« IntelDataset:test » : différence entre les versions
Contenu remplacé par « ./modules/generators/mod_cgid.c:659: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead.<nowiki><br /></nowiki> ./modules/md/mod_md_os.c:43: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead.<nowiki><br /></nowiki> ./os/unix/unixd.c:265: [5] (race) chown: This accep... » Balises : Contenu remplacé Éditeur visuel |
Aucun résumé des modifications |
||
(6 versions intermédiaires par le même utilisateur non affichées) | |||
Ligne 1 : | Ligne 1 : | ||
./test/test_find.c:67: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.<nowiki></nowiki><br /> | |||
./test/test_find.c:71: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.<nowiki></nowiki><br /> | |||
./test/test_parser.c:67: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.<nowiki></nowiki><br /> | |||
./include/http_log.h:375: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki></nowiki><br /> | |||
./include/http_log.h:417: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki></nowiki><br /> | |||
./include/http_log.h:503: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki></nowiki><br /> | |||
./include/http_log.h:552: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki></nowiki><br /> | |||
./include/http_protocol.h:527: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki></nowiki><br /> | |||
./include/util_filter.h:336: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki></nowiki><br /> | |||
./include/util_filter.h:603: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki></nowiki><br /> | |||
./modules/aaa/mod_authn_socache.c:276: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki></nowiki><br /> | |||
./modules/arch/netware/mod_nw_ssl.c:555: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki></nowiki><br /> | |||
./test/test_find.c:67: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.<nowiki>< | ./modules/arch/netware/mod_nw_ssl.c:605: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki></nowiki> | ||
./test/test_find.c:71: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.<nowiki>< | |||
./test/test_parser.c:67: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.<nowiki>< | |||
./include/http_log.h:375: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki>< | |||
./include/http_log.h:417: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki | |||
./include/http_log.h:503: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki>< | |||
./include/http_log.h:552: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki>< | |||
./include/http_protocol.h:527: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki>< | |||
./include/util_filter.h:336: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki>< | |||
./include/util_filter.h:603: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki>< | |||
./modules/aaa/mod_authn_socache.c:276: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki>< | |||
./modules/arch/netware/mod_nw_ssl.c:555: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki>< | |||
./modules/arch/netware/mod_nw_ssl.c:605: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki |
Dernière version du 10 septembre 2024 à 19:08
./test/test_find.c:67: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
./test/test_find.c:71: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
./test/test_parser.c:67: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
./include/http_log.h:375: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/http_log.h:417: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/http_log.h:503: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/http_log.h:552: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/http_protocol.h:527: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/util_filter.h:336: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/util_filter.h:603: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./modules/aaa/mod_authn_socache.c:276: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).
./modules/arch/netware/mod_nw_ssl.c:555: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).
./modules/arch/netware/mod_nw_ssl.c:605: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).