Java fixes
002 – Asymmetric denial of service003 – Symmetric denial of service004 – Remote command execution005 – Privilege escalation006 – Authentication mechanism absence or evasion007 – Cross-site request forgery008 – Reflected cross-site scripting (XSS)009 – Sensitive information in source code010 – Stored cross-site scripting (XSS)011 – Use of software with known vulnerabilities013 – Insecure object reference014 – Insecure functionality015 – Insecure authentication method - Basic016 – Insecure encryption algorithm - SSL/TLS017 – Sensitive information sent insecurely019 – Administrative credentials stored in cache memory020 – Non-encrypted confidential information021 – XPath injection022 – Use of an insecure channel023 – Uncontrolled external site redirect - Host Header Injection026 – User enumeration027 – Insecure file upload028 – Insecure temporary files029 – Inadequate file size control030 – Sensitive information sent via URL parameters033 – Password change without identity check034 – Insecure generation of random numbers035 – Weak credential policy037 – Technical information leak038 – Business information leak039 – Improper authorization control for web services041 – Enabled default credentials042 – Insecurely generated cookies043 – Insecure or unset HTTP headers - Content-Security-Policy044 – Insecure HTTP methods enabled047 – Automatic information enumeration050 – Guessed weak credentials051 – Cracked weak credentials052 – Insecure encryption algorithm053 – Lack of protection against brute force attacks056 – Anonymous connection057 – Asymmetric denial of service - Content length059 – Sensitive information stored in logs061 – Remote File Inclusion062 – Concurrent sessions063 – Lack of data validation - Path Traversal064 – Traceability loss - Server's clock066 – Technical information leak - Console functions067 – Improper resource allocation068 – Insecure session expiration time069 – Weak CAPTCHA071 – Insecure or unset HTTP headers - Referrer-Policy073 – Improper authorization control for web services - RDS076 – Insecure session management078 – Insecurely generated token079 – Non-upgradable dependencies080 – Business information leak - Customers or providers081 – Lack of multi-factor authentication082 – Insecurely deleted files083 – XML injection (XXE)087 – Account lockout088 – Privacy violation089 – Lack of data validation - Trust boundary violation090 – CSV injection091 – Log injection092 – Insecure encryption algorithm - Anonymous cipher suites093 – Hidden fields manipulation094 – Insecure encryption algorithm - Cipher Block Chaining095 – Data uniqueness not properly verified096 – Insecure deserialization098 – External control of file name or path100 – Server-side request forgery (SSRF)101 – Lack of protection against deletion102 – Email uniqueness not properly verified106 – NoSQL injection107 – LDAP injection108 – Improper control of interaction frequency110 – HTTP request smuggling111 – Out-of-bounds read113 – Improper type assignation114 – Phishing115 – Security controls bypass or absence117 – Unverifiable files118 – Regulation infringement119 – Metadata with sensitive information120 – Improper dependency pinning121 – HTTP parameter pollution122 – Email flooding123 – Local file inclusion124 – Race condition125 – Directory listing126 – Lack of isolation methods127 – Lack of data validation - Type confusion128 – Insecurely generated cookies - HttpOnly129 – Insecurely generated cookies - SameSite130 – Insecurely generated cookies - Secure131 – Insecure or unset HTTP headers - Strict Transport Security132 – Insecure or unset HTTP headers - X-Content-Type-Options133 – Insecure encryption algorithm - Perfect Forward Secrecy134 – Insecure or unset HTTP headers - CORS135 – Insecure or unset HTTP headers - X-XSS Protection136 – Insecure or unset HTTP headers - Cache Control137 – Insecure or unset HTTP headers - X-Permitted-Cross-Domain-Policies138 – Inappropriate coding practices140 – Insecure exceptions - Empty or no catch141 – Lack of data validation - URL142 – Sensitive information in source code - API Key143 – Inappropriate coding practices - Eval function145 – Inappropriate coding practices - Cyclomatic complexity146 – SQL injection147 – Insecure encryption algorithm - SSLContext148 – Use of an insecure channel - FTP149 – Use of an insecure channel - SMTP151 – Use of an insecure channel - Telnet152 – Insecure or unset HTTP headers - X-Frame Options153 – Insecure or unset HTTP headers - Accept154 – Time-based SQL Injection155 – SQL Injection - Headers156 – Uncontrolled external site redirect157 – Unrestricted access between network segments159 – Excessive privileges160 – Excessive privileges - Temporary Files182 – Email spoofing183 – Debugging enabled in production184 – Lack of data validation185 – Lack of data validation - Header x-amzn-RequestId186 – Lack of data validation - Web Service187 – Lack of data validation - Source Code189 – Lack of data validation - Content Spoofing190 – Lack of data validation - Session Cookie191 – Lack of data validation - Responses192 – Lack of data validation - Reflected Parameters193 – Lack of data validation - Host Header Injection194 – Lack of data validation - Input Length195 – Lack of data validation - Headers196 – Lack of data validation - Dates197 – Lack of data validation - Numbers198 – Lack of data validation - Out of range199 – Lack of data validation - Emails200 – Traceability loss201 – Unauthorized access to files203 – Unauthorized access to files - S3 Bucket204 – Insufficient data authenticity validation208 – Security controls bypass or absence - Antivirus210 – Security controls bypass or absence - Facial Recognition211 – Asymmetric denial of service - ReDoS212 – Security controls bypass or absence - Cloudflare213 – Business information leak - JWT214 – Business information leak - Credentials216 – Business information leak - Source Code217 – Business information leak - Credit Cards218 – Business information leak - Network Unit220 – Business information leak - Token221 – Business information leak - Users222 – Business information leak - DB226 – Business information leak - Personal Information228 – Business information leak - Analytics231 – Message flooding233 – Incomplete functional code234 – Technical information leak - Stacktrace235 – Technical information leak - Headers236 – Technical information leak - SourceMap237 – Technical information leak - Print Functions238 – Technical information leak - API239 – Technical information leak - Errors240 – Authentication mechanism absence or evasion - OTP243 – Authentication mechanism absence or evasion - Admin Console245 – Non-encrypted confidential information - Credit Cards246 – Non-encrypted confidential information - DB248 – Non-encrypted confidential information - LDAP249 – Non-encrypted confidential information - Credentials250 – Non-encrypted hard drives252 – Automatic information enumeration - Open ports254 – Automatic information enumeration - Credit Cards255 – Insecure functionality - Pass the hash261 – Insecure encryption algorithm - DSA262 – Insecure encryption algorithm - SHA1263 – Insecure encryption algorithm - MD5264 – Insecure encryption algorithm - TripleDES265 – Insecure encryption algorithm - AES269 – Insecure encryption algorithm - Blowfish270 – Insecure functionality - File Creation271 – Insecure functionality - Password management272 – Insecure functionality - Masking273 – Insecure functionality - Fingerprint274 – Restricted fields manipulation276 – Sensitive information sent via URL parameters - Session277 – Weak credential policy - Password Expiration280 – Session Fixation282 – Insecure encryption algorithm - ECB283 – Automatic information enumeration - Personal Information284 – Non-encrypted confidential information - Base 64286 – Insecure object reference - Personal information287 – Insecure object reference - Corporate information288 – Insecure object reference - Financial information289 – Technical information leak - Logs290 – Technical information leak - IPs291 – Business information leak - Financial Information295 – Insecure session management - Change Password296 – Weak credential policy - Password Change Limit297 – SQL injection - Code298 – Authentication mechanism absence or evasion - Redirect301 – Concurrent sessions control bypass302 – Insecure functionality - Session management305 – Security controls bypass or absence - Data creation306 – Insecure object reference - Files307 – Insecure object reference - Data308 – Enabled default configuration309 – Insecurely generated token - JWT317 – Improper resource allocation - Memory leak318 – Insecurely generated token - Validation321 – Lack of data validation - HTML code322 – Insecurely generated token - Lifespan324 – Insecure functionality - User management328 – Insecure object reference - Session management329 – Insecure or unset HTTP headers - Content-Type330 – Lack of protection against brute force attacks - Credentials332 – Use of insecure channel - Source code336 – Business information leak - Corporate information337 – Insecure session management - CSRF Fixation340 – Lack of data validation - Special Characters341 – Lack of data validation - OTP344 – Lack of data validation - Non Sanitized Variables345 – Security controls bypass or absence - Session Invalidation349 – Technical information leak - Credentials353 – Lack of data validation - Token354 – Insecure file upload - Files Limit355 – Insufficient data authenticity validation - Checksum verification359 – Sensitive information in source code - Credentials362 – Technical information leak - Content response363 – Weak credential policy - Password strength364 – Weak credential policy - Temporary passwords365 – Authentication mechanism absence or evasion - Response tampering369 – Insecure object reference - User deletion371 – DOM-Based cross-site scripting (XSS)372 – Use of an insecure channel - HTTP375 – Security controls bypass or absence - Tampering Protection378 – Non-encrypted confidential information - Hexadecimal383 – Insecurely generated token - OTP384 – Inappropriate coding practices - Wildcard export388 – Insecure authentication method - NTLM391 – Inappropriate coding practices - Unused properties393 – Use of software with known vulnerabilities in development395 – Insecure generation of random numbers - Static IV397 – Insecure authentication method - LDAP404 – OS Command Injection405 – Excessive privileges - Access Mode411 – Insecure encryption algorithm - Default encryption417 – Account Takeover420 – Password reset poisoning421 – Insecure encryption algorithm - Insecure Elliptic Curve422 – Server side template injection425 – Server side cross-site scripting428 – Inappropriate coding practices - invalid file432 – Inappropriate coding practices - relative path command435 – Use of software with known vulnerabilities in environments436 – Security controls bypass or absence - Fingerprint