| CWE |
Entity Type | C/C++ Warning Classes |
| CWE:14 Compiler Removal of Code to Clear Buffers |
Weakness | |
| CWE:15 External Control of System or Configuration Setting |
Weakness | |
| CWE:20 Improper Input Validation |
Weakness | |
| CWE:22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Weakness | |
| CWE:73 External Control of File Name or Path |
Weakness | |
| CWE:78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Weakness | |
| CWE:88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
Weakness | |
| CWE:89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
Weakness | |
| CWE:90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
Weakness | |
| CWE:99 Improper Control of Resource Identifiers ('Resource Injection') |
Weakness | |
| CWE:114 Process Control |
Weakness | |
| CWE:119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
Weakness | |
| CWE:120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
Weakness | |
| CWE:128 Wrap-around Error |
Weakness | |
| CWE:131 Incorrect Calculation of Buffer Size |
Weakness | |
| CWE:134 Use of Externally-Controlled Format String |
Weakness | |
| CWE:170 Improper Null Termination |
Weakness | |
| CWE:190 Integer Overflow or Wraparound |
Weakness | |
| CWE:191 Integer Underflow (Wrap or Wraparound) |
Weakness | |
| CWE:192 Integer Coercion Error |
Weakness | |
| CWE:197 Numeric Truncation Error |
Weakness | |
| CWE:200 Exposure of Sensitive Information to an Unauthorized Actor |
Weakness | |
| CWE:242 Use of Inherently Dangerous Function |
Weakness | |
| CWE:243 Creation of chroot Jail Without Changing Working Directory |
Weakness | |
| CWE:252 Unchecked Return Value |
Weakness | |
| CWE:256 Plaintext Storage of a Password |
Weakness | |
| CWE:259 Use of Hard-coded Password |
Weakness | |
| CWE:269 Improper Privilege Management |
Weakness | |
| CWE:281 Improper Preservation of Permissions |
Weakness | |
| CWE:284 Improper Access Control |
Weakness | |
| CWE:311 Missing Encryption of Sensitive Data |
Weakness | |
| CWE:313 Cleartext Storage in a File or on Disk |
Weakness | |
| CWE:316 Cleartext Storage of Sensitive Information in Memory |
Weakness | |
| CWE:318 Cleartext Storage of Sensitive Information in Executable |
Weakness | |
| CWE:319 Cleartext Transmission of Sensitive Information |
Weakness | |
| CWE:321 Use of Hard-coded Cryptographic Key |
Weakness | |
| CWE:325 Missing Cryptographic Step |
Weakness | |
| CWE:326 Inadequate Encryption Strength |
Weakness | |
| CWE:327 Use of a Broken or Risky Cryptographic Algorithm |
Weakness | |
| CWE:328 Use of Weak Hash |
Weakness | |
| CWE:330 Use of Insufficiently Random Values |
Weakness | |
| CWE:331 Insufficient Entropy |
Weakness | |
| CWE:332 Insufficient Entropy in PRNG |
Weakness | |
| CWE:334 Small Space of Random Values |
Weakness | |
| CWE:336 Same Seed in Pseudo-Random Number Generator (PRNG) |
Weakness | |
| CWE:337 Predictable Seed in Pseudo-Random Number Generator (PRNG) |
Weakness | |
| CWE:338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
Weakness | |
| CWE:362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
Weakness | |
| CWE:364 Signal Handler Race Condition |
Weakness | |
| CWE:366 Race Condition within a Thread |
Weakness | |
| CWE:367 Time-of-check Time-of-use (TOCTOU) Race Condition |
Weakness | |
| CWE:369 Divide By Zero |
Weakness | |
| CWE:377 Insecure Temporary File |
Weakness | |
| CWE:390 Detection of Error Condition Without Action |
Weakness | |
| CWE:391 Unchecked Error Condition |
Weakness | |
| CWE:394 Unexpected Status Code or Return Value |
Weakness | |
| CWE:396 Declaration of Catch for Generic Exception |
Weakness | |
| CWE:397 Declaration of Throws for Generic Exception |
Weakness | |
| CWE:400 Uncontrolled Resource Consumption |
Weakness | |
| CWE:401 Missing Release of Memory after Effective Lifetime |
Weakness | |
| CWE:410 Insufficient Resource Pool |
Weakness | |
| CWE:413 Improper Resource Locking |
Weakness | |
| CWE:415 Double Free |
Weakness | |
| CWE:416 Use After Free |
Weakness | |
| CWE:427 Uncontrolled Search Path Element |
Weakness | |
| CWE:457 Use of Uninitialized Variable |
Weakness | |
| CWE:459 Incomplete Cleanup |
Weakness | |
| CWE:465 Pointer Issues |
Category | |
| CWE:467 Use of sizeof() on a Pointer Type |
Weakness | |
| CWE:469 Use of Pointer Subtraction to Determine Size |
Weakness | |
| CWE:474 Use of Function with Inconsistent Implementations |
Weakness | |
| CWE:475 Undefined Behavior for Input to API |
Weakness | |
| CWE:476 NULL Pointer Dereference |
Weakness | |
| CWE:477 Use of Obsolete Function |
Weakness | |
| CWE:478 Missing Default Case in Multiple Condition Expression |
Weakness | |
| CWE:481 Assigning instead of Comparing |
Weakness | |
| CWE:482 Comparing instead of Assigning |
Weakness | |
| CWE:484 Omitted Break Statement in Switch |
Weakness | |
| CWE:489 Active Debug Code |
Weakness | |
| CWE:506 Embedded Malicious Code |
Weakness | |
| CWE:511 Logic/Time Bomb |
Weakness | |
| CWE:540 Inclusion of Sensitive Information in Source Code |
Weakness | |
| CWE:546 Suspicious Comment |
Weakness | |
| CWE:547 Use of Hard-coded, Security-relevant Constants |
Weakness | |
| CWE:558 Use of getlogin() in Multithreaded Application |
Weakness | |
| CWE:561 Dead Code |
Weakness | |
| CWE:562 Return of Stack Variable Address |
Weakness | |
| CWE:563 Assignment to Variable without Use |
Weakness | |
| CWE:567 Unsynchronized Access to Shared Data in a Multithreaded Context |
Weakness | |
| CWE:570 Expression is Always False |
Weakness | |
| CWE:571 Expression is Always True |
Weakness | |
| CWE:573 Improper Following of Specification by Caller |
Weakness | |
| CWE:587 Assignment of a Fixed Address to a Pointer |
Weakness | |
| CWE:589 Call to Non-ubiquitous API |
Weakness | |
| CWE:590 Free of Memory not on the Heap |
Weakness | |
| CWE:605 Multiple Binds to the Same Port |
Weakness | |
| CWE:610 Externally Controlled Reference to a Resource in Another Sphere |
Weakness | |
| CWE:615 Inclusion of Sensitive Information in Source Code Comments |
Weakness | |
| CWE:628 Function Call with Incorrectly Specified Arguments |
Weakness | |
| CWE:641 Improper Restriction of Names for Files and Other Resources |
Weakness | |
| CWE:657 Violation of Secure Design Principles |
Weakness | |
| CWE:662 Improper Synchronization |
Weakness | |
| CWE:664 Improper Control of a Resource Through its Lifetime |
Weakness | |
| CWE:665 Improper Initialization |
Weakness | |
| CWE:666 Operation on Resource in Wrong Phase of Lifetime |
Weakness | |
| CWE:667 Improper Locking |
Weakness | |
| CWE:672 Operation on a Resource after Expiration or Release |
Weakness | |
| CWE:674 Uncontrolled Recursion |
Weakness | |
| CWE:675 Multiple Operations on Resource in Single-Operation Context |
Weakness | |
| CWE:676 Use of Potentially Dangerous Function |
Weakness | |
| CWE:680 Integer Overflow to Buffer Overflow |
Weakness | |
| CWE:681 Incorrect Conversion between Numeric Types |
Weakness | |
| CWE:682 Incorrect Calculation |
Weakness | |
| CWE:686 Function Call With Incorrect Argument Type |
Weakness | |
| CWE:687 Function Call With Incorrectly Specified Argument Value |
Weakness | |
| CWE:688 Function Call With Incorrect Variable or Reference as Argument |
Weakness | |
| CWE:690 Unchecked Return Value to NULL Pointer Dereference |
Weakness | |
| CWE:691 Insufficient Control Flow Management |
Weakness | |
| CWE:696 Incorrect Behavior Order |
Weakness | |
| CWE:703 Improper Check or Handling of Exceptional Conditions |
Weakness | |
| CWE:704 Incorrect Type Conversion or Cast |
Weakness | |
| CWE:710 Improper Adherence to Coding Standards |
Weakness | |
| CWE:758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior |
Weakness | |
| CWE:760 Use of a One-Way Hash with a Predictable Salt |
Weakness | |
| CWE:761 Free of Pointer not at Start of Buffer |
Weakness | |
| CWE:762 Mismatched Memory Management Routines |
Weakness | |
| CWE:763 Release of Invalid Pointer or Reference |
Weakness | |
| CWE:764 Multiple Locks of a Critical Resource |
Weakness | |
| CWE:765 Multiple Unlocks of a Critical Resource |
Weakness | |
| CWE:771 Missing Reference to Active Allocated Resource |
Weakness | |
| CWE:772 Missing Release of Resource after Effective Lifetime |
Weakness | |
| CWE:773 Missing Reference to Active File Descriptor or Handle |
Weakness | |
| CWE:775 Missing Release of File Descriptor or Handle after Effective Lifetime |
Weakness | |
| CWE:780 Use of RSA Algorithm without OAEP |
Weakness | |
| CWE:783 Operator Precedence Logic Error |
Weakness | |
| CWE:785 Use of Path Manipulation Function without Maximum-sized Buffer |
Weakness | |
| CWE:786 Access of Memory Location Before Start of Buffer |
Weakness | |
| CWE:788 Access of Memory Location After End of Buffer |
Weakness | |
| CWE:789 Memory Allocation with Excessive Size Value |
Weakness | |
| CWE:798 Use of Hard-coded Credentials |
Weakness | |
| CWE:821 Incorrect Synchronization |
Weakness | |
| CWE:822 Untrusted Pointer Dereference |
Weakness | |
| CWE:823 Use of Out-of-range Pointer Offset |
Weakness | |
| CWE:832 Unlock of a Resource that is not Locked |
Weakness | |
| CWE:833 Deadlock |
Weakness | |
| CWE:835 Loop with Unreachable Exit Condition ('Infinite Loop') |
Weakness | |
| CWE:843 Access of Resource Using Incompatible Type ('Type Confusion') |
Weakness | |
| CWE:863 Incorrect Authorization |
Weakness | |
| CWE:908 Use of Uninitialized Resource |
Weakness | |
| CWE:910 Use of Expired File Descriptor |
Weakness | |
| CWE:1007 Insufficient Visual Distinction of Homoglyphs Presented to User |
Weakness | |
| CWE:1025 Comparison Using Wrong Factors |
Weakness | |
| CWE:1037 Processor Optimization Removal or Modification of Security-critical Code |
Weakness | |
| CWE:1041 Use of Redundant Code |
Weakness | |
| CWE:1055 Multiple Inheritance from Concrete Classes |
Weakness | |
| CWE:1056 Invokable Control Element with Variadic Parameters |
Weakness | |
| CWE:1064 Invokable Control Element with Signature Containing an Excessive Number of Parameters |
Weakness | |
| CWE:1076 Insufficient Adherence to Expected Conventions |
Weakness | |
| CWE:1077 Floating Point Comparison with Incorrect Operator |
Weakness | |
| CWE:1078 Inappropriate Source Code Style or Formatting |
Weakness | |
| CWE:1079 Parent Class without Virtual Destructor Method |
Weakness | |
| CWE:1080 Source Code File with Excessive Number of Lines of Code |
Weakness | |
| CWE:1085 Invokable Control Element with Excessive Volume of Commented-out Code |
Weakness | |
| CWE:1087 Class with Virtual Method without a Virtual Destructor |
Weakness | |
| CWE:1091 Use of Object without Invoking Destructor Method |
Weakness | |
| CWE:1106 Insufficient Use of Symbolic Constants |
Weakness | |
| CWE:1120 Excessive Code Complexity |
Weakness | |
| CWE:1121 Excessive McCabe Cyclomatic Complexity |
Weakness | |
| CWE:1126 Declaration of Variable with Unnecessarily Wide Scope |
Weakness | |
| CWE:1127 Compilation with Insufficient Warnings or Errors |
Weakness | |
| CWE:1164 Irrelevant Code |
Weakness | |
| CWE:1295 Debug Messages Revealing Unnecessary Information |
Weakness | |
| CWE:1335 Incorrect Bitwise Shift of Integer |
Weakness | |
| CWE:1341 Multiple Releases of Same Resource or Handle |
Weakness | |
| CWE:1389 Incorrect Parsing of Numbers with Different Radices |
Weakness | |
| CWE:1419 Incorrect Initialization of Resource |
Weakness | |
| CWE |
Entity Type | C/C++ Warning Classes |
| CWE:2 7PK - Environment |
Category | |
| CWE:14 Compiler Removal of Code to Clear Buffers |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:15 External Control of System or Configuration Setting |
Weakness | |
| CWE:19 Data Processing Errors |
Category | |
| CWE:20 Improper Input Validation |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Weakness | |
| CWE:23 Relative Path Traversal |
Weakness | |
| CWE:24 Path Traversal: '../filedir' |
Weakness | |
| CWE:25 Path Traversal: '/../filedir' |
Weakness | |
| CWE:26 Path Traversal: '/dir/../filename' |
Weakness | |
| CWE:27 Path Traversal: 'dir/../../filename' |
Weakness | |
| CWE:28 Path Traversal: '..\filedir' |
Weakness | |
| CWE:29 Path Traversal: '\..\filename' |
Weakness | |
| CWE:30 Path Traversal: '\dir\..\filename' |
Weakness | |
| CWE:31 Path Traversal: 'dir\..\..\filename' |
Weakness | |
| CWE:32 Path Traversal: '...' (Triple Dot) |
Weakness | |
| CWE:33 Path Traversal: '....' (Multiple Dot) |
Weakness | |
| CWE:34 Path Traversal: '....//' |
Weakness | |
| CWE:35 Path Traversal: '.../...//' |
Weakness | |
| CWE:36 Absolute Path Traversal |
Weakness | |
| CWE:37 Path Traversal: '/absolute/pathname/here' |
Weakness | |
| CWE:38 Path Traversal: '\absolute\pathname\here' |
Weakness | |
| CWE:39 Path Traversal: 'C:dirname' |
Weakness | |
| CWE:40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share) |
Weakness | |
| CWE:73 External Control of File Name or Path |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
Weakness | |
| CWE:77 Improper Neutralization of Special Elements used in a Command ('Command Injection') |
Weakness | |
| CWE:78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
Weakness | |
| CWE:88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
Weakness | |
| CWE:89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
Weakness | |
| CWE:90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
Weakness | |
| CWE:99 Improper Control of Resource Identifiers ('Resource Injection') |
Weakness | |
| CWE:114 Process Control |
Weakness | |
| CWE:116 Improper Encoding or Escaping of Output |
Weakness | |
| CWE:117 Improper Output Neutralization for Logs |
Weakness | |
| CWE:118 Incorrect Access of Indexable Resource ('Range Error') |
Weakness |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:121 Stack-based Buffer Overflow |
Weakness | |
| CWE:122 Heap-based Buffer Overflow |
Weakness | |
| CWE:123 Write-what-where Condition |
Weakness |
| also related |
|
| hierarchy descendant |
|
|
| CWE:124 Buffer Underwrite ('Buffer Underflow') |
Weakness |
| also related |
|
| hierarchy descendant |
|
|
| CWE:125 Out-of-bounds Read |
Weakness |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:126 Buffer Over-read |
Weakness | |
| CWE:127 Buffer Under-read |
Weakness |
| also related |
|
| hierarchy descendant |
|
|
| CWE:128 Wrap-around Error |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:129 Improper Validation of Array Index |
Weakness | |
| CWE:130 Improper Handling of Length Parameter Inconsistency |
Weakness | |
| CWE:131 Incorrect Calculation of Buffer Size |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:133 String Errors |
Category | |
| CWE:134 Use of Externally-Controlled Format String |
Weakness | |
| CWE:135 Incorrect Calculation of Multi-Byte String Length |
Weakness | |
| CWE:136 Type Errors |
Category | |
| CWE:137 Data Neutralization Issues |
Category | |
| CWE:138 Improper Neutralization of Special Elements |
Weakness | |
| CWE:147 Improper Neutralization of Input Terminators |
Weakness | |
| CWE:170 Improper Null Termination |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:188 Reliance on Data/Memory Layout |
Weakness | |
| CWE:189 Numeric Errors |
Category | |
| CWE:190 Integer Overflow or Wraparound |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:191 Integer Underflow (Wrap or Wraparound) |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:192 Integer Coercion Error |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:193 Off-by-one Error |
Weakness | |
| CWE:194 Unexpected Sign Extension |
Weakness | |
| CWE:195 Signed to Unsigned Conversion Error |
Weakness | |
| CWE:196 Unsigned to Signed Conversion Error |
Weakness | |
| CWE:197 Numeric Truncation Error |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:199 Information Management Errors |
Category | |
| CWE:200 Exposure of Sensitive Information to an Unauthorized Actor |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:201 Insertion of Sensitive Information Into Sent Data |
Weakness | |
| CWE:203 Observable Discrepancy |
Weakness | |
| CWE:212 Improper Removal of Sensitive Information Before Storage or Transfer |
Weakness | |
| CWE:221 Information Loss or Omission |
Weakness | |
| CWE:226 Sensitive Information in Resource Not Removed Before Reuse |
Weakness | |
| CWE:227 7PK - API Abuse |
Category |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:228 Improper Handling of Syntactically Invalid Structure |
Weakness | |
| CWE:229 Improper Handling of Values |
Weakness | |
| CWE:230 Improper Handling of Missing Values |
Weakness | |
| CWE:231 Improper Handling of Extra Values |
Weakness | |
| CWE:232 Improper Handling of Undefined Values |
Weakness | |
| CWE:237 Improper Handling of Structural Elements |
Weakness | |
| CWE:238 Improper Handling of Incomplete Structural Elements |
Weakness | |
| CWE:239 Failure to Handle Incomplete Element |
Weakness | |
| CWE:240 Improper Handling of Inconsistent Structural Elements |
Weakness | |
| CWE:241 Improper Handling of Unexpected Data Type |
Weakness | |
| CWE:242 Use of Inherently Dangerous Function |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:243 Creation of chroot Jail Without Changing Working Directory |
Weakness | |
| CWE:244 Improper Clearing of Heap Memory Before Release ('Heap Inspection') |
Weakness | |
| CWE:248 Uncaught Exception |
Weakness | |
| CWE:251 Often Misused: String Management |
Category | |
| CWE:252 Unchecked Return Value |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:253 Incorrect Check of Function Return Value |
Weakness | |
| CWE:254 7PK - Security Features |
Category | |
| CWE:255 Credentials Management Errors |
Category | |
| CWE:256 Plaintext Storage of a Password |
Weakness | |
| CWE:259 Use of Hard-coded Password |
Weakness | |
| CWE:265 Privilege Issues |
Category | |
| CWE:266 Incorrect Privilege Assignment |
Weakness | |
| CWE:269 Improper Privilege Management |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:274 Improper Handling of Insufficient Privileges |
Weakness | |
| CWE:275 Permission Issues |
Category |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:280 Improper Handling of Insufficient Permissions or Privileges |
Weakness | |
| CWE:281 Improper Preservation of Permissions |
Weakness | |
| CWE:284 Improper Access Control |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:285 Improper Authorization |
Weakness | |
| CWE:287 Improper Authentication |
Weakness | |
| CWE:290 Authentication Bypass by Spoofing |
Weakness | |
| CWE:310 Cryptographic Issues |
Category | |
| CWE:311 Missing Encryption of Sensitive Data |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:312 Cleartext Storage of Sensitive Information |
Weakness | |
| CWE:313 Cleartext Storage in a File or on Disk |
Weakness | |
| CWE:316 Cleartext Storage of Sensitive Information in Memory |
Weakness | |
| CWE:318 Cleartext Storage of Sensitive Information in Executable |
Weakness | |
| CWE:319 Cleartext Transmission of Sensitive Information |
Weakness | |
| CWE:320 Key Management Errors |
Category | |
| CWE:321 Use of Hard-coded Cryptographic Key |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:323 Reusing a Nonce, Key Pair in Encryption |
Weakness | |
| CWE:325 Missing Cryptographic Step |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:326 Inadequate Encryption Strength |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:327 Use of a Broken or Risky Cryptographic Algorithm |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:328 Use of Weak Hash |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:330 Use of Insufficiently Random Values |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:331 Insufficient Entropy |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:332 Insufficient Entropy in PRNG |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:334 Small Space of Random Values |
Weakness | |
| CWE:335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) |
Weakness | |
| CWE:336 Same Seed in Pseudo-Random Number Generator (PRNG) |
Weakness | |
| CWE:337 Predictable Seed in Pseudo-Random Number Generator (PRNG) |
Weakness | |
| CWE:338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
Weakness | |
| CWE:339 Small Seed Space in PRNG |
Weakness | |
| CWE:340 Generation of Predictable Numbers or Identifiers |
Weakness | |
| CWE:341 Predictable from Observable State |
Weakness | |
| CWE:342 Predictable Exact Value from Previous Values |
Weakness | |
| CWE:343 Predictable Value Range from Previous Values |
Weakness | |
| CWE:344 Use of Invariant Value in Dynamically Changing Context |
Weakness |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:350 Reliance on Reverse DNS Resolution for a Security-Critical Action |
Weakness | |
| CWE:355 User Interface Security Issues |
Category | |
| CWE:359 Exposure of Private Personal Information to an Unauthorized Actor |
Weakness | |
| CWE:361 7PK - Time and State |
Category | |
| CWE:362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:363 Race Condition Enabling Link Following |
Weakness | |
| CWE:364 Signal Handler Race Condition |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:366 Race Condition within a Thread |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:367 Time-of-check Time-of-use (TOCTOU) Race Condition |
Weakness | |
| CWE:368 Context Switching Race Condition |
Weakness | |
| CWE:369 Divide By Zero |
Weakness | |
| CWE:371 State Issues |
Category | |
| CWE:377 Insecure Temporary File |
Weakness | |
| CWE:378 Creation of Temporary File With Insecure Permissions |
Weakness | |
| CWE:379 Creation of Temporary File in Directory with Insecure Permissions |
Weakness | |
| CWE:386 Symbolic Name not Mapping to Correct Object |
Weakness | |
| CWE:387 Signal Errors |
Category | |
| CWE:388 7PK - Errors |
Category | |
| CWE:389 Error Conditions, Return Values, Status Codes |
Category |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:390 Detection of Error Condition Without Action |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:391 Unchecked Error Condition |
Weakness | |
| CWE:392 Missing Report of Error Condition |
Weakness | |
| CWE:394 Unexpected Status Code or Return Value |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:396 Declaration of Catch for Generic Exception |
Weakness | |
| CWE:397 Declaration of Throws for Generic Exception |
Weakness | |
| CWE:398 7PK - Code Quality |
Category |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:399 Resource Management Errors |
Category | |
| CWE:400 Uncontrolled Resource Consumption |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:401 Missing Release of Memory after Effective Lifetime |
Weakness | |
| CWE:404 Improper Resource Shutdown or Release |
Weakness |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:410 Insufficient Resource Pool |
Weakness | |
| CWE:411 Resource Locking Problems |
Category |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:413 Improper Resource Locking |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:414 Missing Lock Check |
Weakness | |
| CWE:415 Double Free |
Weakness | |
| CWE:416 Use After Free |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:417 Communication Channel Errors |
Category | |
| CWE:426 Untrusted Search Path |
Weakness | |
| CWE:427 Uncontrolled Search Path Element |
Weakness | |
| CWE:435 Improper Interaction Between Multiple Correctly-Behaving Entities |
Weakness | |
| CWE:436 Interpretation Conflict |
Weakness | |
| CWE:438 Behavioral Problems |
Category | |
| CWE:451 User Interface (UI) Misrepresentation of Critical Information |
Weakness | |
| CWE:452 Initialization and Cleanup Errors |
Category |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:453 Insecure Default Variable Initialization |
Weakness | |
| CWE:454 External Initialization of Trusted Variables or Data Stores |
Weakness | |
| CWE:456 Missing Initialization of a Variable |
Weakness | |
| CWE:457 Use of Uninitialized Variable |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:459 Incomplete Cleanup |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:465 Pointer Issues |
Category |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:466 Return of Pointer Value Outside of Expected Range |
Weakness | |
| CWE:467 Use of sizeof() on a Pointer Type |
Weakness | |
| CWE:468 Incorrect Pointer Scaling |
Weakness | |
| CWE:469 Use of Pointer Subtraction to Determine Size |
Weakness | |
| CWE:471 Modification of Assumed-Immutable Data (MAID) |
Weakness | |
| CWE:474 Use of Function with Inconsistent Implementations |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:475 Undefined Behavior for Input to API |
Weakness | |
| CWE:476 NULL Pointer Dereference |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:477 Use of Obsolete Function |
Weakness | |
| CWE:478 Missing Default Case in Multiple Condition Expression |
Weakness | |
| CWE:479 Signal Handler Use of a Non-reentrant Function |
Weakness | |
| CWE:480 Use of Incorrect Operator |
Weakness |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:481 Assigning instead of Comparing |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:482 Comparing instead of Assigning |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:483 Incorrect Block Delimitation |
Weakness | |
| CWE:484 Omitted Break Statement in Switch |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:485 7PK - Encapsulation |
Category |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:489 Active Debug Code |
Weakness | |
| CWE:497 Exposure of Sensitive System Information to an Unauthorized Control Sphere |
Weakness | |
| CWE:506 Embedded Malicious Code |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:507 Trojan Horse |
Weakness | |
| CWE:508 Non-Replicating Malicious Code |
Weakness | |
| CWE:510 Trapdoor |
Weakness | |
| CWE:511 Logic/Time Bomb |
Weakness | |
| CWE:514 Covert Channel |
Weakness | |
| CWE:515 Covert Storage Channel |
Weakness | |
| CWE:522 Insufficiently Protected Credentials |
Weakness |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:523 Unprotected Transport of Credentials |
Weakness | |
| CWE:529 Exposure of Access Control List Files to an Unauthorized Control Sphere |
Weakness | |
| CWE:530 Exposure of Backup File to an Unauthorized Control Sphere |
Weakness | |
| CWE:532 Insertion of Sensitive Information into Log File |
Weakness | |
| CWE:538 Insertion of Sensitive Information into Externally-Accessible File or Directory |
Weakness |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:540 Inclusion of Sensitive Information in Source Code |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:543 Use of Singleton Pattern Without Synchronization in a Multithreaded Context |
Weakness | |
| CWE:546 Suspicious Comment |
Weakness | |
| CWE:547 Use of Hard-coded, Security-relevant Constants |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:552 Files or Directories Accessible to External Parties |
Weakness | |
| CWE:557 Concurrency Issues |
Category |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:558 Use of getlogin() in Multithreaded Application |
Weakness | |
| CWE:561 Dead Code |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:562 Return of Stack Variable Address |
Weakness | |
| CWE:563 Assignment to Variable without Use |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:567 Unsynchronized Access to Shared Data in a Multithreaded Context |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:569 Expression Issues |
Category | |
| CWE:570 Expression is Always False |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:571 Expression is Always True |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:573 Improper Following of Specification by Caller |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:587 Assignment of a Fixed Address to a Pointer |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:588 Attempt to Access Child of a Non-structure Pointer |
Weakness | |
| CWE:589 Call to Non-ubiquitous API |
Weakness | |
| CWE:590 Free of Memory not on the Heap |
Weakness | |
| CWE:605 Multiple Binds to the Same Port |
Weakness | |
| CWE:606 Unchecked Input for Loop Condition |
Weakness | |
| CWE:609 Double-Checked Locking |
Weakness | |
| CWE:610 Externally Controlled Reference to a Resource in Another Sphere |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:615 Inclusion of Sensitive Information in Source Code Comments |
Weakness | |
| CWE:626 Null Byte Interaction Error (Poison Null Byte) |
Weakness | |
| CWE:628 Function Call with Incorrectly Specified Arguments |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:629 Weaknesses in OWASP Top Ten (2007) |
View | |
| CWE:635 Weaknesses Originally Used by NVD from 2008 to 2016 |
View | |
| CWE:641 Improper Restriction of Names for Files and Other Resources |
Weakness | |
| CWE:642 External Control of Critical State Data |
Weakness |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:651 Exposure of WSDL File Containing Sensitive Information |
Weakness | |
| CWE:657 Violation of Secure Design Principles |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:658 Weaknesses in Software Written in C |
View | |
| CWE:659 Weaknesses in Software Written in C++ |
View | |
| CWE:660 Weaknesses in Software Written in Java |
View | |
| CWE:661 Weaknesses in Software Written in PHP |
View | |
| CWE:662 Improper Synchronization |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:663 Use of a Non-reentrant Function in a Concurrent Context |
Weakness |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:664 Improper Control of a Resource Through its Lifetime |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:665 Improper Initialization |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:666 Operation on Resource in Wrong Phase of Lifetime |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:667 Improper Locking |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:668 Exposure of Resource to Wrong Sphere |
Weakness |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:669 Incorrect Resource Transfer Between Spheres |
Weakness |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:670 Always-Incorrect Control Flow Implementation |
Weakness | |
| CWE:671 Lack of Administrator Control over Security |
Weakness | |
| CWE:672 Operation on a Resource after Expiration or Release |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:673 External Influence of Sphere Definition |
Weakness | |
| CWE:674 Uncontrolled Recursion |
Weakness | |
| CWE:675 Multiple Operations on Resource in Single-Operation Context |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:676 Use of Potentially Dangerous Function |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:677 Weakness Base Elements |
View | |
| CWE:680 Integer Overflow to Buffer Overflow |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:681 Incorrect Conversion between Numeric Types |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:682 Incorrect Calculation |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:683 Function Call With Incorrect Order of Arguments |
Weakness | |
| CWE:684 Incorrect Provision of Specified Functionality |
Weakness | |
| CWE:685 Function Call With Incorrect Number of Arguments |
Weakness | |
| CWE:686 Function Call With Incorrect Argument Type |
Weakness | |
| CWE:687 Function Call With Incorrectly Specified Argument Value |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:688 Function Call With Incorrect Variable or Reference as Argument |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:690 Unchecked Return Value to NULL Pointer Dereference |
Weakness | |
| CWE:691 Insufficient Control Flow Management |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:693 Protection Mechanism Failure |
Weakness | |
| CWE:695 Use of Low-Level Functionality |
Weakness | |
| CWE:696 Incorrect Behavior Order |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:697 Incorrect Comparison |
Weakness | |
| CWE:699 Software Development |
View | |
| CWE:700 Seven Pernicious Kingdoms |
View | |
| CWE:701 Weaknesses Introduced During Design |
View | |
| CWE:702 Weaknesses Introduced During Implementation |
View | |
| CWE:703 Improper Check or Handling of Exceptional Conditions |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:704 Incorrect Type Conversion or Cast |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:705 Incorrect Control Flow Scoping |
Weakness | |
| CWE:706 Use of Incorrectly-Resolved Name or Reference |
Weakness | |
| CWE:707 Improper Neutralization |
Weakness | |
| CWE:709 Named Chains |
View | |
| CWE:710 Improper Adherence to Coding Standards |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:711 Weaknesses in OWASP Top Ten (2004) |
View | |
| CWE:712 OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS) |
Category | |
| CWE:713 OWASP Top Ten 2007 Category A2 - Injection Flaws |
Category | |
| CWE:714 OWASP Top Ten 2007 Category A3 - Malicious File Execution |
Category | |
| CWE:715 OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference |
Category | |
| CWE:717 OWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error Handling |
Category | |
| CWE:718 OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management |
Category | |
| CWE:719 OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
Category | |
| CWE:720 OWASP Top Ten 2007 Category A9 - Insecure Communications |
Category | |
| CWE:721 OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access |
Category | |
| CWE:722 OWASP Top Ten 2004 Category A1 - Unvalidated Input |
Category | |
| CWE:723 OWASP Top Ten 2004 Category A2 - Broken Access Control |
Category | |
| CWE:724 OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management |
Category | |
| CWE:725 OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws |
Category | |
| CWE:726 OWASP Top Ten 2004 Category A5 - Buffer Overflows |
Category | |
| CWE:727 OWASP Top Ten 2004 Category A6 - Injection Flaws |
Category | |
| CWE:728 OWASP Top Ten 2004 Category A7 - Improper Error Handling |
Category | |
| CWE:729 OWASP Top Ten 2004 Category A8 - Insecure Storage |
Category | |
| CWE:730 OWASP Top Ten 2004 Category A9 - Denial of Service |
Category | |
| CWE:731 OWASP Top Ten 2004 Category A10 - Insecure Configuration Management |
Category | |
| CWE:732 Incorrect Permission Assignment for Critical Resource |
Weakness | |
| CWE:733 Compiler Optimization Removal or Modification of Security-critical Code |
Weakness | |
| CWE:734 Weaknesses Addressed by the CERT C Secure Coding Standard (2008) |
View | |
| CWE:735 CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE) |
Category | |
| CWE:736 CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL) |
Category | |
| CWE:737 CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP) |
Category | |
| CWE:738 CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT) |
Category | |
| CWE:739 CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP) |
Category | |
| CWE:740 CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR) |
Category | |
| CWE:741 CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR) |
Category | |
| CWE:742 CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM) |
Category | |
| CWE:743 CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO) |
Category | |
| CWE:744 CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV) |
Category | |
| CWE:745 CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG) |
Category | |
| CWE:746 CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR) |
Category | |
| CWE:747 CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC) |
Category | |
| CWE:748 CERT C Secure Coding Standard (2008) Appendix - POSIX (POS) |
Category | |
| CWE:750 Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors |
View | |
| CWE:751 2009 Top 25 - Insecure Interaction Between Components |
Category | |
| CWE:752 2009 Top 25 - Risky Resource Management |
Category | |
| CWE:753 2009 Top 25 - Porous Defenses |
Category | |
| CWE:754 Improper Check for Unusual or Exceptional Conditions |
Weakness | |
| CWE:755 Improper Handling of Exceptional Conditions |
Weakness | |
| CWE:758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:760 Use of a One-Way Hash with a Predictable Salt |
Weakness | |
| CWE:761 Free of Pointer not at Start of Buffer |
Weakness | |
| CWE:762 Mismatched Memory Management Routines |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:763 Release of Invalid Pointer or Reference |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:764 Multiple Locks of a Critical Resource |
Weakness | |
| CWE:765 Multiple Unlocks of a Critical Resource |
Weakness | |
| CWE:770 Allocation of Resources Without Limits or Throttling |
Weakness | |
| CWE:771 Missing Reference to Active Allocated Resource |
Weakness | |
| CWE:772 Missing Release of Resource after Effective Lifetime |
Weakness | |
| CWE:773 Missing Reference to Active File Descriptor or Handle |
Weakness | |
| CWE:775 Missing Release of File Descriptor or Handle after Effective Lifetime |
Weakness | |
| CWE:780 Use of RSA Algorithm without OAEP |
Weakness | |
| CWE:783 Operator Precedence Logic Error |
Weakness | |
| CWE:785 Use of Path Manipulation Function without Maximum-sized Buffer |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:786 Access of Memory Location Before Start of Buffer |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:787 Out-of-bounds Write |
Weakness |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:788 Access of Memory Location After End of Buffer |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:789 Memory Allocation with Excessive Size Value |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:798 Use of Hard-coded Credentials |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:800 Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors |
View | |
| CWE:801 2010 Top 25 - Insecure Interaction Between Components |
Category | |
| CWE:802 2010 Top 25 - Risky Resource Management |
Category | |
| CWE:803 2010 Top 25 - Porous Defenses |
Category | |
| CWE:805 Buffer Access with Incorrect Length Value |
Weakness |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:806 Buffer Access Using Size of Source Buffer |
Weakness |
| also related |
|
| hierarchy descendant |
|
|
| CWE:807 Reliance on Untrusted Inputs in a Security Decision |
Weakness |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:808 2010 Top 25 - Weaknesses On the Cusp |
Category | |
| CWE:809 Weaknesses in OWASP Top Ten (2010) |
View | |
| CWE:810 OWASP Top Ten 2010 Category A1 - Injection |
Category | |
| CWE:811 OWASP Top Ten 2010 Category A2 - Cross-Site Scripting (XSS) |
Category | |
| CWE:812 OWASP Top Ten 2010 Category A3 - Broken Authentication and Session Management |
Category | |
| CWE:813 OWASP Top Ten 2010 Category A4 - Insecure Direct Object References |
Category | |
| CWE:815 OWASP Top Ten 2010 Category A6 - Security Misconfiguration |
Category | |
| CWE:816 OWASP Top Ten 2010 Category A7 - Insecure Cryptographic Storage |
Category | |
| CWE:817 OWASP Top Ten 2010 Category A8 - Failure to Restrict URL Access |
Category | |
| CWE:818 OWASP Top Ten 2010 Category A9 - Insufficient Transport Layer Protection |
Category | |
| CWE:820 Missing Synchronization |
Weakness | |
| CWE:821 Incorrect Synchronization |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:822 Untrusted Pointer Dereference |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:823 Use of Out-of-range Pointer Offset |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:824 Access of Uninitialized Pointer |
Weakness | |
| CWE:825 Expired Pointer Dereference |
Weakness | |
| CWE:826 Premature Release of Resource During Expected Lifetime |
Weakness | |
| CWE:828 Signal Handler with Functionality that is not Asynchronous-Safe |
Weakness | |
| CWE:832 Unlock of a Resource that is not Locked |
Weakness | |
| CWE:833 Deadlock |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:834 Excessive Iteration |
Weakness | |
| CWE:835 Loop with Unreachable Exit Condition ('Infinite Loop') |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:839 Numeric Range Comparison Without Minimum Check |
Weakness | |
| CWE:840 Business Logic Errors |
Category | |
| CWE:843 Access of Resource Using Incompatible Type ('Type Confusion') |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:844 Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011) |
View | |
| CWE:845 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 2 - Input Validation and Data Sanitization (IDS) |
Category | |
| CWE:846 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 3 - Declarations and Initialization (DCL) |
Category | |
| CWE:847 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP) |
Category | |
| CWE:848 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 5 - Numeric Types and Operations (NUM) |
Category | |
| CWE:850 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET) |
Category | |
| CWE:851 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR) |
Category | |
| CWE:852 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA) |
Category | |
| CWE:853 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK) |
Category | |
| CWE:854 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 11 - Thread APIs (THI) |
Category | |
| CWE:855 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS) |
Category | |
| CWE:857 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO) |
Category | |
| CWE:858 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER) |
Category | |
| CWE:859 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC) |
Category | |
| CWE:860 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV) |
Category | |
| CWE:861 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC) |
Category | |
| CWE:863 Incorrect Authorization |
Weakness | |
| CWE:864 2011 Top 25 - Insecure Interaction Between Components |
Category | |
| CWE:865 2011 Top 25 - Risky Resource Management |
Category | |
| CWE:866 2011 Top 25 - Porous Defenses |
Category | |
| CWE:867 2011 Top 25 - Weaknesses On the Cusp |
Category | |
| CWE:868 Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version) |
View | |
| CWE:870 CERT C++ Secure Coding Section 02 - Declarations and Initialization (DCL) |
Category | |
| CWE:871 CERT C++ Secure Coding Section 03 - Expressions (EXP) |
Category | |
| CWE:872 CERT C++ Secure Coding Section 04 - Integers (INT) |
Category | |
| CWE:873 CERT C++ Secure Coding Section 05 - Floating Point Arithmetic (FLP) |
Category | |
| CWE:874 CERT C++ Secure Coding Section 06 - Arrays and the STL (ARR) |
Category | |
| CWE:875 CERT C++ Secure Coding Section 07 - Characters and Strings (STR) |
Category | |
| CWE:876 CERT C++ Secure Coding Section 08 - Memory Management (MEM) |
Category | |
| CWE:877 CERT C++ Secure Coding Section 09 - Input Output (FIO) |
Category | |
| CWE:878 CERT C++ Secure Coding Section 10 - Environment (ENV) |
Category | |
| CWE:879 CERT C++ Secure Coding Section 11 - Signals (SIG) |
Category | |
| CWE:880 CERT C++ Secure Coding Section 12 - Exceptions and Error Handling (ERR) |
Category | |
| CWE:881 CERT C++ Secure Coding Section 13 - Object Oriented Programming (OOP) |
Category | |
| CWE:882 CERT C++ Secure Coding Section 14 - Concurrency (CON) |
Category | |
| CWE:883 CERT C++ Secure Coding Section 49 - Miscellaneous (MSC) |
Category | |
| CWE:884 CWE Cross-section |
View | |
| CWE:885 SFP Primary Cluster: Risky Values |
Category | |
| CWE:886 SFP Primary Cluster: Unused entities |
Category | |
| CWE:887 SFP Primary Cluster: API |
Category | |
| CWE:888 Software Fault Pattern (SFP) Clusters |
View | |
| CWE:889 SFP Primary Cluster: Exception Management |
Category | |
| CWE:890 SFP Primary Cluster: Memory Access |
Category | |
| CWE:891 SFP Primary Cluster: Memory Management |
Category | |
| CWE:892 SFP Primary Cluster: Resource Management |
Category | |
| CWE:893 SFP Primary Cluster: Path Resolution |
Category | |
| CWE:894 SFP Primary Cluster: Synchronization |
Category | |
| CWE:895 SFP Primary Cluster: Information Leak |
Category | |
| CWE:896 SFP Primary Cluster: Tainted Input |
Category | |
| CWE:897 SFP Primary Cluster: Entry Points |
Category | |
| CWE:898 SFP Primary Cluster: Authentication |
Category | |
| CWE:899 SFP Primary Cluster: Access Control |
Category | |
| CWE:900 Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors |
View | |
| CWE:901 SFP Primary Cluster: Privilege |
Category | |
| CWE:902 SFP Primary Cluster: Channel |
Category | |
| CWE:903 SFP Primary Cluster: Cryptography |
Category | |
| CWE:904 SFP Primary Cluster: Malware |
Category | |
| CWE:905 SFP Primary Cluster: Predictability |
Category | |
| CWE:906 SFP Primary Cluster: UI |
Category | |
| CWE:907 SFP Primary Cluster: Other |
Category | |
| CWE:908 Use of Uninitialized Resource |
Weakness | |
| CWE:909 Missing Initialization of Resource |
Weakness | |
| CWE:910 Use of Expired File Descriptor |
Weakness | |
| CWE:912 Hidden Functionality |
Weakness | |
| CWE:916 Use of Password Hash With Insufficient Computational Effort |
Weakness | |
| CWE:919 Weaknesses in Mobile Applications |
View | |
| CWE:922 Insecure Storage of Sensitive Information |
Weakness | |
| CWE:928 Weaknesses in OWASP Top Ten (2013) |
View | |
| CWE:929 OWASP Top Ten 2013 Category A1 - Injection |
Category | |
| CWE:930 OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management |
Category | |
| CWE:931 OWASP Top Ten 2013 Category A3 - Cross-Site Scripting (XSS) |
Category | |
| CWE:932 OWASP Top Ten 2013 Category A4 - Insecure Direct Object References |
Category | |
| CWE:933 OWASP Top Ten 2013 Category A5 - Security Misconfiguration |
Category | |
| CWE:934 OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure |
Category | |
| CWE:935 OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control |
Category | |
| CWE:943 Improper Neutralization of Special Elements in Data Query Logic |
Weakness | |
| CWE:944 SFP Secondary Cluster: Access Management |
Category | |
| CWE:945 SFP Secondary Cluster: Insecure Resource Access |
Category | |
| CWE:946 SFP Secondary Cluster: Insecure Resource Permissions |
Category | |
| CWE:947 SFP Secondary Cluster: Authentication Bypass |
Category | |
| CWE:949 SFP Secondary Cluster: Faulty Endpoint Authentication |
Category | |
| CWE:950 SFP Secondary Cluster: Hardcoded Sensitive Data |
Category | |
| CWE:954 SFP Secondary Cluster: Multiple Binds to the Same Port |
Category | |
| CWE:956 SFP Secondary Cluster: Channel Attack |
Category | |
| CWE:957 SFP Secondary Cluster: Protocol Error |
Category | |
| CWE:958 SFP Secondary Cluster: Broken Cryptography |
Category | |
| CWE:959 SFP Secondary Cluster: Weak Cryptography |
Category | |
| CWE:960 SFP Secondary Cluster: Ambiguous Exception Type |
Category | |
| CWE:961 SFP Secondary Cluster: Incorrect Exception Behavior |
Category | |
| CWE:962 SFP Secondary Cluster: Unchecked Status Condition |
Category | |
| CWE:963 SFP Secondary Cluster: Exposed Data |
Category | |
| CWE:964 SFP Secondary Cluster: Exposure Temporary File |
Category | |
| CWE:966 SFP Secondary Cluster: Other Exposures |
Category | |
| CWE:967 SFP Secondary Cluster: State Disclosure |
Category | |
| CWE:968 SFP Secondary Cluster: Covert Channel |
Category | |
| CWE:969 SFP Secondary Cluster: Faulty Memory Release |
Category | |
| CWE:970 SFP Secondary Cluster: Faulty Buffer Access |
Category | |
| CWE:971 SFP Secondary Cluster: Faulty Pointer Use |
Category | |
| CWE:972 SFP Secondary Cluster: Faulty String Expansion |
Category | |
| CWE:973 SFP Secondary Cluster: Improper NULL Termination |
Category | |
| CWE:974 SFP Secondary Cluster: Incorrect Buffer Length Computation |
Category | |
| CWE:975 SFP Secondary Cluster: Architecture |
Category | |
| CWE:976 SFP Secondary Cluster: Compiler |
Category | |
| CWE:977 SFP Secondary Cluster: Design |
Category | |
| CWE:978 SFP Secondary Cluster: Implementation |
Category | |
| CWE:979 SFP Secondary Cluster: Failed Chroot Jail |
Category | |
| CWE:980 SFP Secondary Cluster: Link in Resource Name Resolution |
Category | |
| CWE:981 SFP Secondary Cluster: Path Traversal |
Category | |
| CWE:982 SFP Secondary Cluster: Failure to Release Resource |
Category | |
| CWE:983 SFP Secondary Cluster: Faulty Resource Use |
Category | |
| CWE:984 SFP Secondary Cluster: Life Cycle |
Category | |
| CWE:985 SFP Secondary Cluster: Unrestricted Consumption |
Category | |
| CWE:986 SFP Secondary Cluster: Missing Lock |
Category | |
| CWE:987 SFP Secondary Cluster: Multiple Locks/Unlocks |
Category | |
| CWE:988 SFP Secondary Cluster: Race Condition Window |
Category | |
| CWE:990 SFP Secondary Cluster: Tainted Input to Command |
Category | |
| CWE:991 SFP Secondary Cluster: Tainted Input to Environment |
Category | |
| CWE:992 SFP Secondary Cluster: Faulty Input Transformation |
Category | |
| CWE:993 SFP Secondary Cluster: Incorrect Input Handling |
Category | |
| CWE:994 SFP Secondary Cluster: Tainted Input to Variable |
Category | |
| CWE:995 SFP Secondary Cluster: Feature |
Category | |
| CWE:997 SFP Secondary Cluster: Information Loss |
Category | |
| CWE:998 SFP Secondary Cluster: Glitch in Computation |
Category | |
| CWE:1000 Research Concepts |
View | |
| CWE:1001 SFP Secondary Cluster: Use of an Improper API |
Category | |
| CWE:1002 SFP Secondary Cluster: Unexpected Entry Points |
Category | |
| CWE:1003 Weaknesses for Simplified Mapping of Published Vulnerabilities |
View | |
| CWE:1005 7PK - Input Validation and Representation |
Category | |
| CWE:1006 Bad Coding Practices |
Category | |
| CWE:1007 Insufficient Visual Distinction of Homoglyphs Presented to User |
Weakness | |
| CWE:1008 Architectural Concepts |
View | |
| CWE:1009 Audit |
Category | |
| CWE:1010 Authenticate Actors |
Category | |
| CWE:1011 Authorize Actors |
Category | |
| CWE:1012 Cross Cutting |
Category | |
| CWE:1013 Encrypt Data |
Category | |
| CWE:1015 Limit Access |
Category | |
| CWE:1019 Validate Inputs |
Category | |
| CWE:1020 Verify Message Integrity |
Category | |
| CWE:1023 Incomplete Comparison with Missing Factors |
Weakness | |
| CWE:1025 Comparison Using Wrong Factors |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:1026 Weaknesses in OWASP Top Ten (2017) |
View | |
| CWE:1027 OWASP Top Ten 2017 Category A1 - Injection |
Category | |
| CWE:1028 OWASP Top Ten 2017 Category A2 - Broken Authentication |
Category | |
| CWE:1029 OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure |
Category | |
| CWE:1030 OWASP Top Ten 2017 Category A4 - XML External Entities (XXE) |
Category | |
| CWE:1031 OWASP Top Ten 2017 Category A5 - Broken Access Control |
Category | |
| CWE:1032 OWASP Top Ten 2017 Category A6 - Security Misconfiguration |
Category | |
| CWE:1033 OWASP Top Ten 2017 Category A7 - Cross-Site Scripting (XSS) |
Category | |
| CWE:1034 OWASP Top Ten 2017 Category A8 - Insecure Deserialization |
Category | |
| CWE:1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities |
Category | |
| CWE:1036 OWASP Top Ten 2017 Category A10 - Insufficient Logging & Monitoring |
Category | |
| CWE:1037 Processor Optimization Removal or Modification of Security-critical Code |
Weakness | |
| CWE:1038 Insecure Automated Optimizations |
Weakness | |
| CWE:1040 Quality Weaknesses with Indirect Security Impacts |
View | |
| CWE:1041 Use of Redundant Code |
Weakness | |
| CWE:1055 Multiple Inheritance from Concrete Classes |
Weakness | |
| CWE:1056 Invokable Control Element with Variadic Parameters |
Weakness | |
| CWE:1061 Insufficient Encapsulation |
Weakness | |
| CWE:1064 Invokable Control Element with Signature Containing an Excessive Number of Parameters |
Weakness | |
| CWE:1071 Empty Code Block |
Weakness | |
| CWE:1075 Unconditional Control Flow Transfer outside of Switch Block |
Weakness | |
| CWE:1076 Insufficient Adherence to Expected Conventions |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:1077 Floating Point Comparison with Incorrect Operator |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:1078 Inappropriate Source Code Style or Formatting |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:1079 Parent Class without Virtual Destructor Method |
Weakness | |
| CWE:1080 Source Code File with Excessive Number of Lines of Code |
Weakness | |
| CWE:1081 Entries with Maintenance Notes |
View | |
| CWE:1085 Invokable Control Element with Excessive Volume of Commented-out Code |
Weakness | |
| CWE:1087 Class with Virtual Method without a Virtual Destructor |
Weakness | |
| CWE:1091 Use of Object without Invoking Destructor Method |
Weakness | |
| CWE:1093 Excessively Complex Data Representation |
Weakness | |
| CWE:1099 Inconsistent Naming Conventions for Identifiers |
Weakness | |
| CWE:1105 Insufficient Encapsulation of Machine-Dependent Functionality |
Weakness | |
| CWE:1106 Insufficient Use of Symbolic Constants |
Weakness | |
| CWE:1120 Excessive Code Complexity |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:1121 Excessive McCabe Cyclomatic Complexity |
Weakness | |
| CWE:1126 Declaration of Variable with Unnecessarily Wide Scope |
Weakness | |
| CWE:1127 Compilation with Insufficient Warnings or Errors |
Weakness | |
| CWE:1128 CISQ Quality Measures (2016) |
View | |
| CWE:1129 CISQ Quality Measures (2016) - Reliability |
Category | |
| CWE:1130 CISQ Quality Measures (2016) - Maintainability |
Category | |
| CWE:1131 CISQ Quality Measures (2016) - Security |
Category | |
| CWE:1132 CISQ Quality Measures (2016) - Performance Efficiency |
Category | |
| CWE:1133 Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java |
View | |
| CWE:1134 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 00. Input Validation and Data Sanitization (IDS) |
Category | |
| CWE:1135 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 01. Declarations and Initialization (DCL) |
Category | |
| CWE:1136 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 02. Expressions (EXP) |
Category | |
| CWE:1137 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM) |
Category | |
| CWE:1140 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 06. Methods (MET) |
Category | |
| CWE:1141 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 07. Exceptional Behavior (ERR) |
Category | |
| CWE:1142 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 08. Visibility and Atomicity (VNA) |
Category | |
| CWE:1143 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 09. Locking (LCK) |
Category | |
| CWE:1145 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 11. Thread Pools (TPS) |
Category | |
| CWE:1147 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO) |
Category | |
| CWE:1148 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 14. Serialization (SER) |
Category | |
| CWE:1149 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 15. Platform Security (SEC) |
Category | |
| CWE:1150 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 16. Runtime Environment (ENV) |
Category | |
| CWE:1152 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 49. Miscellaneous (MSC) |
Category | |
| CWE:1154 Weaknesses Addressed by the SEI CERT C Coding Standard |
View | |
| CWE:1155 SEI CERT C Coding Standard - Guidelines 01. Preprocessor (PRE) |
Category | |
| CWE:1156 SEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL) |
Category | |
| CWE:1157 SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP) |
Category | |
| CWE:1158 SEI CERT C Coding Standard - Guidelines 04. Integers (INT) |
Category | |
| CWE:1159 SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP) |
Category | |
| CWE:1160 SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR) |
Category | |
| CWE:1161 SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR) |
Category | |
| CWE:1162 SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM) |
Category | |
| CWE:1163 SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO) |
Category | |
| CWE:1164 Irrelevant Code |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:1165 SEI CERT C Coding Standard - Guidelines 10. Environment (ENV) |
Category | |
| CWE:1166 SEI CERT C Coding Standard - Guidelines 11. Signals (SIG) |
Category | |
| CWE:1167 SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR) |
Category | |
| CWE:1168 SEI CERT C Coding Standard - Guidelines 13. Application Programming Interfaces (API) |
Category | |
| CWE:1169 SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON) |
Category | |
| CWE:1170 SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC) |
Category | |
| CWE:1171 SEI CERT C Coding Standard - Guidelines 50. POSIX (POS) |
Category | |
| CWE:1172 SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN) |
Category | |
| CWE:1177 Use of Prohibited Code |
Weakness | |
| CWE:1178 Weaknesses Addressed by the SEI CERT Perl Coding Standard |
View | |
| CWE:1179 SEI CERT Perl Coding Standard - Guidelines 01. Input Validation and Data Sanitization (IDS) |
Category | |
| CWE:1180 SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL) |
Category | |
| CWE:1181 SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP) |
Category | |
| CWE:1182 SEI CERT Perl Coding Standard - Guidelines 04. Integers (INT) |
Category | |
| CWE:1186 SEI CERT Perl Coding Standard - Guidelines 50. Miscellaneous (MSC) |
Category | |
| CWE:1188 Initialization of a Resource with an Insecure Default |
Weakness |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:1194 Hardware Design |
View | |
| CWE:1200 Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors |
View | |
| CWE:1202 Memory and Storage Issues |
Category | |
| CWE:1204 Generation of Weak Initialization Vector (IV) |
Weakness | |
| CWE:1205 Security Primitives and Cryptography Issues |
Category | |
| CWE:1207 Debug and Test Problems |
Category | |
| CWE:1210 Audit / Logging Errors |
Category | |
| CWE:1211 Authentication Errors |
Category |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:1212 Authorization Errors |
Category | |
| CWE:1213 Random Number Issues |
Category | |
| CWE:1215 Data Validation Issues |
Category |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:1218 Memory Buffer Errors |
Category | |
| CWE:1219 File Handling Issues |
Category |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:1226 Complexity Issues |
Category |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:1227 Encapsulation Issues |
Category | |
| CWE:1228 API / Function Errors |
Category | |
| CWE:1229 Creation of Emergent Resource |
Weakness | |
| CWE:1230 Exposure of Sensitive Information Through Metadata |
Weakness | |
| CWE:1237 SFP Primary Cluster: Faulty Resource Release |
Category | |
| CWE:1238 SFP Primary Cluster: Failure to Release Memory |
Category | |
| CWE:1284 Improper Validation of Specified Quantity in Input |
Weakness | |
| CWE:1285 Improper Validation of Specified Index, Position, or Offset in Input |
Weakness | |
| CWE:1295 Debug Messages Revealing Unnecessary Information |
Weakness | |
| CWE:1305 CISQ Quality Measures (2020) |
View | |
| CWE:1306 CISQ Quality Measures - Reliability |
Category | |
| CWE:1307 CISQ Quality Measures - Maintainability |
Category | |
| CWE:1308 CISQ Quality Measures - Security |
Category | |
| CWE:1309 CISQ Quality Measures - Efficiency |
Category | |
| CWE:1335 Incorrect Bitwise Shift of Integer |
Weakness | |
| CWE:1337 Weaknesses in the 2021 CWE Top 25 Most Dangerous Software Weaknesses |
View | |
| CWE:1340 CISQ Data Protection Measures |
View | |
| CWE:1341 Multiple Releases of Same Resource or Handle |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:1344 Weaknesses in OWASP Top Ten (2021) |
View | |
| CWE:1345 OWASP Top Ten 2021 Category A01:2021 - Broken Access Control |
Category | |
| CWE:1346 OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures |
Category | |
| CWE:1347 OWASP Top Ten 2021 Category A03:2021 - Injection |
Category | |
| CWE:1348 OWASP Top Ten 2021 Category A04:2021 - Insecure Design |
Category | |
| CWE:1349 OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration |
Category | |
| CWE:1350 Weaknesses in the 2020 CWE Top 25 Most Dangerous Software Weaknesses |
View | |
| CWE:1352 OWASP Top Ten 2021 Category A06:2021 - Vulnerable and Outdated Components |
Category | |
| CWE:1353 OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures |
Category | |
| CWE:1354 OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures |
Category | |
| CWE:1355 OWASP Top Ten 2021 Category A09:2021 - Security Logging and Monitoring Failures |
Category | |
| CWE:1358 Weaknesses in SEI ETF Categories of Security Vulnerabilities in ICS |
View | |
| CWE:1359 ICS Communications |
Category | |
| CWE:1360 ICS Dependencies (& Architecture) |
Category | |
| CWE:1361 ICS Supply Chain |
Category | |
| CWE:1362 ICS Engineering (Constructions/Deployment) |
Category | |
| CWE:1363 ICS Operations (& Maintenance) |
Category | |
| CWE:1364 ICS Communications: Zone Boundary Failures |
Category | |
| CWE:1365 ICS Communications: Unreliability |
Category | |
| CWE:1366 ICS Communications: Frail Security in Protocols |
Category | |
| CWE:1368 ICS Dependencies (& Architecture): External Digital Systems |
Category | |
| CWE:1369 ICS Supply Chain: IT/OT Convergence/Expansion |
Category | |
| CWE:1370 ICS Supply Chain: Common Mode Frailties |
Category | |
| CWE:1371 ICS Supply Chain: Poorly Documented or Undocumented Features |
Category | |
| CWE:1372 ICS Supply Chain: OT Counterfeit and Malicious Corruption |
Category | |
| CWE:1373 ICS Engineering (Construction/Deployment): Trust Model Problems |
Category | |
| CWE:1375 ICS Engineering (Construction/Deployment): Gaps in Details/Data |
Category | |
| CWE:1376 ICS Engineering (Construction/Deployment): Security Gaps in Commissioning |
Category | |
| CWE:1379 ICS Operations (& Maintenance): Human factors in ICS environments |
Category | |
| CWE:1382 ICS Operations (& Maintenance): Emerging Energy Technologies |
Category | |
| CWE:1383 ICS Operations (& Maintenance): Compliance/Conformance with Regulatory Requirements |
Category | |
| CWE:1387 Weaknesses in the 2022 CWE Top 25 Most Dangerous Software Weaknesses |
View | |
| CWE:1389 Incorrect Parsing of Numbers with Different Radices |
Weakness | |
| CWE:1390 Weak Authentication |
Weakness | |
| CWE:1391 Use of Weak Credentials |
Weakness | |
| CWE:1396 Comprehensive Categorization: Access Control |
Category | |
| CWE:1397 Comprehensive Categorization: Comparison |
Category | |
| CWE:1398 Comprehensive Categorization: Component Interaction |
Category | |
| CWE:1399 Comprehensive Categorization: Memory Safety |
Category | |
| CWE:1400 Comprehensive Categorization for Software Assurance Trends |
View | |
| CWE:1401 Comprehensive Categorization: Concurrency |
Category | |
| CWE:1402 Comprehensive Categorization: Encryption |
Category | |
| CWE:1403 Comprehensive Categorization: Exposed Resource |
Category | |
| CWE:1404 Comprehensive Categorization: File Handling |
Category | |
| CWE:1405 Comprehensive Categorization: Improper Check or Handling of Exceptional Conditions |
Category | |
| CWE:1406 Comprehensive Categorization: Improper Input Validation |
Category | |
| CWE:1407 Comprehensive Categorization: Improper Neutralization |
Category | |
| CWE:1408 Comprehensive Categorization: Incorrect Calculation |
Category | |
| CWE:1409 Comprehensive Categorization: Injection |
Category | |
| CWE:1410 Comprehensive Categorization: Insufficient Control Flow Management |
Category | |
| CWE:1412 Comprehensive Categorization: Poor Coding Practices |
Category | |
| CWE:1413 Comprehensive Categorization: Protection Mechanism Failure |
Category | |
| CWE:1414 Comprehensive Categorization: Randomness |
Category | |
| CWE:1415 Comprehensive Categorization: Resource Control |
Category | |
| CWE:1416 Comprehensive Categorization: Resource Lifecycle Management |
Category | |
| CWE:1417 Comprehensive Categorization: Sensitive Information Exposure |
Category | |
| CWE:1418 Comprehensive Categorization: Violation of Secure Design Principles |
Category | |
| CWE:1419 Incorrect Initialization of Resource |
Weakness |
| closely mapped |
|
| also related |
|
| hierarchy ancestor |
|
|
| CWE:1424 Weaknesses Addressed by ISA/IEC 62443 Requirements |
View | |
| CWE:1425 Weaknesses in the 2023 CWE Top 25 Most Dangerous Software Weaknesses |
View | |
| CWE:1430 Weaknesses in the 2024 CWE Top 25 Most Dangerous Software Weaknesses |
View | |
| CWE:2000 Comprehensive CWE Dictionary |
View | |