not Removed Before Reuse (depuis R2024a)
CWE Rule 240Improper Handling of Inconsistent Structural Elements (depuis R2024a)
CWE Rule 242Use of Inherently Dangerous Function (depuis R2023a)
CWE Rule 243Creation of chroot Jail Without Changing Working Directory (depuis R2023a)
CWE Rule 244Improper Clearing of Heap Memory Before Release ('Heap Inspection') (depuis R2023a)
CWE Rule 248Uncaught Exception (depuis R2023a)
CWE Rule 250Execution with Unnecessary Privileges (depuis R2024a)
CWE Rule 252Unchecked Return Value (depuis R2023a)
CWE Rule 253Incorrect Check of Function Return Value (depuis R2023a)
CWE Rule 256Plaintext storage of a password (depuis R2023a)
CWE Rule 273Improper Check for Dropped Privileges (depuis R2024a)
CWE Rule 287Improper Authentication (depuis R2024a)
CWE Rule 297Improper Validation of Certificate with Host Mismatch (depuis R2024a)
CWE Rule 304Missing Critical Step in Authentication (depuis R2024a)
CWE Rule 311Missing Encryption of Sensitive Data (depuis R2023b)
CWE Rule 312Cleartext Storage of Sensitive Information (depuis R2023a)
CWE Rule 316Cleartext Storage of Sensitive Information in Memory (depuis R2024a)
CWE Rule 319Cleartext Transmission of Sensitive Information (depuis R2023b)
CWE Rule 321Use of Hard-coded Cryptographic Key (depuis R2023b)
CWE Rule 322Key Exchange without Entity Authentication (depuis R2024a)
CWE Rule 325Missing Cryptographic Step (depuis R2024a)
CWE Rule 326Inadequate Encryption Strength (depuis R2024a)
CWE Rule 327Use of a Broken or Risky Cryptographic Algorithm (depuis R2024a)
CWE Rule 328Use of Weak Hash (depuis R2024a)
CWE Rule 329Generation of Predictable IV with CBC Mode (depuis R2024a)
CWE Rule 330Use of Insufficiently Random Values (depuis R2024a)
CWE Rule 335Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) (depuis R2023a)
CWE Rule 336Same Seed in Pseudo-Random Number Generator (PRNG) (depuis R2024a)
CWE Rule 337Predictable Seed in Pseudo-Random Number Generator (PRNG) (depuis R2024a)
CWE Rule 338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (depuis R2023a)
CWE Rule 353Missing Support for Integrity Check (depuis R2023a)
CWE Rule 354Improper Validation of Integrity Check Value (depuis R2024a)
CWE Rule 362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (depuis R2023a)
CWE Rule 364Signal Handler Race Condition (depuis R2023a)
CWE Rule 366Race Condition within a Thread (depuis R2023a)
CWE Rule 367Time-of-check Time-of-use (TOCTOU) Race Condition (depuis R2024a)
CWE Rule 369Divide By Zero (depuis R2023a)
CWE Rule 372Incomplete Internal State Distinction (depuis R2024a)
CWE Rule 374Passing Mutable Objects to an Untrusted Method (depuis R2023b)
CWE Rule 375Returning a Mutable Object to an Untrusted Caller (depuis R2023a)
CWE Rule 377Insecure Temporary File (depuis R2024a)
CWE Rule 391Unchecked Error Condition (depuis R2024a)
CWE Rule 396Declaration of Catch for Generic Exception (depuis R2023a)
CWE Rule 397Declaration of Throws for Generic Exception (depuis R2023a)
CWE Rule 401Missing Release of Memory after Effective Lifetime (depuis R2023a)
CWE Rule 404Improper Resource Shutdown or Release (depuis R2024a)
CWE Rule 413Improper Resource Locking (depuis R2023a)
CWE Rule 415Double Free (depuis R2023a)
CWE Rule 416Use After Free (depuis R2023a)
CWE Rule 426Untrusted Search Path (depuis R2024a)
CWE Rule 427Uncontrolled Search Path Element (depuis R2024a)
CWE Rule 456Missing Initialization of a Variable (depuis R2024a)
CWE Rule 457Use of Uninitialized Variable (depuis R2023a)
CWE Rule 460Improper Cleanup on Thrown Exception (depuis R2023a)
CWE Rule 463Deletion of Data Structure Sentinel (depuis R2023a)
CWE Rule 466Return of Pointer Value Outside of Expected Range (depuis R2023a)
CWE Rule 467Use of sizeof() on a Pointer Type (depuis R2023a)
CWE Rule 468Incorrect Pointer Scaling (depuis R2023a)
CWE Rule 469Use of Pointer Subtraction to Determine Size (depuis R2023a)
CWE Rule 471Modification of Assumed-Immutable Data (MAID) (depuis R2024a)
CWE Rule 474Use of Function with Inconsistent Implementations (depuis R2023a)
CWE Rule 475Undefined Behavior for Input to API (depuis R2024a)
CWE Rule 476NULL Pointer Dereference (depuis R2023a)
CWE Rule 477Use of Obsolete Function (depuis R2023a)
CWE Rule 478Missing Default Case in Multiple Condition Expression (depuis R2023a)
CWE Rule 479Signal Handler Use of a Non-reentrant Function (depuis R2023a)
CWE Rule 480Use of Incorrect Operator (depuis R2023a)
CWE Rule 481Assigning instead of Comparing (depuis R2023a)
CWE Rule 482Comparing instead of Assigning (depuis R2023a)
CWE Rule 483Incorrect Block Delimitation (depuis R2023a)
CWE Rule 484Omitted Break Statement in Switch (depuis R2023a)
CWE Rule 489Active Debug Code (depuis R2023a)
CWE Rule 493Critical Public Variable Without Final Modifier (depuis R2023b)
CWE Rule 495Private Data Structure Returned From A Public Method (depuis R2023a)
CWE Rule 496Public Data Assigned to Private Array-Typed Field (depuis R2023b)
CWE Rule 498Cloneable class containing sensitive information (depuis R2023b)
CWE Rule 500Public Static Field Not Marked Final (depuis R2023a)
CWE Rule 522Insufficiently Protected Credentials (depuis R2023a)
CWE Rule 532Insertion of Sensitive Information into Log File (depuis R2024a)
CWE Rule 535Exposure of Information Through Shell Error Message (depuis R2024a)
CWE Rule 543Use of Singleton Pattern Without Synchronization in a Multithreaded Context (depuis R2024a)
CWE Rule 547Use of Hard-coded, Security-relevant Constants (depuis R2023a)
CWE Rule 558Use of getlogin() in Multithreaded Application (depuis R2023a)
CWE Rule 560Use of umask() with chmod-style Argument (depuis R2023a)
CWE Rule 561Dead Code (depuis R2023a)
CWE Rule 562Return of Stack Variable Address (depuis R2023a)
CWE Rule 563Assignment to Variable without Use (depuis R2023a)
CWE Rule 570Expression is Always False (depuis R2023a)
CWE Rule 571Expression is Always True (depuis R2023a)
CWE Rule 573Improper Following of Specification by Caller (depuis R2024a)
CWE Rule 587Assignment of a Fixed Address to a Pointer (depuis R2023a)
CWE Rule 590Free of Memory not on the Heap (depuis R2024a)
CWE Rule 606Unchecked Input for Loop Condition (depuis R2023b)
CWE Rule 617Reachable Assertion (depuis R2023a)
CWE Rule 628Function Call with Incorrectly Specified Arguments (depuis R2024a)
CWE Rule 663Use of a Non-reentrant Function in a Concurrent Context (depuis R2024a)
CWE Rule 664Improper Control of a Resource Through its Lifetime (depuis R2024a)
CWE Rule 665Improper Initialization (depuis R2024a)
CWE Rule 666Operation on Resource in Wrong Phase of Lifetime (depuis R2024a)
CWE Rule 667Improper Locking (depuis R2024a)
CWE Rule 672Operation on a Resource after Expiration or Release (depuis R2024a)
CWE Rule 674Uncontrolled Recursion (depuis R2024a)
CWE Rule 675Multiple Operations on Resource in Single-Operation Context (depuis R2024a)
CWE Rule 676Use of Potentially Dangerous Function (depuis R2023a)
CWE Rule 681Incorrect Conversion between Numeric Types (depuis R2024a)
CWE Rule 682Incorrect Calculation (depuis R2024a)
CWE Rule 683Function Call With Incorrect Order of Arguments (depuis R2023b)
CWE Rule 685Function Call With Incorrect Number of Arguments (depuis R2023a)
CWE Rule 686Function Call With Incorrect Argument Type (depuis R2023b)
CWE Rule 687Function Call With Incorrectly Specified Argument Value (depuis R2023b)
CWE Rule 688Function Call With Incorrect Variable or Reference as Argument (depuis R2023b)
CWE Rule 690Unchecked Return Value to NULL Pointer Dereference (depuis R2023a)
CWE Rule 691Insufficient Control Flow Management (depuis R2024a)
CWE Rule 693Protection Mechanism Failure (depuis R2024a)
CWE Rule 696Incorrect Behavior Order (depuis R2024a)
CWE Rule 703Improper Check or Handling of Exceptional Conditions (depuis R2024a)
CWE Rule 704Incorrect Type Conversion or Cast (depuis R2023a)
CWE Rule 705Incorrect Control Flow Scoping (depuis R2024a)
CWE Rule 710Improper Adherence to Coding Standards (depuis R2024a)
CWE Rule 732Incorrect Permission Assignment for Critical Resource (depuis R2024a)
CWE Rule 733Compiler Optimization Removal or Modification of Security-critical Code (depuis R2023a)
CWE Rule 754Improper Check for Unusual or Exceptional Conditions (depuis R2024a)
CWE Rule 755Improper Handling of Exceptional Conditions (depuis R2024a)
CWE Rule 758Reliance on Undefined, Unspecified, or Implementation-Defined Behavior (depuis R2024a)
CWE Rule 759Use of a One-Way Hash without a Salt (depuis R2024a)
CWE Rule 762Mismatched Memory Management Routines (depuis R2023a)
CWE Rule 763Release of Invalid Pointer or Reference (depuis R2023a)
CWE Rule 764Multiple Locks of a Critical Resource (depuis R2024a)
CWE Rule 765Multiple Unlocks of a Critical Resource (depuis R2024a)
CWE Rule 766Critical Data Element Declared Public (depuis R2023a)
CWE Rule 767Access to Critical Private Variable via Public Method (depuis R2023a)
CWE Rule 770Allocation of Resources Without Limits or Throttling (depuis R2024a)
CWE Rule 772Missing Release of Resource after Effective Lifetime (depuis R2024a)
CWE Rule 780Use of RSA Algorithm without OAEP (depuis R2024a)
CWE Rule 783Operator Precedence Logic Error (depuis R2023a)
CWE Rule 785Use of Path Manipulation Function without Maximum-sized Buffer (depuis R2023a)
CWE Rule 786Access of Memory Location Before Start of Buffer (depuis R2024a)
CWE Rule 787Out-of-bounds Write (depuis R2023a)
CWE Rule 789Memory Allocation with Excessive Size Value (depuis R2023a)
CWE Rule 798Use of Hard-coded Credentials (depuis R2023a)
CWE Rule 805Buffer Access with Incorrect Length Value (depuis R2023a)
CWE Rule 806Buffer Access Using Size of Source Buffer (depuis R2023a)
CWE Rule 822Untrusted Pointer Dereference (depuis R2023b)
CWE Rule 823Use of Out-of-range Pointer Offset (depuis R2024a)
CWE Rule 824Access of Uninitialized Pointer (depuis R2023a)
CWE Rule 825Expired Pointer Dereference (depuis R2023a)
CWE Rule 826Premature Release of Resource During Expected Lifetime (depuis R2024a)
CWE Rule 828Signal Handler with Functionality that is not Asynchronous-Safe (depuis R2024a)
CWE Rule 832Unlock of a Resource that is not Locked (depuis R2024a)
CWE Rule 833Deadlock (depuis R2024a)
CWE Rule 839Numeric Range Comparison Without Minimum Check (depuis R2023a)
CWE Rule 843Access of Resource Using Incompatible Type ('Type Confusion') (depuis R2023a)
CWE Rule 908Use of Uninitialized Resource (depuis R2024a)
CWE Rule 910Use of Expired File Descriptor (depuis R2023a)
CWE Rule 922Insecure Storage of Sensitive Information (depuis R2023a)
CWE Rule 1071Empty code block (depuis R2023a)
CWE Rule 1335Incorrect Bitwise Shift of Integer (depuis R2023a)
CWE Rule 1341Multiple Releases of Same Resource or Handle (depuis R2023a)

CWE-658

CWE Rule 14Compiler Removal of Code to Clear Buffers (depuis R2023a)
CWE Rule 119Improper Restriction of Operations within the Bounds of a Memory Buffer (depuis R2023a)
CWE Rule 120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (depuis R2023a)
CWE Rule 121Stack-based Buffer Overflow (depuis R2023a)
CWE Rule 122Heap-based Buffer Overflow (depuis R2023a)
CWE Rule 123Write-what-where Condition (depuis R2023a)
CWE Rule 124Buffer Underwrite ('Buffer Underflow') (depuis R2023a)
CWE Rule 125Out-of-bounds Read (depuis R2023a)
CWE Rule 126Buffer Over-read (depuis R2023a)
CWE Rule 127Buffer Under-read (depuis R2023a)
CWE Rule 128Wrap-around Error (depuis R2023a)
CWE Rule 129Improper Validation of Array Index (depuis R2023a)
CWE Rule 130Improper Handling of Length Parameter Inconsistency (depuis R2023a)
CWE Rule 131Incorrect Calculation of Buffer Size (depuis R2023a)
CWE Rule 134Use of Externally-Controlled Format String (depuis R2023a)
CWE Rule 135Incorrect Calculation of Multi-Byte String Length (depuis R2023a)
CWE Rule 170Improper Null Termination (depuis R2023a)
CWE Rule 188Reliance on Data/Memory Layout (depuis R2023a)
CWE Rule 190Integer Overflow or Wraparound (depuis R2024b)
CWE Rule 191Integer Underflow (Wrap or Wraparound) (depuis R2023a)
CWE Rule 192Integer Coercion Error (depuis R2023a)
CWE Rule 194Unexpected Sign Extension (depuis R2023a)
CWE Rule 195Signed to Unsigned Conversion Error (depuis R2023a)
CWE Rule 196Unsigned to Signed Conversion Error (depuis R2023a)
CWE Rule 197Numeric Truncation Error (depuis R2023a)
CWE Rule 242Use of Inherently Dangerous Function (depuis R2023a)
CWE Rule 243Creation of chroot Jail Without Changing Working Directory (depuis R2023a)
CWE Rule 244Improper Clearing of Heap Memory Before Release ('Heap Inspection') (depuis R2023a)
CWE Rule 362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (depuis R2023a)
CWE Rule 364Signal Handler Race Condition (depuis R2023a)
CWE Rule 366Race Condition within a Thread (depuis R2023a)
CWE Rule 374Passing Mutable Objects to an Untrusted Method (depuis R2023b)
CWE Rule 375Returning a Mutable Object to an Untrusted Caller (depuis R2023a)
CWE Rule 401Missing Release of Memory after Effective Lifetime (depuis R2023a)
CWE Rule 415Double Free (depuis R2023a)
CWE Rule 416Use After Free (depuis R2023a)
CWE Rule 457Use of Uninitialized Variable (depuis R2023a)
CWE Rule 460Improper Cleanup on Thrown Exception (depuis R2023a)
CWE Rule 463Deletion of Data Structure Sentinel (depuis R2023a)
CWE Rule 466Return of Pointer Value Outside of Expected Range (depuis R2023a)
CWE Rule 467Use of sizeof() on a Pointer Type (depuis R2023a)
CWE Rule 468Incorrect Pointer Scaling (depuis R2023a)
CWE Rule 469Use of Pointer Subtraction to Determine Size (depuis R2023a)
CWE Rule 474Use of Function with Inconsistent Implementations (depuis R2023a)
CWE Rule 476NULL Pointer Dereference (depuis R2023a)
CWE Rule 478Missing Default Case in Multiple Condition Expression (depuis R2023a)
CWE Rule 479Signal Handler Use of a Non-reentrant Function (depuis R2023a)
CWE Rule 480Use of Incorrect Operator (depuis R2023a)
CWE Rule 481Assigning instead of Comparing (depuis R2023a)
CWE Rule 482Comparing instead of Assigning (depuis R2023a)
CWE Rule 483Incorrect Block Delimitation (depuis R2023a)
CWE Rule 484Omitted Break Statement in Switch (depuis R2023a)
CWE Rule 495Private Data Structure Returned From A Public Method (depuis R2023a)
CWE Rule 496Public Data Assigned to Private Array-Typed Field (depuis R2023b)
CWE Rule 558Use of getlogin() in Multithreaded Application (depuis R2023a)
CWE Rule 560Use of umask() with chmod-style Argument (depuis R2023a)
CWE Rule 562Return of Stack Variable Address (depuis R2023a)
CWE Rule 587Assignment of a Fixed Address to a Pointer (depuis R2023a)
CWE Rule 676Use of Potentially Dangerous Function (depuis R2023a)
CWE Rule 685Function Call With Incorrect Number of Arguments (depuis R2023a)
CWE Rule 688Function Call With Incorrect Variable or Reference as Argument (depuis R2023b)
CWE Rule 690Unchecked Return Value to NULL Pointer Dereference (depuis R2023a)
CWE Rule 704Incorrect Type Conversion or Cast (depuis R2023a)
CWE Rule 733Compiler Optimization Removal or Modification of Security-critical Code (depuis R2023a)
CWE Rule 762Mismatched Memory Management Routines (depuis R2023a)
CWE Rule 783Operator Precedence Logic Error (depuis R2023a)
CWE Rule 785Use of Path Manipulation Function without Maximum-sized Buffer (depuis R2023a)
CWE Rule 787Out-of-bounds Write (depuis R2023a)
CWE Rule 789Memory Allocation with Excessive Size Value (depuis R2023a)
CWE Rule 805Buffer Access with Incorrect Length Value (depuis R2023a)
CWE Rule 806Buffer Access Using Size of Source Buffer (depuis R2023a)
CWE Rule 839Numeric Range Comparison Without Minimum Check (depuis R2023a)
CWE Rule 843Access of Resource Using Incompatible Type ('Type Confusion') (depuis R2023a)
CWE Rule 910Use of Expired File Descriptor (depuis R2023a)
CWE Rule 1335Incorrect Bitwise Shift of Integer (depuis R2023a)
CWE Rule 1341Multiple Releases of Same Resource or Handle (depuis R2023a)

CWE-659

CWE Rule 14Compiler Removal of Code to Clear Buffers (depuis R2023a)
CWE Rule 119Improper Restriction of Operations within the Bounds of a Memory Buffer (depuis R2023a)
CWE Rule 120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (depuis R2023a)
CWE Rule 121Stack-based Buffer Overflow (depuis R2023a)
CWE Rule 122Heap-based Buffer Overflow (depuis R2023a)
CWE Rule 123Write-what-where Condition (depuis R2023a)
CWE Rule 124Buffer Underwrite ('Buffer Underflow') (depuis R2023a)
CWE Rule 125Out-of-bounds Read (depuis R2023a)
CWE Rule 126Buffer Over-read (depuis R2023a)
CWE Rule 127Buffer Under-read (depuis R2023a)
CWE Rule 128Wrap-around Error (depuis R2023a)
CWE Rule 129Improper Validation of Array Index (depuis R2023a)
CWE Rule 130Improper Handling of Length Parameter Inconsistency (depuis R2023a)
CWE Rule 131Incorrect Calculation of Buffer Size (depuis R2023a)
CWE Rule 134Use of Externally-Controlled Format String (depuis R2023a)
CWE Rule 135Incorrect Calculation of Multi-Byte String Length (depuis R2023a)
CWE Rule 170Improper Null Termination (depuis R2023a)
CWE Rule 188Reliance on Data/Memory Layout (depuis R2023a)
CWE Rule 190Integer Overflow or Wraparound (depuis R2024b)
CWE Rule 191Integer Underflow (Wrap or Wraparound) (depuis R2023a)
CWE Rule 192Integer Coercion Error (depuis R2023a)
CWE Rule 194Unexpected Sign Extension (depuis R2023a)
CWE Rule 195Signed to Unsigned Conversion Error (depuis R2023a)
CWE Rule 196Unsigned to Signed Conversion Error (depuis R2023a)
CWE Rule 197Numeric Truncation Error (depuis R2023a)
CWE Rule 242Use of Inherently Dangerous Function (depuis R2023a)
CWE Rule 243Creation of chroot Jail Without Changing Working Directory (depuis R2023a)
CWE Rule 244Improper Clearing of Heap Memory Before Release ('Heap Inspection') (depuis R2023a)
CWE Rule 248Uncaught Exception (depuis R2023a)
CWE Rule 362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (depuis R2023a)
CWE Rule 364Signal Handler Race Condition (depuis R2023a)
CWE Rule 366Race Condition within a Thread (depuis R2023a)
CWE Rule 374Passing Mutable Objects to an Untrusted Method (depuis R2023b)
CWE Rule 375Returning a Mutable Object to an Untrusted Caller (depuis R2023a)
CWE Rule 396Declaration of Catch for Generic Exception (depuis R2023a)
CWE Rule 397Declaration of Throws for Generic Exception (depuis R2023a)
CWE Rule 401Missing Release of Memory after Effective Lifetime (depuis R2023a)
CWE Rule 415Double Free (depuis R2023a)
CWE Rule 416Use After Free (depuis R2023a)
CWE Rule 457Use of Uninitialized Variable (depuis R2023a)
CWE Rule 460Improper Cleanup on Thrown Exception (depuis R2023a)
CWE Rule 463Deletion of Data Structure Sentinel (depuis R2023a)
CWE Rule 466Return of Pointer Value Outside of Expected Range (depuis R2023a)
CWE Rule 467Use of sizeof() on a Pointer Type (depuis R2023a)
CWE Rule 468Incorrect Pointer Scaling (depuis R2023a)
CWE Rule 469Use of Pointer Subtraction to Determine Size (depuis R2023a)
CWE Rule 476NULL Pointer Dereference (depuis R2023a)
CWE Rule 478Missing Default Case in Multiple Condition Expression (depuis R2023a)
CWE Rule 479Signal Handler Use of a Non-reentrant Function (depuis R2023a)
CWE Rule 480Use of Incorrect Operator (depuis R2023a)
CWE Rule 481Assigning instead of Comparing (depuis R2023a)
CWE Rule 482Comparing instead of Assigning (depuis R2023a)
CWE Rule 483Incorrect Block Delimitation (depuis R2023a)
CWE Rule 484Omitted Break Statement in Switch (depuis R2023a)
CWE Rule 493Critical Public Variable Without Final Modifier (depuis R2023b)
CWE Rule 495Private Data Structure Returned From A Public Method (depuis R2023a)
CWE Rule 496Public Data Assigned to Private Array-Typed Field (depuis R2023b)
CWE Rule 498Cloneable class containing sensitive information (depuis R2023b)
CWE Rule 500Public Static Field Not Marked Final (depuis R2023a)
CWE Rule 543Use of Singleton Pattern Without Synchronization in a Multithreaded Context (depuis R2024a)
CWE Rule 558Use of getlogin() in Multithreaded Application (depuis R2023a)
CWE Rule 562Return of Stack Variable Address (depuis R2023a)
CWE Rule 587Assignment of a Fixed Address to a Pointer (depuis R2023a)
CWE Rule 676Use of Potentially Dangerous Function (depuis R2023a)
CWE Rule 690Unchecked Return Value to NULL Pointer Dereference (depuis R2023a)
CWE Rule 704Incorrect Type Conversion or Cast (depuis R2023a)
CWE Rule 733Compiler Optimization Removal or Modification of Security-critical Code (depuis R2023a)
CWE Rule 762Mismatched Memory Management Routines (depuis R2023a)
CWE Rule 766Critical Data Element Declared Public (depuis R2023a)
CWE Rule 767Access to Critical Private Variable via Public Method (depuis R2023a)
CWE Rule 783Operator Precedence Logic Error (depuis R2023a)
CWE Rule 785Use of Path Manipulation Function without Maximum-sized Buffer (depuis R2023a)
CWE Rule 787Out-of-bounds Write (depuis R2023a)
CWE Rule 789Memory Allocation with Excessive Size Value (depuis R2023a)
CWE Rule 805Buffer Access with Incorrect Length Value (depuis R2023a)
CWE Rule 806Buffer Access Using Size of Source Buffer (depuis R2023a)
CWE Rule 839Numeric Range Comparison Without Minimum Check (depuis R2023a)
CWE Rule 843Access of Resource Using Incompatible Type ('Type Confusion') (depuis R2023a)
CWE Rule 910Use of Expired File Descriptor (depuis R2023a)
CWE Rule 1335Incorrect Bitwise Shift of Integer (depuis R2023a)
CWE Rule 1341Multiple Releases of Same Resource or Handle (depuis R2023a)

Erreurs de l'API/des fonctions

CWE Rule 242Use of Inherently Dangerous Function (depuis R2023a)
CWE Rule 474Use of Function with Inconsistent Implementations (depuis R2023a)
CWE Rule 475Undefined Behavior for Input to API (depuis R2024a)
CWE Rule 477Use of Obsolete Function (depuis R2023a)
CWE Rule 676Use of Potentially Dangerous Function (depuis R2023a)

Mauvaises pratiques de codage

CWE Rule 478Missing Default Case in Multiple Condition Expression (depuis R2023a)
CWE Rule 489Active Debug Code (depuis R2023a)
CWE Rule 547Use of Hard-coded, Security-relevant Constants (depuis R2023a)
CWE Rule 561Dead Code (depuis R2023a)
CWE Rule 562Return of Stack Variable Address (depuis R2023a)
CWE Rule 563Assignment to Variable without Use (depuis R2023a)
CWE Rule 628Function Call with Incorrectly Specified Arguments (depuis R2024a)
CWE Rule 1071Empty code block (depuis R2023a)

Problèmes comportementaux

CWE Rule 480Use of Incorrect Operator (depuis R2023a)
CWE Rule 483Incorrect Block Delimitation (depuis R2023a)
CWE Rule 484Omitted Break Statement in Switch (depuis R2023a)
CWE Rule 733Compiler Optimization Removal or Modification of Security-critical Code (depuis R2023a)
CWE Rule 783Operator Precedence Logic Error (depuis R2023a)

Problèmes d’accès concurrent

CWE Rule 366Race Condition within a Thread (depuis R2023a)
CWE Rule 367Time-of-check Time-of-use (TOCTOU) Race Condition (depuis R2024a)
CWE Rule 663Use of a Non-reentrant Function in a Concurrent Context (depuis R2024a)

Erreurs de gestion des identifiants

CWE Rule 798Use of Hard-coded Credentials (depuis R2023a)
CWE Rule 256Plaintext storage of a password (depuis R2023a)

Problèmes de cryptographie

CWE Rule 325Missing Cryptographic Step (depuis R2024a)
CWE Rule 328Use of Weak Hash (depuis R2024a)

Problèmes d’intégrité des données

CWE Rule 353Missing Support for Integrity Check (depuis R2023a)
CWE Rule 354Improper Validation of Integrity Check Value (depuis R2024a)

Problèmes de neutralisation des données

CWE Rule 78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (depuis R2024a)
CWE Rule 88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (depuis R2024a)
CWE Rule 89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (depuis R2023a)
CWE Rule 90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (depuis R2023a)
CWE Rule 170Improper Null Termination (depuis R2023a)
CWE Rule 188Reliance on Data/Memory Layout (depuis R2023a)
CWE Rule 463Deletion of Data Structure Sentinel (depuis R2023a)

Erreurs de traitement des données

CWE Rule 130Improper Handling of Length Parameter Inconsistency (depuis R2023a)

Problèmes de validation des données

CWE Rule 129Improper Validation of Array Index (depuis R2023a)
CWE Rule 606Unchecked Input for Loop Condition (depuis R2023b)

Conditions d’erreur, valeurs de retour, codes de statut

CWE Rule 248Uncaught Exception (depuis R2023a)
CWE Rule 252Unchecked Return Value (depuis R2023a)
CWE Rule 253Incorrect Check of Function Return Value (depuis R2023a)
CWE Rule 391Unchecked Error Condition (depuis R2024a)
CWE Rule 396Declaration of Catch for Generic Exception (depuis R2023a)
CWE Rule 397Declaration of Throws for Generic Exception (depuis R2023a)
CWE Rule 617Reachable Assertion (depuis R2023a)

Problèmes d’expression

CWE Rule 570Expression is Always False (depuis R2023a)
CWE Rule 571Expression is Always True (depuis R2023a)

Problèmes de gestion des fichiers

CWE Rule 22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (depuis R2024a)
CWE Rule 426Untrusted Search Path (depuis R2024a)
CWE Rule 427Uncontrolled Search Path Element (depuis R2024a)

Erreurs de gestionnaire

CWE Rule 479Signal Handler Use of a Non-reentrant Function (depuis R2023a)

Erreurs de gestion des informations

CWE Rule 312Cleartext Storage of Sensitive Information (depuis R2023a)
CWE Rule 319Cleartext Transmission of Sensitive Information (depuis R2023b)
CWE Rule 321Use of Hard-coded Cryptographic Key (depuis R2023b)

Erreurs d’initialisation et de nettoyage

CWE Rule 460Improper Cleanup on Thrown Exception (depuis R2023a)

Erreurs de gestion des clés

CWE Rule 322Key Exchange without Entity Authentication (depuis R2024a)

Erreurs de la mémoire tampon

CWE Rule 120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (depuis R2023a)
CWE Rule 123Write-what-where Condition (depuis R2023a)
CWE Rule 124Buffer Underwrite ('Buffer Underflow') (depuis R2023a)
CWE Rule 125Out-of-bounds Read (depuis R2023a)
CWE Rule 131Incorrect Calculation of Buffer Size (depuis R2023a)
CWE Rule 786Access of Memory Location Before Start of Buffer (depuis R2024a)
CWE Rule 787Out-of-bounds Write (depuis R2023a)
CWE Rule 805Buffer Access with Incorrect Length Value (depuis R2023a)

Erreurs numériques

CWE Rule 128Wrap-around Error (depuis R2023a)
CWE Rule 191Integer Underflow (Wrap or Wraparound) (depuis R2023a)
CWE Rule 192Integer Coercion Error (depuis R2023a)
CWE Rule 197Numeric Truncation Error (depuis R2023a)
CWE Rule 369Divide By Zero (depuis R2023a)
CWE Rule 681Incorrect Conversion between Numeric Types (depuis R2024a)
CWE Rule 839Numeric Range Comparison Without Minimum Check (depuis R2023a)

Validez l‘entrée

CWE Rule 20Improper Input Validation (depuis R2024a)
CWE Rule 77Improper Neutralization of Special Elements used in a Command ('Command Injection') (depuis R2024a)
CWE Rule 78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (depuis R2024a)
CWE Rule 88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (depuis R2024a)
CWE Rule 89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (depuis R2023a)
CWE Rule 90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (depuis R2023a)
CWE Rule 99Improper Control of Resource Identifiers ('Resource Injection') (depuis R2024b)

Autres

CWE Rule 14Compiler Removal of Code to Clear Buffers (depuis R2023a)
CWE Rule 20Improper Input Validation (depuis R2024a)
CWE Rule 23Relative Path Traversal (depuis R2024a)
CWE Rule 36Absolute Path Traversal (depuis R2024a)
CWE Rule 67Improper Handling of Windows Device Names (depuis R2024a)
CWE Rule 77Improper Neutralization of Special Elements used in a Command ('Command Injection') (depuis R2024a)
CWE Rule 88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (depuis R2024a)
CWE Rule 114Process Control (depuis R2024a)
CWE Rule 119Improper Restriction of Operations within the Bounds of a Memory Buffer (depuis R2023a)
CWE Rule 121Stack-based Buffer Overflow (depuis R2023a)
CWE Rule 122Heap-based Buffer Overflow (depuis R2023a)
CWE Rule 126Buffer Over-read (depuis R2023a)
CWE Rule 127Buffer Under-read (depuis R2023a)
CWE Rule 190Integer Overflow or Wraparound (depuis R2024b)
CWE Rule 194Unexpected Sign Extension (depuis R2023a)
CWE Rule 195Signed to Unsigned Conversion Error (depuis R2023a)
CWE Rule 196Unsigned to Signed Conversion Error (depuis R2023a)
CWE Rule 198Use of Incorrect Byte Ordering (depuis R2024a)
CWE Rule 226Sensitive Information in Resource Not Removed Before Reuse (depuis R2024a)
CWE Rule 240Improper Handling of Inconsistent Structural Elements (depuis R2024a)
CWE Rule 244Improper Clearing of Heap Memory Before Release ('Heap Inspection') (depuis R2023a)
CWE Rule 287Improper Authentication (depuis R2024a)
CWE Rule 297Improper Validation of Certificate with Host Mismatch (depuis R2024a)
CWE Rule 304Missing Critical Step in Authentication (depuis R2024a)
CWE Rule 311Missing Encryption of Sensitive Data (depuis R2023b)
CWE Rule 316Cleartext Storage of Sensitive Information in Memory (depuis R2024a)
CWE Rule 326Inadequate Encryption Strength (depuis R2024a)
CWE Rule 327Use of a Broken or Risky Cryptographic Algorithm (depuis R2024a)
CWE Rule 329Generation of Predictable IV with CBC Mode (depuis R2024a)
CWE Rule 330Use of Insufficiently Random Values (depuis R2024a)
CWE Rule 336Same Seed in Pseudo-Random Number Generator (PRNG) (depuis R2024a)
CWE Rule 337Predictable Seed in Pseudo-Random Number Generator (PRNG) (depuis R2024a)
CWE Rule 362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (depuis R2023a)
CWE Rule 377Insecure Temporary File (depuis R2024a)
CWE Rule 401Missing Release of Memory after Effective Lifetime (depuis R2023a)
CWE Rule 404Improper Resource Shutdown or Release (depuis R2024a)
CWE Rule 415Double Free (depuis R2023a)
CWE Rule 416Use After Free (depuis R2023a)
CWE Rule 456Missing Initialization of a Variable (depuis R2024a)
CWE Rule 457Use of Uninitialized Variable (depuis R2023a)
CWE Rule 471Modification of Assumed-Immutable Data (MAID) (depuis R2024a)
CWE Rule 481Assigning instead of Comparing (depuis R2023a)
CWE Rule 482Comparing instead of Assigning (depuis R2023a)
CWE Rule 493Critical Public Variable Without Final Modifier (depuis R2023b)
CWE Rule 495Private Data Structure Returned From A Public Method (depuis R2023a)
CWE Rule 496Public Data Assigned to Private Array-Typed Field (depuis R2023b)
CWE Rule 498Cloneable class containing sensitive information (depuis R2023b)
CWE Rule 500Public Static Field Not Marked Final (depuis R2023a)
CWE Rule 522Insufficiently Protected Credentials (depuis R2023a)
CWE Rule 532Insertion of Sensitive Information into Log File (depuis R2024a)
CWE Rule 535Exposure of Information Through Shell Error Message (depuis R2024a)
CWE Rule 543Use of Singleton Pattern Without Synchronization in a Multithreaded Context (depuis R2024a)
CWE Rule 558Use of getlogin() in Multithreaded Application (depuis R2023a)
CWE Rule 560Use of umask() with chmod-style Argument (depuis R2023a)
CWE Rule 573Improper Following of Specification by Caller (depuis R2024a)
CWE Rule 590Free of Memory not on the Heap (depuis R2024a)
CWE Rule 664Improper Control of a Resource Through its Lifetime (depuis R2024a)
CWE Rule 665Improper Initialization (depuis R2024a)
CWE Rule 666Operation on Resource in Wrong Phase of Lifetime (depuis R2024a)
CWE Rule 667Improper Locking (depuis R2024a)
CWE Rule 672Operation on a Resource after Expiration or Release (depuis R2024a)
CWE Rule 674Uncontrolled Recursion (depuis R2024a)
CWE Rule 675Multiple Operations on Resource in Single-Operation Context (depuis R2024a)
CWE Rule 682Incorrect Calculation (depuis R2024a)
CWE Rule 683Function Call With Incorrect Order of Arguments (depuis R2023b)
CWE Rule 685Function Call With Incorrect Number of Arguments (depuis R2023a)
CWE Rule 686Function Call With Incorrect Argument Type (depuis R2023b)
CWE Rule 687Function Call With Incorrectly Specified Argument Value (depuis R2023b)
CWE Rule 688Function Call With Incorrect Variable or Reference as Argument (depuis R2023b)
CWE Rule 690Unchecked Return Value to NULL Pointer Dereference (depuis R2023a)
CWE Rule 691Insufficient Control Flow Management (depuis R2024a)
CWE Rule 693Protection Mechanism Failure (depuis R2024a)
CWE Rule 696Incorrect Behavior Order (depuis R2024a)
CWE Rule 703Improper Check or Handling of Exceptional Conditions (depuis R2024a)
CWE Rule 704Incorrect Type Conversion or Cast (depuis R2023a)
CWE Rule 705Incorrect Control Flow Scoping (depuis R2024a)
CWE Rule 710Improper Adherence to Coding Standards (depuis R2024a)
CWE Rule 732Incorrect Permission Assignment for Critical Resource (depuis R2024a)
CWE Rule 754Improper Check for Unusual or Exceptional Conditions (depuis R2024a)
CWE Rule 755Improper Handling of Exceptional Conditions (depuis R2024a)
CWE Rule 758Reliance on Undefined, Unspecified, or Implementation-Defined Behavior (depuis R2024a)
CWE Rule 759Use of a One-Way Hash without a Salt (depuis R2024a)
CWE Rule 762Mismatched Memory Management Routines (depuis R2023a)
CWE Rule 780Use of RSA Algorithm without OAEP (depuis R2024a)
CWE Rule 785Use of Path Manipulation Function without Maximum-sized Buffer (depuis R2023a)
CWE Rule 789Memory Allocation with Excessive Size Value (depuis R2023a)
CWE Rule 806Buffer Access Using Size of Source Buffer (depuis R2023a)
CWE Rule 828Signal Handler with Functionality that is not Asynchronous-Safe (depuis R2024a)
CWE Rule 922Insecure Storage of Sensitive Information (depuis R2023a)
CWE Rule 1335Incorrect Bitwise Shift of Integer (depuis R2023a)
CWE Rule 1341Multiple Releases of Same Resource or Handle (depuis R2023a)

Problèmes d’autorisations

CWE Rule 766Critical Data Element Declared Public (depuis R2023a)
CWE Rule 767Access to Critical Private Variable via Public Method (depuis R2023a)

Problèmes de pointeurs

CWE Rule 466Return of Pointer Value Outside of Expected Range (depuis R2023a)
CWE Rule 467Use of sizeof() on a Pointer Type (depuis R2023a)
CWE Rule 468Incorrect Pointer Scaling (depuis R2023a)
CWE Rule 469Use of Pointer Subtraction to Determine Size (depuis R2023a)
CWE Rule 476NULL Pointer Dereference (depuis R2023a)
CWE Rule 587Assignment of a Fixed Address to a Pointer (depuis R2023a)
CWE Rule 763Release of Invalid Pointer or Reference (depuis R2023a)
CWE Rule 822Untrusted Pointer Dereference (depuis R2023b)
CWE Rule 823Use of Out-of-range Pointer Offset (depuis R2024a)
CWE Rule 824Access of Uninitialized Pointer (depuis R2023a)
CWE Rule 825Expired Pointer Dereference (depuis R2023a)

Problèmes de privilèges

CWE Rule 243Creation of chroot Jail Without Changing Working Directory (depuis R2023a)
CWE Rule 250Execution with Unnecessary Privileges (depuis R2024a)
CWE Rule 273Improper Check for Dropped Privileges (depuis R2024a)

Problèmes de nombres aléatoires

CWE Rule 335Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) (depuis R2023a)
CWE Rule 338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (depuis R2023a)

Problèmes de verrouillage des ressources

CWE Rule 413Improper Resource Locking (depuis R2023a)
CWE Rule 764Multiple Locks of a Critical Resource (depuis R2024a)
CWE Rule 765Multiple Unlocks of a Critical Resource (depuis R2024a)
CWE Rule 832Unlock of a Resource that is not Locked (depuis R2024a)
CWE Rule 833Deadlock (depuis R2024a)

Erreurs de gestion des ressources

CWE Rule 770Allocation of Resources Without Limits or Throttling (depuis R2024a)
CWE Rule 772Missing Release of Resource after Effective Lifetime (depuis R2024a)
CWE Rule 826Premature Release of Resource During Expected Lifetime (depuis R2024a)
CWE Rule 908Use of Uninitialized Resource (depuis R2024a)
CWE Rule 910Use of Expired File Descriptor (depuis R2023a)

Erreurs de signaux

CWE Rule 364Signal Handler Race Condition (depuis R2023a)

Problèmes d’état

CWE Rule 15External Control of System or Configuration Setting (depuis R2024a)
CWE Rule 372Incomplete Internal State Distinction (depuis R2024a)
CWE Rule 374Passing Mutable Objects to an Untrusted Method (depuis R2023b)
CWE Rule 375Returning a Mutable Object to an Untrusted Caller (depuis R2023a)

Erreurs de chaînes de caractères

CWE Rule 134Use of Externally-Controlled Format String (depuis R2023a)
CWE Rule 135Incorrect Calculation of Multi-Byte String Length (depuis R2023a)

Erreurs de type

CWE Rule 843Access of Resource Using Incompatible Type ('Type Confusion') (depuis R2023a)

Rubriques