CWE coverage for C and C++¶
An overview of CWE coverage for C and C++ in the latest release of CodeQL.
Overview¶
CWE | Language | Query id | Query name |
---|---|---|---|
CWE‑14 | C++ | cpp/memset-may-be-deleted | Call to memset may be deleted |
CWE‑20 | C++ | cpp/count-untrusted-data-external-api | Frequency counts for external APIs that are used with untrusted data |
CWE‑20 | C++ | cpp/count-untrusted-data-external-api-ir | Frequency counts for external APIs that are used with untrusted data |
CWE‑20 | C++ | cpp/untrusted-data-to-external-api-ir | Untrusted data passed to external API |
CWE‑20 | C++ | cpp/untrusted-data-to-external-api | Untrusted data passed to external API |
CWE‑20 | C++ | cpp/uncontrolled-process-operation | Uncontrolled process operation |
CWE‑20 | C++ | cpp/unclear-array-index-validation | Unclear validation of array index |
CWE‑20 | C++ | cpp/uncontrolled-allocation-size | Overflow in uncontrolled allocation size |
CWE‑20 | C++ | cpp/late-check-of-function-argument | Late Check Of Function Argument |
CWE‑20 | C++ | cpp/linux-kernel-no-check-before-unsafe-put-user | Linux kernel no check before unsafe_put_user vulnerability detection |
CWE‑22 | C++ | cpp/path-injection | Uncontrolled data used in path expression |
CWE‑23 | C++ | cpp/path-injection | Uncontrolled data used in path expression |
CWE‑36 | C++ | cpp/path-injection | Uncontrolled data used in path expression |
CWE‑73 | C++ | cpp/path-injection | Uncontrolled data used in path expression |
CWE‑74 | C++ | cpp/non-constant-format | Non-constant format string |
CWE‑74 | C++ | cpp/command-line-injection | Uncontrolled data used in OS command |
CWE‑74 | C++ | cpp/cgi-xss | CGI script vulnerable to cross-site scripting |
CWE‑74 | C++ | cpp/sql-injection | Uncontrolled data in SQL query |
CWE‑74 | C++ | cpp/tainted-format-string | Uncontrolled format string |
CWE‑74 | C++ | cpp/tainted-format-string-through-global | Uncontrolled format string (through global variable) |
CWE‑77 | C++ | cpp/command-line-injection | Uncontrolled data used in OS command |
CWE‑78 | C++ | cpp/command-line-injection | Uncontrolled data used in OS command |
CWE‑79 | C++ | cpp/cgi-xss | CGI script vulnerable to cross-site scripting |
CWE‑88 | C++ | cpp/command-line-injection | Uncontrolled data used in OS command |
CWE‑89 | C++ | cpp/sql-injection | Uncontrolled data in SQL query |
CWE‑114 | C++ | cpp/uncontrolled-process-operation | Uncontrolled process operation |
CWE‑118 | C++ | cpp/offset-use-before-range-check | Array offset used before range check |
CWE‑118 | C++ | cpp/late-negative-test | Pointer offset used before it is checked |
CWE‑118 | C++ | cpp/missing-negativity-test | Unchecked return value used as offset |
CWE‑118 | C++ | cpp/overflow-calculated | Buffer not sufficient for string |
CWE‑118 | C++ | cpp/overflow-destination | Copy function using source size |
CWE‑118 | C++ | cpp/static-buffer-overflow | Static array access may cause overflow |
CWE‑118 | C++ | cpp/allocation-too-small | Not enough memory allocated for pointer type |
CWE‑118 | C++ | cpp/suspicious-allocation-size | Not enough memory allocated for array of pointer type |
CWE‑118 | C++ | cpp/use-after-free | Potential use after free |
CWE‑118 | C++ | cpp/upcast-array-pointer-arithmetic | Upcast array used in pointer arithmetic |
CWE‑118 | C++ | cpp/return-stack-allocated-memory | Returning stack-allocated memory |
CWE‑118 | C++ | cpp/bad-strncpy-size | Possibly wrong buffer size in string copy |
CWE‑118 | C++ | cpp/unsafe-strncat | Potentially unsafe call to strncat |
CWE‑118 | C++ | cpp/unsafe-strcat | Potentially unsafe use of strcat |
CWE‑118 | C++ | cpp/using-expired-stack-address | Use of expired stack-address |
CWE‑118 | C++ | cpp/overflow-buffer | Call to memory access function may overflow buffer |
CWE‑118 | C++ | cpp/badly-bounded-write | Badly bounded write |
CWE‑118 | C++ | cpp/overrunning-write | Potentially overrunning write |
CWE‑118 | C++ | cpp/overrunning-write-with-float | Potentially overrunning write with float to string conversion |
CWE‑118 | C++ | cpp/unbounded-write | Unbounded write |
CWE‑118 | C++ | cpp/very-likely-overrunning-write | Likely overrunning write |
CWE‑118 | C++ | cpp/unterminated-variadic-call | Unterminated variadic call |
CWE‑118 | C++ | cpp/no-space-for-terminator | No space for zero terminator |
CWE‑118 | C++ | cpp/openssl-heartbleed | Use of a version of OpenSSL with Heartbleed |
CWE‑118 | C++ | cpp/memory-unsafe-function-scan | Scanf function without a specified length |
CWE‑118 | C++ | cpp/double-free | Errors When Double Free |
CWE‑118 | C++ | cpp/dangerous-use-of-exception-blocks | Dangerous use of exception blocks. |
CWE‑118 | C++ | cpp/sign-conversion-pointer-arithmetic | unsigned to signed used in pointer arithmetic |
CWE‑118 | C++ | cpp/access-memory-location-after-end-buffer-strlen | Access Of Memory Location After End Of Buffer |
CWE‑119 | C++ | cpp/offset-use-before-range-check | Array offset used before range check |
CWE‑119 | C++ | cpp/late-negative-test | Pointer offset used before it is checked |
CWE‑119 | C++ | cpp/missing-negativity-test | Unchecked return value used as offset |
CWE‑119 | C++ | cpp/overflow-calculated | Buffer not sufficient for string |
CWE‑119 | C++ | cpp/overflow-destination | Copy function using source size |
CWE‑119 | C++ | cpp/static-buffer-overflow | Static array access may cause overflow |
CWE‑119 | C++ | cpp/allocation-too-small | Not enough memory allocated for pointer type |
CWE‑119 | C++ | cpp/suspicious-allocation-size | Not enough memory allocated for array of pointer type |
CWE‑119 | C++ | cpp/use-after-free | Potential use after free |
CWE‑119 | C++ | cpp/upcast-array-pointer-arithmetic | Upcast array used in pointer arithmetic |
CWE‑119 | C++ | cpp/return-stack-allocated-memory | Returning stack-allocated memory |
CWE‑119 | C++ | cpp/bad-strncpy-size | Possibly wrong buffer size in string copy |
CWE‑119 | C++ | cpp/unsafe-strncat | Potentially unsafe call to strncat |
CWE‑119 | C++ | cpp/unsafe-strcat | Potentially unsafe use of strcat |
CWE‑119 | C++ | cpp/using-expired-stack-address | Use of expired stack-address |
CWE‑119 | C++ | cpp/overflow-buffer | Call to memory access function may overflow buffer |
CWE‑119 | C++ | cpp/badly-bounded-write | Badly bounded write |
CWE‑119 | C++ | cpp/overrunning-write | Potentially overrunning write |
CWE‑119 | C++ | cpp/overrunning-write-with-float | Potentially overrunning write with float to string conversion |
CWE‑119 | C++ | cpp/unbounded-write | Unbounded write |
CWE‑119 | C++ | cpp/very-likely-overrunning-write | Likely overrunning write |
CWE‑119 | C++ | cpp/unterminated-variadic-call | Unterminated variadic call |
CWE‑119 | C++ | cpp/no-space-for-terminator | No space for zero terminator |
CWE‑119 | C++ | cpp/openssl-heartbleed | Use of a version of OpenSSL with Heartbleed |
CWE‑119 | C++ | cpp/memory-unsafe-function-scan | Scanf function without a specified length |
CWE‑119 | C++ | cpp/double-free | Errors When Double Free |
CWE‑119 | C++ | cpp/dangerous-use-of-exception-blocks | Dangerous use of exception blocks. |
CWE‑119 | C++ | cpp/sign-conversion-pointer-arithmetic | unsigned to signed used in pointer arithmetic |
CWE‑119 | C++ | cpp/access-memory-location-after-end-buffer-strlen | Access Of Memory Location After End Of Buffer |
CWE‑120 | C++ | cpp/offset-use-before-range-check | Array offset used before range check |
CWE‑120 | C++ | cpp/overflow-calculated | Buffer not sufficient for string |
CWE‑120 | C++ | cpp/unsafe-strcat | Potentially unsafe use of strcat |
CWE‑120 | C++ | cpp/badly-bounded-write | Badly bounded write |
CWE‑120 | C++ | cpp/overrunning-write | Potentially overrunning write |
CWE‑120 | C++ | cpp/overrunning-write-with-float | Potentially overrunning write with float to string conversion |
CWE‑120 | C++ | cpp/unbounded-write | Unbounded write |
CWE‑120 | C++ | cpp/very-likely-overrunning-write | Likely overrunning write |
CWE‑120 | C++ | cpp/no-space-for-terminator | No space for zero terminator |
CWE‑120 | C++ | cpp/memory-unsafe-function-scan | Scanf function without a specified length |
CWE‑121 | C++ | cpp/overflow-buffer | Call to memory access function may overflow buffer |
CWE‑121 | C++ | cpp/unterminated-variadic-call | Unterminated variadic call |
CWE‑122 | C++ | cpp/allocation-too-small | Not enough memory allocated for pointer type |
CWE‑122 | C++ | cpp/suspicious-allocation-size | Not enough memory allocated for array of pointer type |
CWE‑122 | C++ | cpp/overflow-buffer | Call to memory access function may overflow buffer |
CWE‑122 | C++ | cpp/no-space-for-terminator | No space for zero terminator |
CWE‑125 | C++ | cpp/offset-use-before-range-check | Array offset used before range check |
CWE‑125 | C++ | cpp/overflow-buffer | Call to memory access function may overflow buffer |
CWE‑126 | C++ | cpp/overflow-buffer | Call to memory access function may overflow buffer |
CWE‑128 | C++ | cpp/signed-overflow-check | Signed overflow check |
CWE‑128 | C++ | cpp/multiplication-overflow-in-alloc | Multiplication result may overflow and be used in allocation |
CWE‑129 | C++ | cpp/unclear-array-index-validation | Unclear validation of array index |
CWE‑131 | C++ | cpp/overflow-calculated | Buffer not sufficient for string |
CWE‑131 | C++ | cpp/overflow-destination | Copy function using source size |
CWE‑131 | C++ | cpp/static-buffer-overflow | Static array access may cause overflow |
CWE‑131 | C++ | cpp/allocation-too-small | Not enough memory allocated for pointer type |
CWE‑131 | C++ | cpp/suspicious-allocation-size | Not enough memory allocated for array of pointer type |
CWE‑131 | C++ | cpp/no-space-for-terminator | No space for zero terminator |
CWE‑134 | C++ | cpp/non-constant-format | Non-constant format string |
CWE‑134 | C++ | cpp/tainted-format-string | Uncontrolled format string |
CWE‑134 | C++ | cpp/tainted-format-string-through-global | Uncontrolled format string (through global variable) |
CWE‑170 | C++ | cpp/improper-null-termination | Potential improper null termination |
CWE‑170 | C++ | cpp/user-controlled-null-termination-tainted | User-controlled data may not be null terminated |
CWE‑190 | C++ | cpp/ambiguously-signed-bit-field | Ambiguously signed bit-field member |
CWE‑190 | C++ | cpp/bad-addition-overflow-check | Bad check for overflow of integer addition |
CWE‑190 | C++ | cpp/integer-multiplication-cast-to-long | Multiplication result converted to larger type |
CWE‑190 | C++ | cpp/signed-overflow-check | Signed overflow check |
CWE‑190 | C++ | cpp/overflowing-snprintf | Potentially overflowing call to snprintf |
CWE‑190 | C++ | cpp/tainted-arithmetic | User-controlled data in arithmetic expression |
CWE‑190 | C++ | cpp/uncontrolled-arithmetic | Uncontrolled data in arithmetic expression |
CWE‑190 | C++ | cpp/arithmetic-with-extreme-values | Use of extreme values in arithmetic expression |
CWE‑190 | C++ | cpp/comparison-with-wider-type | Comparison of narrow type with wide type in loop condition |
CWE‑190 | C++ | cpp/integer-overflow-tainted | Potential integer arithmetic overflow |
CWE‑190 | C++ | cpp/uncontrolled-allocation-size | Overflow in uncontrolled allocation size |
CWE‑190 | C++ | cpp/multiplication-overflow-in-alloc | Multiplication result may overflow and be used in allocation |
CWE‑190 | C++ | cpp/dangerous-use-of-transformation-after-operation | Dangerous use of transformation after operation. |
CWE‑190 | C++ | cpp/signed-bit-field | Possible signed bit-field member |
CWE‑191 | C++ | cpp/tainted-arithmetic | User-controlled data in arithmetic expression |
CWE‑191 | C++ | cpp/uncontrolled-arithmetic | Uncontrolled data in arithmetic expression |
CWE‑191 | C++ | cpp/arithmetic-with-extreme-values | Use of extreme values in arithmetic expression |
CWE‑191 | C++ | cpp/unsigned-difference-expression-compared-zero | Unsigned difference expression compared to zero |
CWE‑197 | C++ | cpp/integer-multiplication-cast-to-long | Multiplication result converted to larger type |
CWE‑197 | C++ | cpp/comparison-with-wider-type | Comparison of narrow type with wide type in loop condition |
CWE‑197 | C++ | cpp/integer-overflow-tainted | Potential integer arithmetic overflow |
CWE‑200 | C++ | cpp/cleartext-transmission | Cleartext transmission of sensitive information |
CWE‑200 | C++ | cpp/system-data-exposure | Exposure of system data to an unauthorized control sphere |
CWE‑200 | C++ | cpp/potential-system-data-exposure | Potential exposure of sensitive system data to an unauthorized control sphere |
CWE‑200 | C++ | cpp/work-with-file-without-permissions-rights | Writing to a file without setting permissions. |
CWE‑200 | C++ | cpp/wrong-use-of-the-umask | Find the wrong use of the umask function. |
CWE‑200 | C++ | cpp/private-cleartext-write | Exposure of private information |
CWE‑227 | C++ | cpp/overflowing-snprintf | Potentially overflowing call to snprintf |
CWE‑227 | C++ | cpp/wrong-number-format-arguments | Too few arguments to formatting function |
CWE‑227 | C++ | cpp/wrong-type-format-argument | Wrong type of arguments to formatting function |
CWE‑227 | C++ | cpp/too-few-arguments | Call to function with fewer arguments than declared parameters |
CWE‑227 | C++ | cpp/ignore-return-value-sal | SAL requires inspecting return value |
CWE‑227 | C++ | cpp/hresult-boolean-conversion | Cast between HRESULT and a Boolean type |
CWE‑227 | C++ | cpp/lock-order-cycle | Cyclic lock order dependency |
CWE‑227 | C++ | cpp/twice-locked | Mutex locked twice |
CWE‑227 | C++ | cpp/unreleased-lock | Lock may not be released |
CWE‑227 | C++ | cpp/work-with-changing-working-directories | Find work with changing working directories, with security errors. |
CWE‑227 | C++ | cpp/wrong-use-of-the-umask | Find the wrong use of the umask function. |
CWE‑227 | C++ | cpp/double-free | Errors When Double Free |
CWE‑227 | C++ | cpp/dangerous-use-of-exception-blocks | Dangerous use of exception blocks. |
CWE‑227 | C++ | cpp/double-release | Errors When Double Release |
CWE‑228 | C++ | cpp/wrong-number-format-arguments | Too few arguments to formatting function |
CWE‑228 | C++ | cpp/too-few-arguments | Call to function with fewer arguments than declared parameters |
CWE‑233 | C++ | cpp/wrong-number-format-arguments | Too few arguments to formatting function |
CWE‑233 | C++ | cpp/too-few-arguments | Call to function with fewer arguments than declared parameters |
CWE‑234 | C++ | cpp/wrong-number-format-arguments | Too few arguments to formatting function |
CWE‑234 | C++ | cpp/too-few-arguments | Call to function with fewer arguments than declared parameters |
CWE‑242 | C++ | cpp/dangerous-function-overflow | Use of dangerous function |
CWE‑243 | C++ | cpp/work-with-changing-working-directories | Find work with changing working directories, with security errors. |
CWE‑248 | C++ | cpp/operator-find-incorrectly-used-exceptions | Operator Find Incorrectly Used Exceptions |
CWE‑252 | C++ | cpp/return-value-ignored | Return value of a function is ignored |
CWE‑252 | C++ | cpp/inconsistent-call-on-result | Inconsistent operation on return value |
CWE‑252 | C++ | cpp/ignore-return-value-sal | SAL requires inspecting return value |
CWE‑252 | C++ | cpp/incorrect-allocation-error-handling | Incorrect allocation-error handling |
CWE‑252 | C++ | cpp/work-with-changing-working-directories | Find work with changing working directories, with security errors. |
CWE‑253 | C++ | cpp/overflowing-snprintf | Potentially overflowing call to snprintf |
CWE‑253 | C++ | cpp/hresult-boolean-conversion | Cast between HRESULT and a Boolean type |
CWE‑260 | C++ | cpp/cleartext-storage-file | Cleartext storage of sensitive information in file |
CWE‑266 | C++ | cpp/wrong-use-of-the-umask | Find the wrong use of the umask function. |
CWE‑269 | C++ | cpp/wrong-use-of-the-umask | Find the wrong use of the umask function. |
CWE‑269 | C++ | cpp/drop-linux-privileges-outoforder | LinuxPrivilegeDroppingOutoforder |
CWE‑271 | C++ | cpp/drop-linux-privileges-outoforder | LinuxPrivilegeDroppingOutoforder |
CWE‑273 | C++ | cpp/drop-linux-privileges-outoforder | LinuxPrivilegeDroppingOutoforder |
CWE‑284 | C++ | cpp/user-controlled-bypass | Authentication bypass by spoofing |
CWE‑284 | C++ | cpp/cleartext-storage-file | Cleartext storage of sensitive information in file |
CWE‑284 | C++ | cpp/world-writable-file-creation | File created without restricting permissions |
CWE‑284 | C++ | cpp/open-call-with-mode-argument | File opened with O_CREAT flag but without mode argument |
CWE‑284 | C++ | cpp/unsafe-dacl-security-descriptor | Setting a DACL to NULL in a SECURITY_DESCRIPTOR |
CWE‑284 | C++ | cpp/wrong-use-of-the-umask | Find the wrong use of the umask function. |
CWE‑284 | C++ | cpp/drop-linux-privileges-outoforder | LinuxPrivilegeDroppingOutoforder |
CWE‑284 | C++ | cpp/pam-auth-bypass | PAM Authorization bypass |
CWE‑285 | C++ | cpp/world-writable-file-creation | File created without restricting permissions |
CWE‑285 | C++ | cpp/open-call-with-mode-argument | File opened with O_CREAT flag but without mode argument |
CWE‑285 | C++ | cpp/unsafe-dacl-security-descriptor | Setting a DACL to NULL in a SECURITY_DESCRIPTOR |
CWE‑285 | C++ | cpp/pam-auth-bypass | PAM Authorization bypass |
CWE‑287 | C++ | cpp/user-controlled-bypass | Authentication bypass by spoofing |
CWE‑287 | C++ | cpp/cleartext-storage-file | Cleartext storage of sensitive information in file |
CWE‑290 | C++ | cpp/user-controlled-bypass | Authentication bypass by spoofing |
CWE‑295 | C++ | cpp/certificate-result-conflation | Certificate result conflation |
CWE‑295 | C++ | cpp/certificate-not-checked | Certificate not checked |
CWE‑311 | C++ | cpp/cleartext-storage-buffer | Cleartext storage of sensitive information in buffer |
CWE‑311 | C++ | cpp/cleartext-storage-file | Cleartext storage of sensitive information in file |
CWE‑311 | C++ | cpp/cleartext-transmission | Cleartext transmission of sensitive information |
CWE‑311 | C++ | cpp/cleartext-storage-database | Cleartext storage of sensitive information in an SQLite database |
CWE‑311 | C++ | cpp/non-https-url | Failure to use HTTPS URLs |
CWE‑312 | C++ | cpp/cleartext-storage-buffer | Cleartext storage of sensitive information in buffer |
CWE‑312 | C++ | cpp/cleartext-storage-file | Cleartext storage of sensitive information in file |
CWE‑312 | C++ | cpp/cleartext-storage-database | Cleartext storage of sensitive information in an SQLite database |
CWE‑313 | C++ | cpp/cleartext-storage-file | Cleartext storage of sensitive information in file |
CWE‑313 | C++ | cpp/cleartext-storage-database | Cleartext storage of sensitive information in an SQLite database |
CWE‑319 | C++ | cpp/cleartext-transmission | Cleartext transmission of sensitive information |
CWE‑319 | C++ | cpp/non-https-url | Failure to use HTTPS URLs |
CWE‑326 | C++ | cpp/boost/tls-settings-misconfiguration | Boost_asio TLS Settings Misconfiguration |
CWE‑326 | C++ | cpp/insufficient-key-size | Use of a cryptographic algorithm with insufficient key size |
CWE‑327 | C++ | cpp/boost/use-of-deprecated-hardcoded-security-protocol | boost::asio Use of deprecated hardcoded Protocol |
CWE‑327 | C++ | cpp/weak-cryptographic-algorithm | Use of a broken or risky cryptographic algorithm |
CWE‑327 | C++ | cpp/openssl-heartbleed | Use of a version of OpenSSL with Heartbleed |
CWE‑345 | C++ | cpp/non-https-url | Failure to use HTTPS URLs |
CWE‑359 | C++ | cpp/cleartext-transmission | Cleartext transmission of sensitive information |
CWE‑359 | C++ | cpp/private-cleartext-write | Exposure of private information |
CWE‑362 | C++ | cpp/toctou-race-condition | Time-of-check time-of-use filesystem race condition |
CWE‑362 | C++ | cpp/linux-kernel-double-fetch-vulnerability | Linux kernel double-fetch vulnerability detection |
CWE‑367 | C++ | cpp/toctou-race-condition | Time-of-check time-of-use filesystem race condition |
CWE‑377 | C++ | cpp/insecure-generation-of-filename | Insecure generation of filenames. |
CWE‑390 | C++ | cpp/operator-find-incorrectly-used-exceptions | Operator Find Incorrectly Used Exceptions |
CWE‑398 | C++ | cpp/unused-local-variable | Unused local variable |
CWE‑398 | C++ | cpp/unused-static-function | Unused static function |
CWE‑398 | C++ | cpp/unused-static-variable | Unused static variable |
CWE‑398 | C++ | cpp/dead-code-condition | Branching condition always evaluates to same value |
CWE‑398 | C++ | cpp/dead-code-function | Function is never called |
CWE‑398 | C++ | cpp/dead-code-goto | Dead code due to goto or break statement |
CWE‑398 | C++ | cpp/inconsistent-nullness-testing | Inconsistent null check of pointer |
CWE‑398 | C++ | cpp/missing-null-test | Returned pointer not checked |
CWE‑398 | C++ | cpp/unused-variable | Variable is assigned a value that is never read |
CWE‑398 | C++ | cpp/fixme-comment | FIXME comment |
CWE‑398 | C++ | cpp/todo-comment | TODO comment |
CWE‑398 | C++ | cpp/inconsistent-null-check | Inconsistent nullness check |
CWE‑398 | C++ | cpp/useless-expression | Expression has no effect |
CWE‑398 | C++ | cpp/bad-strncpy-size | Possibly wrong buffer size in string copy |
CWE‑398 | C++ | cpp/suspicious-call-to-memset | Suspicious call to memset |
CWE‑398 | C++ | cpp/unsafe-strncat | Potentially unsafe call to strncat |
CWE‑398 | C++ | cpp/unsafe-strcat | Potentially unsafe use of strcat |
CWE‑398 | C++ | cpp/redundant-null-check-simple | Redundant null check due to previous dereference |
CWE‑398 | C++ | cpp/incorrect-allocation-error-handling | Incorrect allocation-error handling |
CWE‑398 | C++ | cpp/dangerous-function-overflow | Use of dangerous function |
CWE‑398 | C++ | cpp/dangerous-cin | Dangerous use of 'cin' |
CWE‑398 | C++ | cpp/potentially-dangerous-function | Use of potentially dangerous function |
CWE‑398 | C++ | cpp/redundant-null-check-param | Redundant null check or missing null check of parameter |
CWE‑398 | C++ | cpp/dangerous-use-of-exception-blocks | Dangerous use of exception blocks. |
CWE‑398 | C++ | cpp/operator-find-incorrectly-used-switch | Incorrect switch statement |
CWE‑400 | C++ | cpp/catch-missing-free | Leaky catch |
CWE‑400 | C++ | cpp/descriptor-may-not-be-closed | Open descriptor may not be closed |
CWE‑400 | C++ | cpp/descriptor-never-closed | Open descriptor never closed |
CWE‑400 | C++ | cpp/file-may-not-be-closed | Open file may not be closed |
CWE‑400 | C++ | cpp/file-never-closed | Open file is not closed |
CWE‑400 | C++ | cpp/memory-may-not-be-freed | Memory may not be freed |
CWE‑400 | C++ | cpp/memory-never-freed | Memory is never freed |
CWE‑400 | C++ | cpp/new-free-mismatch | Mismatching new/free or malloc/delete |
CWE‑400 | C++ | cpp/alloca-in-loop | Call to alloca in a loop |
CWE‑400 | C++ | cpp/uncontrolled-allocation-size | Overflow in uncontrolled allocation size |
CWE‑400 | C++ | cpp/memory-leak-on-failed-call-to-realloc | Memory leak on failed call to realloc |
CWE‑401 | C++ | cpp/catch-missing-free | Leaky catch |
CWE‑401 | C++ | cpp/memory-may-not-be-freed | Memory may not be freed |
CWE‑401 | C++ | cpp/memory-never-freed | Memory is never freed |
CWE‑401 | C++ | cpp/new-free-mismatch | Mismatching new/free or malloc/delete |
CWE‑401 | C++ | cpp/memory-leak-on-failed-call-to-realloc | Memory leak on failed call to realloc |
CWE‑404 | C++ | cpp/catch-missing-free | Leaky catch |
CWE‑404 | C++ | cpp/descriptor-may-not-be-closed | Open descriptor may not be closed |
CWE‑404 | C++ | cpp/descriptor-never-closed | Open descriptor never closed |
CWE‑404 | C++ | cpp/file-may-not-be-closed | Open file may not be closed |
CWE‑404 | C++ | cpp/file-never-closed | Open file is not closed |
CWE‑404 | C++ | cpp/memory-may-not-be-freed | Memory may not be freed |
CWE‑404 | C++ | cpp/memory-never-freed | Memory is never freed |
CWE‑404 | C++ | cpp/new-free-mismatch | Mismatching new/free or malloc/delete |
CWE‑404 | C++ | cpp/memory-leak-on-failed-call-to-realloc | Memory leak on failed call to realloc |
CWE‑404 | C++ | cpp/resource-not-released-in-destructor | Resource not released in destructor |
CWE‑415 | C++ | cpp/double-free | Errors When Double Free |
CWE‑415 | C++ | cpp/dangerous-use-of-exception-blocks | Dangerous use of exception blocks. |
CWE‑416 | C++ | cpp/use-after-free | Potential use after free |
CWE‑428 | C++ | cpp/unsafe-create-process-call | NULL application name with an unquoted path in call to CreateProcess |
CWE‑435 | C++ | cpp/memset-may-be-deleted | Call to memset may be deleted |
CWE‑456 | C++ | cpp/initialization-not-run | Initialization code not run |
CWE‑457 | C++ | cpp/global-use-before-init | Global variable may be used before initialization |
CWE‑457 | C++ | cpp/not-initialised | Variable not initialized before use |
CWE‑457 | C++ | cpp/uninitialized-local | Potentially uninitialized local variable |
CWE‑457 | C++ | cpp/conditionally-uninitialized-variable | Conditionally uninitialized variable |
CWE‑467 | C++ | cpp/suspicious-sizeof | Suspicious 'sizeof' use |
CWE‑468 | C++ | cpp/suspicious-pointer-scaling | Suspicious pointer scaling |
CWE‑468 | C++ | cpp/incorrect-pointer-scaling-char | Suspicious pointer scaling to char |
CWE‑468 | C++ | cpp/suspicious-pointer-scaling-void | Suspicious pointer scaling to void |
CWE‑468 | C++ | cpp/suspicious-add-sizeof | Suspicious add with sizeof |
CWE‑476 | C++ | cpp/inconsistent-nullness-testing | Inconsistent null check of pointer |
CWE‑476 | C++ | cpp/missing-null-test | Returned pointer not checked |
CWE‑476 | C++ | cpp/inconsistent-null-check | Inconsistent nullness check |
CWE‑476 | C++ | cpp/redundant-null-check-simple | Redundant null check due to previous dereference |
CWE‑476 | C++ | cpp/redundant-null-check-param | Redundant null check or missing null check of parameter |
CWE‑476 | C++ | cpp/dangerous-use-of-exception-blocks | Dangerous use of exception blocks. |
CWE‑478 | C++ | cpp/missing-case-in-switch | Missing enum case in switch |
CWE‑478 | C++ | cpp/operator-find-incorrectly-used-switch | Incorrect switch statement |
CWE‑480 | C++ | cpp/assign-where-compare-meant | Assignment where comparison was intended |
CWE‑480 | C++ | cpp/compare-where-assign-meant | Comparison where assignment was intended |
CWE‑480 | C++ | cpp/incorrect-not-operator-usage | Incorrect 'not' operator usage |
CWE‑480 | C++ | cpp/logical-operator-applied-to-flag | Short-circuiting operator applied to flag |
CWE‑480 | C++ | cpp/operator-precedence-logic-error-when-use-bitwise-logical-operations | Operator Precedence Logic Error When Use Bitwise Or Logical Operations |
CWE‑480 | C++ | cpp/operator-precedence-logic-error-when-use-bool-type | Operator Precedence Logic Error When Use Bool Type |
CWE‑481 | C++ | cpp/assign-where-compare-meant | Assignment where comparison was intended |
CWE‑482 | C++ | cpp/compare-where-assign-meant | Comparison where assignment was intended |
CWE‑497 | C++ | cpp/system-data-exposure | Exposure of system data to an unauthorized control sphere |
CWE‑497 | C++ | cpp/potential-system-data-exposure | Potential exposure of sensitive system data to an unauthorized control sphere |
CWE‑522 | C++ | cpp/cleartext-storage-file | Cleartext storage of sensitive information in file |
CWE‑546 | C++ | cpp/fixme-comment | FIXME comment |
CWE‑546 | C++ | cpp/todo-comment | TODO comment |
CWE‑560 | C++ | cpp/wrong-use-of-the-umask | Find the wrong use of the umask function. |
CWE‑561 | C++ | cpp/unused-static-function | Unused static function |
CWE‑561 | C++ | cpp/dead-code-condition | Branching condition always evaluates to same value |
CWE‑561 | C++ | cpp/dead-code-function | Function is never called |
CWE‑561 | C++ | cpp/dead-code-goto | Dead code due to goto or break statement |
CWE‑561 | C++ | cpp/useless-expression | Expression has no effect |
CWE‑561 | C++ | cpp/incorrect-allocation-error-handling | Incorrect allocation-error handling |
CWE‑561 | C++ | cpp/operator-find-incorrectly-used-switch | Incorrect switch statement |
CWE‑563 | C++ | cpp/unused-local-variable | Unused local variable |
CWE‑563 | C++ | cpp/unused-static-variable | Unused static variable |
CWE‑563 | C++ | cpp/unused-variable | Variable is assigned a value that is never read |
CWE‑570 | C++ | cpp/incorrect-allocation-error-handling | Incorrect allocation-error handling |
CWE‑573 | C++ | cpp/overflowing-snprintf | Potentially overflowing call to snprintf |
CWE‑573 | C++ | cpp/wrong-number-format-arguments | Too few arguments to formatting function |
CWE‑573 | C++ | cpp/wrong-type-format-argument | Wrong type of arguments to formatting function |
CWE‑573 | C++ | cpp/too-few-arguments | Call to function with fewer arguments than declared parameters |
CWE‑573 | C++ | cpp/ignore-return-value-sal | SAL requires inspecting return value |
CWE‑573 | C++ | cpp/hresult-boolean-conversion | Cast between HRESULT and a Boolean type |
CWE‑573 | C++ | cpp/lock-order-cycle | Cyclic lock order dependency |
CWE‑573 | C++ | cpp/twice-locked | Mutex locked twice |
CWE‑573 | C++ | cpp/unreleased-lock | Lock may not be released |
CWE‑573 | C++ | cpp/work-with-changing-working-directories | Find work with changing working directories, with security errors. |
CWE‑573 | C++ | cpp/wrong-use-of-the-umask | Find the wrong use of the umask function. |
CWE‑573 | C++ | cpp/double-free | Errors When Double Free |
CWE‑573 | C++ | cpp/dangerous-use-of-exception-blocks | Dangerous use of exception blocks. |
CWE‑573 | C++ | cpp/double-release | Errors When Double Release |
CWE‑592 | C++ | cpp/user-controlled-bypass | Authentication bypass by spoofing |
CWE‑610 | C++ | cpp/path-injection | Uncontrolled data used in path expression |
CWE‑610 | C++ | cpp/external-entity-expansion | XML external entity expansion |
CWE‑611 | C++ | cpp/external-entity-expansion | XML external entity expansion |
CWE‑628 | C++ | cpp/wrong-number-format-arguments | Too few arguments to formatting function |
CWE‑628 | C++ | cpp/wrong-type-format-argument | Wrong type of arguments to formatting function |
CWE‑628 | C++ | cpp/too-few-arguments | Call to function with fewer arguments than declared parameters |
CWE‑628 | C++ | cpp/wrong-use-of-the-umask | Find the wrong use of the umask function. |
CWE‑642 | C++ | cpp/path-injection | Uncontrolled data used in path expression |
CWE‑662 | C++ | cpp/lock-order-cycle | Cyclic lock order dependency |
CWE‑662 | C++ | cpp/twice-locked | Mutex locked twice |
CWE‑662 | C++ | cpp/unreleased-lock | Lock may not be released |
CWE‑664 | C++ | cpp/catch-missing-free | Leaky catch |
CWE‑664 | C++ | cpp/descriptor-may-not-be-closed | Open descriptor may not be closed |
CWE‑664 | C++ | cpp/descriptor-never-closed | Open descriptor never closed |
CWE‑664 | C++ | cpp/file-may-not-be-closed | Open file may not be closed |
CWE‑664 | C++ | cpp/file-never-closed | Open file is not closed |
CWE‑664 | C++ | cpp/global-use-before-init | Global variable may be used before initialization |
CWE‑664 | C++ | cpp/initialization-not-run | Initialization code not run |
CWE‑664 | C++ | cpp/memory-may-not-be-freed | Memory may not be freed |
CWE‑664 | C++ | cpp/memory-never-freed | Memory is never freed |
CWE‑664 | C++ | cpp/new-free-mismatch | Mismatching new/free or malloc/delete |
CWE‑664 | C++ | cpp/not-initialised | Variable not initialized before use |
CWE‑664 | C++ | cpp/use-after-free | Potential use after free |
CWE‑664 | C++ | cpp/bad-addition-overflow-check | Bad check for overflow of integer addition |
CWE‑664 | C++ | cpp/integer-multiplication-cast-to-long | Multiplication result converted to larger type |
CWE‑664 | C++ | cpp/upcast-array-pointer-arithmetic | Upcast array used in pointer arithmetic |
CWE‑664 | C++ | cpp/alloca-in-loop | Call to alloca in a loop |
CWE‑664 | C++ | cpp/improper-null-termination | Potential improper null termination |
CWE‑664 | C++ | cpp/return-stack-allocated-memory | Returning stack-allocated memory |
CWE‑664 | C++ | cpp/uninitialized-local | Potentially uninitialized local variable |
CWE‑664 | C++ | cpp/using-expired-stack-address | Use of expired stack-address |
CWE‑664 | C++ | cpp/self-assignment-check | Self assignment check |
CWE‑664 | C++ | cpp/path-injection | Uncontrolled data used in path expression |
CWE‑664 | C++ | cpp/comparison-with-wider-type | Comparison of narrow type with wide type in loop condition |
CWE‑664 | C++ | cpp/integer-overflow-tainted | Potential integer arithmetic overflow |
CWE‑664 | C++ | cpp/uncontrolled-allocation-size | Overflow in uncontrolled allocation size |
CWE‑664 | C++ | cpp/user-controlled-bypass | Authentication bypass by spoofing |
CWE‑664 | C++ | cpp/cleartext-storage-buffer | Cleartext storage of sensitive information in buffer |
CWE‑664 | C++ | cpp/cleartext-storage-file | Cleartext storage of sensitive information in file |
CWE‑664 | C++ | cpp/cleartext-transmission | Cleartext transmission of sensitive information |
CWE‑664 | C++ | cpp/cleartext-storage-database | Cleartext storage of sensitive information in an SQLite database |
CWE‑664 | C++ | cpp/unsafe-create-process-call | NULL application name with an unquoted path in call to CreateProcess |
CWE‑664 | C++ | cpp/conditionally-uninitialized-variable | Conditionally uninitialized variable |
CWE‑664 | C++ | cpp/system-data-exposure | Exposure of system data to an unauthorized control sphere |
CWE‑664 | C++ | cpp/potential-system-data-exposure | Potential exposure of sensitive system data to an unauthorized control sphere |
CWE‑664 | C++ | cpp/external-entity-expansion | XML external entity expansion |
CWE‑664 | C++ | cpp/incorrect-string-type-conversion | Cast from char to wchar_t |
CWE‑664 | C++ | cpp/world-writable-file-creation | File created without restricting permissions |
CWE‑664 | C++ | cpp/open-call-with-mode-argument | File opened with O_CREAT flag but without mode argument |
CWE‑664 | C++ | cpp/unsafe-dacl-security-descriptor | Setting a DACL to NULL in a SECURITY_DESCRIPTOR |
CWE‑664 | C++ | cpp/lock-order-cycle | Cyclic lock order dependency |
CWE‑664 | C++ | cpp/twice-locked | Mutex locked twice |
CWE‑664 | C++ | cpp/unreleased-lock | Lock may not be released |
CWE‑664 | C++ | cpp/work-with-file-without-permissions-rights | Writing to a file without setting permissions. |
CWE‑664 | C++ | cpp/work-with-changing-working-directories | Find work with changing working directories, with security errors. |
CWE‑664 | C++ | cpp/wrong-use-of-the-umask | Find the wrong use of the umask function. |
CWE‑664 | C++ | cpp/drop-linux-privileges-outoforder | LinuxPrivilegeDroppingOutoforder |
CWE‑664 | C++ | cpp/pam-auth-bypass | PAM Authorization bypass |
CWE‑664 | C++ | cpp/private-cleartext-write | Exposure of private information |
CWE‑664 | C++ | cpp/insecure-generation-of-filename | Insecure generation of filenames. |
CWE‑664 | C++ | cpp/memory-leak-on-failed-call-to-realloc | Memory leak on failed call to realloc |
CWE‑664 | C++ | cpp/double-free | Errors When Double Free |
CWE‑664 | C++ | cpp/dangerous-use-of-exception-blocks | Dangerous use of exception blocks. |
CWE‑664 | C++ | cpp/double-release | Errors When Double Release |
CWE‑664 | C++ | cpp/improper-check-return-value-scanf | Improper check of return value of scanf |
CWE‑664 | C++ | cpp/resource-not-released-in-destructor | Resource not released in destructor |
CWE‑665 | C++ | cpp/global-use-before-init | Global variable may be used before initialization |
CWE‑665 | C++ | cpp/initialization-not-run | Initialization code not run |
CWE‑665 | C++ | cpp/not-initialised | Variable not initialized before use |
CWE‑665 | C++ | cpp/alloca-in-loop | Call to alloca in a loop |
CWE‑665 | C++ | cpp/improper-null-termination | Potential improper null termination |
CWE‑665 | C++ | cpp/uninitialized-local | Potentially uninitialized local variable |
CWE‑665 | C++ | cpp/uncontrolled-allocation-size | Overflow in uncontrolled allocation size |
CWE‑665 | C++ | cpp/conditionally-uninitialized-variable | Conditionally uninitialized variable |
CWE‑666 | C++ | cpp/use-after-free | Potential use after free |
CWE‑666 | C++ | cpp/return-stack-allocated-memory | Returning stack-allocated memory |
CWE‑666 | C++ | cpp/using-expired-stack-address | Use of expired stack-address |
CWE‑666 | C++ | cpp/self-assignment-check | Self assignment check |
CWE‑666 | C++ | cpp/double-free | Errors When Double Free |
CWE‑666 | C++ | cpp/dangerous-use-of-exception-blocks | Dangerous use of exception blocks. |
CWE‑666 | C++ | cpp/double-release | Errors When Double Release |
CWE‑667 | C++ | cpp/lock-order-cycle | Cyclic lock order dependency |
CWE‑667 | C++ | cpp/twice-locked | Mutex locked twice |
CWE‑667 | C++ | cpp/unreleased-lock | Lock may not be released |
CWE‑668 | C++ | cpp/path-injection | Uncontrolled data used in path expression |
CWE‑668 | C++ | cpp/cleartext-storage-file | Cleartext storage of sensitive information in file |
CWE‑668 | C++ | cpp/cleartext-transmission | Cleartext transmission of sensitive information |
CWE‑668 | C++ | cpp/unsafe-create-process-call | NULL application name with an unquoted path in call to CreateProcess |
CWE‑668 | C++ | cpp/system-data-exposure | Exposure of system data to an unauthorized control sphere |
CWE‑668 | C++ | cpp/potential-system-data-exposure | Potential exposure of sensitive system data to an unauthorized control sphere |
CWE‑668 | C++ | cpp/world-writable-file-creation | File created without restricting permissions |
CWE‑668 | C++ | cpp/open-call-with-mode-argument | File opened with O_CREAT flag but without mode argument |
CWE‑668 | C++ | cpp/unsafe-dacl-security-descriptor | Setting a DACL to NULL in a SECURITY_DESCRIPTOR |
CWE‑668 | C++ | cpp/work-with-file-without-permissions-rights | Writing to a file without setting permissions. |
CWE‑668 | C++ | cpp/wrong-use-of-the-umask | Find the wrong use of the umask function. |
CWE‑668 | C++ | cpp/private-cleartext-write | Exposure of private information |
CWE‑668 | C++ | cpp/insecure-generation-of-filename | Insecure generation of filenames. |
CWE‑669 | C++ | cpp/work-with-changing-working-directories | Find work with changing working directories, with security errors. |
CWE‑670 | C++ | cpp/assign-where-compare-meant | Assignment where comparison was intended |
CWE‑670 | C++ | cpp/compare-where-assign-meant | Comparison where assignment was intended |
CWE‑670 | C++ | cpp/incorrect-not-operator-usage | Incorrect 'not' operator usage |
CWE‑670 | C++ | cpp/logical-operator-applied-to-flag | Short-circuiting operator applied to flag |
CWE‑670 | C++ | cpp/unsafe-use-of-this | Unsafe use of this in constructor |
CWE‑670 | C++ | cpp/operator-precedence-logic-error-when-use-bitwise-logical-operations | Operator Precedence Logic Error When Use Bitwise Or Logical Operations |
CWE‑670 | C++ | cpp/operator-precedence-logic-error-when-use-bool-type | Operator Precedence Logic Error When Use Bool Type |
CWE‑672 | C++ | cpp/use-after-free | Potential use after free |
CWE‑672 | C++ | cpp/return-stack-allocated-memory | Returning stack-allocated memory |
CWE‑672 | C++ | cpp/using-expired-stack-address | Use of expired stack-address |
CWE‑672 | C++ | cpp/double-free | Errors When Double Free |
CWE‑672 | C++ | cpp/dangerous-use-of-exception-blocks | Dangerous use of exception blocks. |
CWE‑675 | C++ | cpp/lock-order-cycle | Cyclic lock order dependency |
CWE‑675 | C++ | cpp/twice-locked | Mutex locked twice |
CWE‑675 | C++ | cpp/unreleased-lock | Lock may not be released |
CWE‑675 | C++ | cpp/double-free | Errors When Double Free |
CWE‑675 | C++ | cpp/dangerous-use-of-exception-blocks | Dangerous use of exception blocks. |
CWE‑675 | C++ | cpp/double-release | Errors When Double Release |
CWE‑676 | C++ | cpp/bad-strncpy-size | Possibly wrong buffer size in string copy |
CWE‑676 | C++ | cpp/suspicious-call-to-memset | Suspicious call to memset |
CWE‑676 | C++ | cpp/unsafe-strncat | Potentially unsafe call to strncat |
CWE‑676 | C++ | cpp/unsafe-strcat | Potentially unsafe use of strcat |
CWE‑676 | C++ | cpp/dangerous-function-overflow | Use of dangerous function |
CWE‑676 | C++ | cpp/dangerous-cin | Dangerous use of 'cin' |
CWE‑676 | C++ | cpp/potentially-dangerous-function | Use of potentially dangerous function |
CWE‑681 | C++ | cpp/bad-addition-overflow-check | Bad check for overflow of integer addition |
CWE‑681 | C++ | cpp/integer-multiplication-cast-to-long | Multiplication result converted to larger type |
CWE‑681 | C++ | cpp/comparison-with-wider-type | Comparison of narrow type with wide type in loop condition |
CWE‑681 | C++ | cpp/integer-overflow-tainted | Potential integer arithmetic overflow |
CWE‑682 | C++ | cpp/overflow-calculated | Buffer not sufficient for string |
CWE‑682 | C++ | cpp/overflow-destination | Copy function using source size |
CWE‑682 | C++ | cpp/static-buffer-overflow | Static array access may cause overflow |
CWE‑682 | C++ | cpp/allocation-too-small | Not enough memory allocated for pointer type |
CWE‑682 | C++ | cpp/suspicious-allocation-size | Not enough memory allocated for array of pointer type |
CWE‑682 | C++ | cpp/ambiguously-signed-bit-field | Ambiguously signed bit-field member |
CWE‑682 | C++ | cpp/bad-addition-overflow-check | Bad check for overflow of integer addition |
CWE‑682 | C++ | cpp/integer-multiplication-cast-to-long | Multiplication result converted to larger type |
CWE‑682 | C++ | cpp/signed-overflow-check | Signed overflow check |
CWE‑682 | C++ | cpp/overflowing-snprintf | Potentially overflowing call to snprintf |
CWE‑682 | C++ | cpp/suspicious-sizeof | Suspicious 'sizeof' use |
CWE‑682 | C++ | cpp/no-space-for-terminator | No space for zero terminator |
CWE‑682 | C++ | cpp/tainted-arithmetic | User-controlled data in arithmetic expression |
CWE‑682 | C++ | cpp/uncontrolled-arithmetic | Uncontrolled data in arithmetic expression |
CWE‑682 | C++ | cpp/arithmetic-with-extreme-values | Use of extreme values in arithmetic expression |
CWE‑682 | C++ | cpp/comparison-with-wider-type | Comparison of narrow type with wide type in loop condition |
CWE‑682 | C++ | cpp/integer-overflow-tainted | Potential integer arithmetic overflow |
CWE‑682 | C++ | cpp/uncontrolled-allocation-size | Overflow in uncontrolled allocation size |
CWE‑682 | C++ | cpp/unsigned-difference-expression-compared-zero | Unsigned difference expression compared to zero |
CWE‑682 | C++ | cpp/suspicious-pointer-scaling | Suspicious pointer scaling |
CWE‑682 | C++ | cpp/incorrect-pointer-scaling-char | Suspicious pointer scaling to char |
CWE‑682 | C++ | cpp/suspicious-pointer-scaling-void | Suspicious pointer scaling to void |
CWE‑682 | C++ | cpp/suspicious-add-sizeof | Suspicious add with sizeof |
CWE‑682 | C++ | cpp/multiplication-overflow-in-alloc | Multiplication result may overflow and be used in allocation |
CWE‑682 | C++ | cpp/dangerous-use-of-transformation-after-operation | Dangerous use of transformation after operation. |
CWE‑682 | C++ | cpp/signed-bit-field | Possible signed bit-field member |
CWE‑685 | C++ | cpp/wrong-number-format-arguments | Too few arguments to formatting function |
CWE‑685 | C++ | cpp/too-few-arguments | Call to function with fewer arguments than declared parameters |
CWE‑686 | C++ | cpp/wrong-type-format-argument | Wrong type of arguments to formatting function |
CWE‑687 | C++ | cpp/wrong-use-of-the-umask | Find the wrong use of the umask function. |
CWE‑691 | C++ | cpp/assign-where-compare-meant | Assignment where comparison was intended |
CWE‑691 | C++ | cpp/compare-where-assign-meant | Comparison where assignment was intended |
CWE‑691 | C++ | cpp/incorrect-not-operator-usage | Incorrect 'not' operator usage |
CWE‑691 | C++ | cpp/logical-operator-applied-to-flag | Short-circuiting operator applied to flag |
CWE‑691 | C++ | cpp/inconsistent-loop-direction | Inconsistent direction of for loop |
CWE‑691 | C++ | cpp/unsafe-use-of-this | Unsafe use of this in constructor |
CWE‑691 | C++ | cpp/comparison-with-wider-type | Comparison of narrow type with wide type in loop condition |
CWE‑691 | C++ | cpp/toctou-race-condition | Time-of-check time-of-use filesystem race condition |
CWE‑691 | C++ | cpp/lock-order-cycle | Cyclic lock order dependency |
CWE‑691 | C++ | cpp/twice-locked | Mutex locked twice |
CWE‑691 | C++ | cpp/unreleased-lock | Lock may not be released |
CWE‑691 | C++ | cpp/infinite-loop-with-unsatisfiable-exit-condition | Infinite loop with unsatisfiable exit condition |
CWE‑691 | C++ | cpp/linux-kernel-double-fetch-vulnerability | Linux kernel double-fetch vulnerability detection |
CWE‑691 | C++ | cpp/operator-find-incorrectly-used-switch | Incorrect switch statement |
CWE‑691 | C++ | cpp/errors-after-refactoring | Errors After Refactoring |
CWE‑691 | C++ | cpp/errors-when-using-bit-operations | Errors When Using Bit Operations |
CWE‑691 | C++ | cpp/operator-find-incorrectly-used-exceptions | Operator Find Incorrectly Used Exceptions |
CWE‑691 | C++ | cpp/operator-precedence-logic-error-when-use-bitwise-logical-operations | Operator Precedence Logic Error When Use Bitwise Or Logical Operations |
CWE‑691 | C++ | cpp/operator-precedence-logic-error-when-use-bool-type | Operator Precedence Logic Error When Use Bool Type |
CWE‑693 | C++ | cpp/boost/tls-settings-misconfiguration | Boost_asio TLS Settings Misconfiguration |
CWE‑693 | C++ | cpp/boost/use-of-deprecated-hardcoded-security-protocol | boost::asio Use of deprecated hardcoded Protocol |
CWE‑693 | C++ | cpp/count-untrusted-data-external-api | Frequency counts for external APIs that are used with untrusted data |
CWE‑693 | C++ | cpp/count-untrusted-data-external-api-ir | Frequency counts for external APIs that are used with untrusted data |
CWE‑693 | C++ | cpp/untrusted-data-to-external-api-ir | Untrusted data passed to external API |
CWE‑693 | C++ | cpp/untrusted-data-to-external-api | Untrusted data passed to external API |
CWE‑693 | C++ | cpp/uncontrolled-process-operation | Uncontrolled process operation |
CWE‑693 | C++ | cpp/unclear-array-index-validation | Unclear validation of array index |
CWE‑693 | C++ | cpp/uncontrolled-allocation-size | Overflow in uncontrolled allocation size |
CWE‑693 | C++ | cpp/user-controlled-bypass | Authentication bypass by spoofing |
CWE‑693 | C++ | cpp/certificate-result-conflation | Certificate result conflation |
CWE‑693 | C++ | cpp/certificate-not-checked | Certificate not checked |
CWE‑693 | C++ | cpp/cleartext-storage-buffer | Cleartext storage of sensitive information in buffer |
CWE‑693 | C++ | cpp/cleartext-storage-file | Cleartext storage of sensitive information in file |
CWE‑693 | C++ | cpp/cleartext-transmission | Cleartext transmission of sensitive information |
CWE‑693 | C++ | cpp/cleartext-storage-database | Cleartext storage of sensitive information in an SQLite database |
CWE‑693 | C++ | cpp/non-https-url | Failure to use HTTPS URLs |
CWE‑693 | C++ | cpp/insufficient-key-size | Use of a cryptographic algorithm with insufficient key size |
CWE‑693 | C++ | cpp/weak-cryptographic-algorithm | Use of a broken or risky cryptographic algorithm |
CWE‑693 | C++ | cpp/openssl-heartbleed | Use of a version of OpenSSL with Heartbleed |
CWE‑693 | C++ | cpp/world-writable-file-creation | File created without restricting permissions |
CWE‑693 | C++ | cpp/open-call-with-mode-argument | File opened with O_CREAT flag but without mode argument |
CWE‑693 | C++ | cpp/unsafe-dacl-security-descriptor | Setting a DACL to NULL in a SECURITY_DESCRIPTOR |
CWE‑693 | C++ | cpp/tainted-permissions-check | Untrusted input for a condition |
CWE‑693 | C++ | cpp/late-check-of-function-argument | Late Check Of Function Argument |
CWE‑693 | C++ | cpp/linux-kernel-no-check-before-unsafe-put-user | Linux kernel no check before unsafe_put_user vulnerability detection |
CWE‑693 | C++ | cpp/wrong-use-of-the-umask | Find the wrong use of the umask function. |
CWE‑693 | C++ | cpp/drop-linux-privileges-outoforder | LinuxPrivilegeDroppingOutoforder |
CWE‑693 | C++ | cpp/pam-auth-bypass | PAM Authorization bypass |
CWE‑697 | C++ | cpp/missing-case-in-switch | Missing enum case in switch |
CWE‑697 | C++ | cpp/operator-find-incorrectly-used-switch | Incorrect switch statement |
CWE‑703 | C++ | cpp/return-value-ignored | Return value of a function is ignored |
CWE‑703 | C++ | cpp/overflowing-snprintf | Potentially overflowing call to snprintf |
CWE‑703 | C++ | cpp/wrong-number-format-arguments | Too few arguments to formatting function |
CWE‑703 | C++ | cpp/inconsistent-call-on-result | Inconsistent operation on return value |
CWE‑703 | C++ | cpp/too-few-arguments | Call to function with fewer arguments than declared parameters |
CWE‑703 | C++ | cpp/ignore-return-value-sal | SAL requires inspecting return value |
CWE‑703 | C++ | cpp/hresult-boolean-conversion | Cast between HRESULT and a Boolean type |
CWE‑703 | C++ | cpp/incorrect-allocation-error-handling | Incorrect allocation-error handling |
CWE‑703 | C++ | cpp/work-with-changing-working-directories | Find work with changing working directories, with security errors. |
CWE‑703 | C++ | cpp/drop-linux-privileges-outoforder | LinuxPrivilegeDroppingOutoforder |
CWE‑703 | C++ | cpp/operator-find-incorrectly-used-exceptions | Operator Find Incorrectly Used Exceptions |
CWE‑703 | C++ | cpp/improper-check-return-value-scanf | Improper check of return value of scanf |
CWE‑704 | C++ | cpp/bad-addition-overflow-check | Bad check for overflow of integer addition |
CWE‑704 | C++ | cpp/integer-multiplication-cast-to-long | Multiplication result converted to larger type |
CWE‑704 | C++ | cpp/upcast-array-pointer-arithmetic | Upcast array used in pointer arithmetic |
CWE‑704 | C++ | cpp/comparison-with-wider-type | Comparison of narrow type with wide type in loop condition |
CWE‑704 | C++ | cpp/integer-overflow-tainted | Potential integer arithmetic overflow |
CWE‑704 | C++ | cpp/incorrect-string-type-conversion | Cast from char to wchar_t |
CWE‑705 | C++ | cpp/operator-find-incorrectly-used-exceptions | Operator Find Incorrectly Used Exceptions |
CWE‑706 | C++ | cpp/path-injection | Uncontrolled data used in path expression |
CWE‑707 | C++ | cpp/non-constant-format | Non-constant format string |
CWE‑707 | C++ | cpp/wrong-number-format-arguments | Too few arguments to formatting function |
CWE‑707 | C++ | cpp/improper-null-termination | Potential improper null termination |
CWE‑707 | C++ | cpp/too-few-arguments | Call to function with fewer arguments than declared parameters |
CWE‑707 | C++ | cpp/command-line-injection | Uncontrolled data used in OS command |
CWE‑707 | C++ | cpp/cgi-xss | CGI script vulnerable to cross-site scripting |
CWE‑707 | C++ | cpp/sql-injection | Uncontrolled data in SQL query |
CWE‑707 | C++ | cpp/tainted-format-string | Uncontrolled format string |
CWE‑707 | C++ | cpp/tainted-format-string-through-global | Uncontrolled format string (through global variable) |
CWE‑707 | C++ | cpp/user-controlled-null-termination-tainted | User-controlled data may not be null terminated |
CWE‑710 | C++ | cpp/unused-local-variable | Unused local variable |
CWE‑710 | C++ | cpp/unused-static-function | Unused static function |
CWE‑710 | C++ | cpp/unused-static-variable | Unused static variable |
CWE‑710 | C++ | cpp/dead-code-condition | Branching condition always evaluates to same value |
CWE‑710 | C++ | cpp/dead-code-function | Function is never called |
CWE‑710 | C++ | cpp/dead-code-goto | Dead code due to goto or break statement |
CWE‑710 | C++ | cpp/inconsistent-nullness-testing | Inconsistent null check of pointer |
CWE‑710 | C++ | cpp/missing-null-test | Returned pointer not checked |
CWE‑710 | C++ | cpp/unused-variable | Variable is assigned a value that is never read |
CWE‑710 | C++ | cpp/fixme-comment | FIXME comment |
CWE‑710 | C++ | cpp/todo-comment | TODO comment |
CWE‑710 | C++ | cpp/overflowing-snprintf | Potentially overflowing call to snprintf |
CWE‑710 | C++ | cpp/wrong-number-format-arguments | Too few arguments to formatting function |
CWE‑710 | C++ | cpp/wrong-type-format-argument | Wrong type of arguments to formatting function |
CWE‑710 | C++ | cpp/inconsistent-null-check | Inconsistent nullness check |
CWE‑710 | C++ | cpp/useless-expression | Expression has no effect |
CWE‑710 | C++ | cpp/pointer-overflow-check | Pointer overflow check |
CWE‑710 | C++ | cpp/bad-strncpy-size | Possibly wrong buffer size in string copy |
CWE‑710 | C++ | cpp/suspicious-call-to-memset | Suspicious call to memset |
CWE‑710 | C++ | cpp/unsafe-strncat | Potentially unsafe call to strncat |
CWE‑710 | C++ | cpp/unsafe-strcat | Potentially unsafe use of strcat |
CWE‑710 | C++ | cpp/redundant-null-check-simple | Redundant null check due to previous dereference |
CWE‑710 | C++ | cpp/too-few-arguments | Call to function with fewer arguments than declared parameters |
CWE‑710 | C++ | cpp/ignore-return-value-sal | SAL requires inspecting return value |
CWE‑710 | C++ | cpp/memset-may-be-deleted | Call to memset may be deleted |
CWE‑710 | C++ | cpp/hresult-boolean-conversion | Cast between HRESULT and a Boolean type |
CWE‑710 | C++ | cpp/incorrect-allocation-error-handling | Incorrect allocation-error handling |
CWE‑710 | C++ | cpp/dangerous-function-overflow | Use of dangerous function |
CWE‑710 | C++ | cpp/dangerous-cin | Dangerous use of 'cin' |
CWE‑710 | C++ | cpp/potentially-dangerous-function | Use of potentially dangerous function |
CWE‑710 | C++ | cpp/lock-order-cycle | Cyclic lock order dependency |
CWE‑710 | C++ | cpp/twice-locked | Mutex locked twice |
CWE‑710 | C++ | cpp/unreleased-lock | Lock may not be released |
CWE‑710 | C++ | cpp/redundant-null-check-param | Redundant null check or missing null check of parameter |
CWE‑710 | C++ | cpp/work-with-changing-working-directories | Find work with changing working directories, with security errors. |
CWE‑710 | C++ | cpp/wrong-use-of-the-umask | Find the wrong use of the umask function. |
CWE‑710 | C++ | cpp/double-free | Errors When Double Free |
CWE‑710 | C++ | cpp/dangerous-use-of-exception-blocks | Dangerous use of exception blocks. |
CWE‑710 | C++ | cpp/operator-find-incorrectly-used-switch | Incorrect switch statement |
CWE‑710 | C++ | cpp/double-release | Errors When Double Release |
CWE‑710 | C++ | cpp/errors-of-undefined-program-behavior | Errors Of Undefined Program Behavior |
CWE‑732 | C++ | cpp/world-writable-file-creation | File created without restricting permissions |
CWE‑732 | C++ | cpp/open-call-with-mode-argument | File opened with O_CREAT flag but without mode argument |
CWE‑732 | C++ | cpp/unsafe-dacl-security-descriptor | Setting a DACL to NULL in a SECURITY_DESCRIPTOR |
CWE‑733 | C++ | cpp/memset-may-be-deleted | Call to memset may be deleted |
CWE‑754 | C++ | cpp/return-value-ignored | Return value of a function is ignored |
CWE‑754 | C++ | cpp/overflowing-snprintf | Potentially overflowing call to snprintf |
CWE‑754 | C++ | cpp/inconsistent-call-on-result | Inconsistent operation on return value |
CWE‑754 | C++ | cpp/ignore-return-value-sal | SAL requires inspecting return value |
CWE‑754 | C++ | cpp/hresult-boolean-conversion | Cast between HRESULT and a Boolean type |
CWE‑754 | C++ | cpp/incorrect-allocation-error-handling | Incorrect allocation-error handling |
CWE‑754 | C++ | cpp/work-with-changing-working-directories | Find work with changing working directories, with security errors. |
CWE‑754 | C++ | cpp/drop-linux-privileges-outoforder | LinuxPrivilegeDroppingOutoforder |
CWE‑754 | C++ | cpp/improper-check-return-value-scanf | Improper check of return value of scanf |
CWE‑755 | C++ | cpp/incorrect-allocation-error-handling | Incorrect allocation-error handling |
CWE‑755 | C++ | cpp/operator-find-incorrectly-used-exceptions | Operator Find Incorrectly Used Exceptions |
CWE‑758 | C++ | cpp/pointer-overflow-check | Pointer overflow check |
CWE‑758 | C++ | cpp/memset-may-be-deleted | Call to memset may be deleted |
CWE‑758 | C++ | cpp/errors-of-undefined-program-behavior | Errors Of Undefined Program Behavior |
CWE‑764 | C++ | cpp/lock-order-cycle | Cyclic lock order dependency |
CWE‑764 | C++ | cpp/twice-locked | Mutex locked twice |
CWE‑764 | C++ | cpp/unreleased-lock | Lock may not be released |
CWE‑770 | C++ | cpp/alloca-in-loop | Call to alloca in a loop |
CWE‑770 | C++ | cpp/uncontrolled-allocation-size | Overflow in uncontrolled allocation size |
CWE‑772 | C++ | cpp/catch-missing-free | Leaky catch |
CWE‑772 | C++ | cpp/descriptor-may-not-be-closed | Open descriptor may not be closed |
CWE‑772 | C++ | cpp/descriptor-never-closed | Open descriptor never closed |
CWE‑772 | C++ | cpp/file-may-not-be-closed | Open file may not be closed |
CWE‑772 | C++ | cpp/file-never-closed | Open file is not closed |
CWE‑772 | C++ | cpp/memory-may-not-be-freed | Memory may not be freed |
CWE‑772 | C++ | cpp/memory-never-freed | Memory is never freed |
CWE‑772 | C++ | cpp/new-free-mismatch | Mismatching new/free or malloc/delete |
CWE‑772 | C++ | cpp/memory-leak-on-failed-call-to-realloc | Memory leak on failed call to realloc |
CWE‑775 | C++ | cpp/descriptor-may-not-be-closed | Open descriptor may not be closed |
CWE‑775 | C++ | cpp/descriptor-never-closed | Open descriptor never closed |
CWE‑775 | C++ | cpp/file-may-not-be-closed | Open file may not be closed |
CWE‑775 | C++ | cpp/file-never-closed | Open file is not closed |
CWE‑783 | C++ | cpp/operator-precedence-logic-error-when-use-bitwise-logical-operations | Operator Precedence Logic Error When Use Bitwise Or Logical Operations |
CWE‑783 | C++ | cpp/operator-precedence-logic-error-when-use-bool-type | Operator Precedence Logic Error When Use Bool Type |
CWE‑787 | C++ | cpp/allocation-too-small | Not enough memory allocated for pointer type |
CWE‑787 | C++ | cpp/suspicious-allocation-size | Not enough memory allocated for array of pointer type |
CWE‑787 | C++ | cpp/overflow-buffer | Call to memory access function may overflow buffer |
CWE‑787 | C++ | cpp/badly-bounded-write | Badly bounded write |
CWE‑787 | C++ | cpp/overrunning-write | Potentially overrunning write |
CWE‑787 | C++ | cpp/overrunning-write-with-float | Potentially overrunning write with float to string conversion |
CWE‑787 | C++ | cpp/unbounded-write | Unbounded write |
CWE‑787 | C++ | cpp/very-likely-overrunning-write | Likely overrunning write |
CWE‑787 | C++ | cpp/unterminated-variadic-call | Unterminated variadic call |
CWE‑787 | C++ | cpp/no-space-for-terminator | No space for zero terminator |
CWE‑787 | C++ | cpp/sign-conversion-pointer-arithmetic | unsigned to signed used in pointer arithmetic |
CWE‑788 | C++ | cpp/allocation-too-small | Not enough memory allocated for pointer type |
CWE‑788 | C++ | cpp/suspicious-allocation-size | Not enough memory allocated for array of pointer type |
CWE‑788 | C++ | cpp/unsafe-strncat | Potentially unsafe call to strncat |
CWE‑788 | C++ | cpp/overflow-buffer | Call to memory access function may overflow buffer |
CWE‑788 | C++ | cpp/unterminated-variadic-call | Unterminated variadic call |
CWE‑788 | C++ | cpp/no-space-for-terminator | No space for zero terminator |
CWE‑788 | C++ | cpp/openssl-heartbleed | Use of a version of OpenSSL with Heartbleed |
CWE‑788 | C++ | cpp/access-memory-location-after-end-buffer-strlen | Access Of Memory Location After End Of Buffer |
CWE‑789 | C++ | cpp/uncontrolled-allocation-size | Overflow in uncontrolled allocation size |
CWE‑805 | C++ | cpp/badly-bounded-write | Badly bounded write |
CWE‑805 | C++ | cpp/overrunning-write | Potentially overrunning write |
CWE‑805 | C++ | cpp/overrunning-write-with-float | Potentially overrunning write with float to string conversion |
CWE‑805 | C++ | cpp/unbounded-write | Unbounded write |
CWE‑805 | C++ | cpp/very-likely-overrunning-write | Likely overrunning write |
CWE‑807 | C++ | cpp/tainted-permissions-check | Untrusted input for a condition |
CWE‑823 | C++ | cpp/late-negative-test | Pointer offset used before it is checked |
CWE‑823 | C++ | cpp/missing-negativity-test | Unchecked return value used as offset |
CWE‑825 | C++ | cpp/use-after-free | Potential use after free |
CWE‑825 | C++ | cpp/return-stack-allocated-memory | Returning stack-allocated memory |
CWE‑825 | C++ | cpp/using-expired-stack-address | Use of expired stack-address |
CWE‑825 | C++ | cpp/double-free | Errors When Double Free |
CWE‑825 | C++ | cpp/dangerous-use-of-exception-blocks | Dangerous use of exception blocks. |
CWE‑826 | C++ | cpp/self-assignment-check | Self assignment check |
CWE‑833 | C++ | cpp/lock-order-cycle | Cyclic lock order dependency |
CWE‑833 | C++ | cpp/twice-locked | Mutex locked twice |
CWE‑833 | C++ | cpp/unreleased-lock | Lock may not be released |
CWE‑834 | C++ | cpp/inconsistent-loop-direction | Inconsistent direction of for loop |
CWE‑834 | C++ | cpp/comparison-with-wider-type | Comparison of narrow type with wide type in loop condition |
CWE‑834 | C++ | cpp/infinite-loop-with-unsatisfiable-exit-condition | Infinite loop with unsatisfiable exit condition |
CWE‑835 | C++ | cpp/inconsistent-loop-direction | Inconsistent direction of for loop |
CWE‑835 | C++ | cpp/comparison-with-wider-type | Comparison of narrow type with wide type in loop condition |
CWE‑835 | C++ | cpp/infinite-loop-with-unsatisfiable-exit-condition | Infinite loop with unsatisfiable exit condition |
CWE‑843 | C++ | cpp/upcast-array-pointer-arithmetic | Upcast array used in pointer arithmetic |
CWE‑908 | C++ | cpp/improper-check-return-value-scanf | Improper check of return value of scanf |
CWE‑909 | C++ | cpp/initialization-not-run | Initialization code not run |
CWE‑922 | C++ | cpp/cleartext-storage-buffer | Cleartext storage of sensitive information in buffer |
CWE‑922 | C++ | cpp/cleartext-storage-file | Cleartext storage of sensitive information in file |
CWE‑922 | C++ | cpp/cleartext-storage-database | Cleartext storage of sensitive information in an SQLite database |
CWE‑943 | C++ | cpp/sql-injection | Uncontrolled data in SQL query |
CWE‑1041 | C++ | cpp/call-to-function-without-wrapper | Missed opportunity to call wrapper function |
CWE‑1126 | C++ | cpp/errors-when-using-variable-declaration-inside-loop | Errors When Using Variable Declaration Inside Loop |