Command injection problems are a subset of injection problem, in which the process is tricked into calling external processes of the attackers choice through the injection of control-plane data into the data plane. (from TCCLASP-5_2_25_10)

Format string problems occur when a user has the ability to control or write completely the format string used to format data in the printf style family of C/ C++ functions. (from TCCLASP-5_2_23_10)

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as the POSIX malloc() call. (from TCCLASP-5_2_4_10)

Using the value of an unitialized variable is not safe. (from TCCLASP-5_6_4_10)

The use of a hard-coded password increases the possibility of password guessing tremendously. (from TCCLASP-5_5_9_10-C)

If a functions return value is not checked, it could have failed without any warning. (from TCCLASP-5_6_1_9)

If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well. (from TCCLASP-5_6_2_10)

Tempfile creation should be done in a safe way. To be safe, the temp file function should open up the temp file with appropriate access control. The temp file function should also retain this quality, while being resistant to race conditions. (from TCCLASP-5_6_20_10)

Not using a a random initialization vector with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks. (from TCCLASP-5_5_22_10-C)

State synchronization refers to a set of flaws involving contradictory states of execution in a process which result in undefined behavior. (from TCCLASP-5_4_1_10-C)

If a function"s return value is not properly checked, the function could have failed without proper acknowledgement. (from TCCLASP-5_6_3_10)

Sometimes an error is detected, and bad or no action is taken. (from TCCLASP-5_6_19_10)

Nonces should be used for the present occasion and only once. (from TCCLASP-5_5_20_10-C)

The use of a hard-coded cryptographic key tremendously increases the possibility that encrypted data may be recovered (from TCCLASP-5_5_10_10-C)

Assumptions about protocol data or data stored in memory can be invalid, resulting in using data in ways that were unintended. (from TCCLASP-5_3_1_10)

An unsigned-to-signed conversion error takes place when a large unsignedprimitive is used as an signed value - usually as a size variable. (from TCCLASP-5_2_12_10)[br][br]Duplicate code of Test Case 19

If one extends a signed number incorrectly, if negative numbers are used, an incorrect extension may result. (from TCCLASP-5_2_10_10)