| CWE |
Entity Type | Java Warning Classes |
| CWE:22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Weakness | |
| CWE:74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
Weakness | |
| CWE:78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Weakness | |
| CWE:79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
Weakness | |
| CWE:81 Improper Neutralization of Script in an Error Message Web Page |
Weakness | |
| CWE:89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
Weakness | |
| CWE:90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
Weakness | |
| CWE:94 Improper Control of Generation of Code ('Code Injection') |
Weakness | |
| CWE:95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
Weakness | |
| CWE:103 Struts: Incomplete validate() Method Definition |
Weakness | |
| CWE:113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') |
Weakness | |
| CWE:114 Process Control |
Weakness | |
| CWE:117 Improper Output Neutralization for Logs |
Weakness | |
| CWE:134 Use of Externally-Controlled Format String |
Weakness | |
| CWE:190 Integer Overflow or Wraparound |
Weakness | |
| CWE:191 Integer Underflow (Wrap or Wraparound) |
Weakness | |
| CWE:192 Integer Coercion Error |
Weakness | |
| CWE:197 Numeric Truncation Error |
Weakness | |
| CWE:200 Exposure of Sensitive Information to an Unauthorized Actor |
Weakness | |
| CWE:209 Generation of Error Message Containing Sensitive Information |
Weakness | |
| CWE:252 Unchecked Return Value |
Weakness | |
| CWE:253 Incorrect Check of Function Return Value |
Weakness | |
| CWE:259 Use of Hard-coded Password |
Weakness | |
| CWE:287 Improper Authentication |
Weakness | |
| CWE:295 Improper Certificate Validation |
Weakness | |
| CWE:319 Cleartext Transmission of Sensitive Information |
Weakness | |
| CWE:321 Use of Hard-coded Cryptographic Key |
Weakness | |
| CWE:325 Missing Cryptographic Step |
Weakness | |
| CWE:326 Inadequate Encryption Strength |
Weakness | |
| CWE:327 Use of a Broken or Risky Cryptographic Algorithm |
Weakness | |
| CWE:328 Use of Weak Hash |
Weakness | |
| CWE:330 Use of Insufficiently Random Values |
Weakness | |
| CWE:336 Same Seed in Pseudo-Random Number Generator (PRNG) |
Weakness | |
| CWE:338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
Weakness | |
| CWE:349 Acceptance of Extraneous Untrusted Data With Trusted Data |
Weakness | |
| CWE:366 Race Condition within a Thread |
Weakness | |
| CWE:382 J2EE Bad Practices: Use of System.exit() |
Weakness | |
| CWE:383 J2EE Bad Practices: Direct Use of Threads |
Weakness | |
| CWE:390 Detection of Error Condition Without Action |
Weakness | |
| CWE:395 Use of NullPointerException Catch to Detect NULL Pointer Dereference |
Weakness | |
| CWE:396 Declaration of Catch for Generic Exception |
Weakness | |
| CWE:397 Declaration of Throws for Generic Exception |
Weakness | |
| CWE:400 Uncontrolled Resource Consumption |
Weakness | |
| CWE:412 Unrestricted Externally Accessible Lock |
Weakness | |
| CWE:413 Improper Resource Locking |
Weakness | |
| CWE:440 Expected Behavior Violation |
Weakness | |
| CWE:456 Missing Initialization of a Variable |
Weakness | |
| CWE:470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') |
Weakness | |
| CWE:476 NULL Pointer Dereference |
Weakness | |
| CWE:477 Use of Obsolete Function |
Weakness | |
| CWE:480 Use of Incorrect Operator |
Weakness | |
| CWE:481 Assigning instead of Comparing |
Weakness | |
| CWE:486 Comparison of Classes by Name |
Weakness | |
| CWE:487 Reliance on Package-level Scope |
Weakness | |
| CWE:489 Active Debug Code |
Weakness | |
| CWE:491 Public cloneable() Method Without Final ('Object Hijack') |
Weakness | |
| CWE:492 Use of Inner Class Containing Sensitive Data |
Weakness | |
| CWE:493 Critical Public Variable Without Final Modifier |
Weakness | |
| CWE:499 Serializable Class Containing Sensitive Data |
Weakness | |
| CWE:501 Trust Boundary Violation |
Weakness | |
| CWE:502 Deserialization of Untrusted Data |
Weakness | |
| CWE:522 Insufficiently Protected Credentials |
Weakness | |
| CWE:524 Use of Cache Containing Sensitive Information |
Weakness | |
| CWE:537 Java Runtime Error Message Containing Sensitive Information |
Weakness | |
| CWE:538 Insertion of Sensitive Information into Externally-Accessible File or Directory |
Weakness | |
| CWE:547 Use of Hard-coded, Security-relevant Constants |
Weakness | |
| CWE:550 Server-generated Error Message Containing Sensitive Information |
Weakness | |
| CWE:561 Dead Code |
Weakness | |
| CWE:563 Assignment to Variable without Use |
Weakness | |
| CWE:567 Unsynchronized Access to Shared Data in a Multithreaded Context |
Weakness | |
| CWE:568 finalize() Method Without super.finalize() |
Weakness | |
| CWE:570 Expression is Always False |
Weakness | |
| CWE:571 Expression is Always True |
Weakness | |
| CWE:572 Call to Thread run() instead of start() |
Weakness | |
| CWE:573 Improper Following of Specification by Caller |
Weakness | |
| CWE:580 clone() Method Without super.clone() |
Weakness | |
| CWE:581 Object Model Violation: Just One of Equals and Hashcode Defined |
Weakness | |
| CWE:582 Array Declared Public, Final, and Static |
Weakness | |
| CWE:585 Empty Synchronized Block |
Weakness | |
| CWE:586 Explicit Call to Finalize() |
Weakness | |
| CWE:595 Comparison of Object References Instead of Object Contents |
Weakness | |
| CWE:597 Use of Wrong Operator in String Comparison |
Weakness | |
| CWE:601 URL Redirection to Untrusted Site ('Open Redirect') |
Weakness | |
| CWE:607 Public Static Final Field References Mutable Object |
Weakness | |
| CWE:608 Struts: Non-private Field in ActionForm Class |
Weakness | |
| CWE:609 Double-Checked Locking |
Weakness | |
| CWE:611 Improper Restriction of XML External Entity Reference |
Weakness | |
| CWE:613 Insufficient Session Expiration |
Weakness | |
| CWE:614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute |
Weakness | |
| CWE:624 Executable Regular Expression Error |
Weakness | |
| CWE:628 Function Call with Incorrectly Specified Arguments |
Weakness | |
| CWE:643 Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
Weakness | |
| CWE:662 Improper Synchronization |
Weakness | |
| CWE:664 Improper Control of a Resource Through its Lifetime |
Weakness | |
| CWE:665 Improper Initialization |
Weakness | |
| CWE:674 Uncontrolled Recursion |
Weakness | |
| CWE:676 Use of Potentially Dangerous Function |
Weakness | |
| CWE:682 Incorrect Calculation |
Weakness | |
| CWE:686 Function Call With Incorrect Argument Type |
Weakness | |
| CWE:697 Incorrect Comparison |
Weakness | |
| CWE:698 Execution After Redirect (EAR) |
Weakness | |
| CWE:704 Incorrect Type Conversion or Cast |
Weakness | |
| CWE:710 Improper Adherence to Coding Standards |
Weakness | |
| CWE:732 Incorrect Permission Assignment for Critical Resource |
Weakness | |
| CWE:749 Exposed Dangerous Method or Function |
Weakness | |
| CWE:757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') |
Weakness | |
| CWE:766 Critical Data Element Declared Public |
Weakness | |
| CWE:768 Incorrect Short Circuit Evaluation |
Weakness | |
| CWE:772 Missing Release of Resource after Effective Lifetime |
Weakness | |
| CWE:789 Memory Allocation with Excessive Size Value |
Weakness | |
| CWE:820 Missing Synchronization |
Weakness | |
| CWE:833 Deadlock |
Weakness | |
| CWE:909 Missing Initialization of Resource |
Weakness | |
| CWE:913 Improper Control of Dynamically-Managed Code Resources |
Weakness | |
| CWE:915 Improperly Controlled Modification of Dynamically-Determined Object Attributes |
Weakness | |
| CWE:916 Use of Password Hash With Insufficient Computational Effort |
Weakness | |
| CWE:917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') |
Weakness | |
| CWE:922 Insecure Storage of Sensitive Information |
Weakness | |
| CWE:1023 Incomplete Comparison with Missing Factors |
Weakness | |
| CWE:1024 Comparison of Incompatible Types |
Weakness | |
| CWE:1041 Use of Redundant Code |
Weakness | |
| CWE:1061 Insufficient Encapsulation |
Weakness | |
| CWE:1071 Empty Code Block |
Weakness | |
| CWE:1076 Insufficient Adherence to Expected Conventions |
Weakness | |
| CWE:1077 Floating Point Comparison with Incorrect Operator |
Weakness | |
| CWE:1078 Inappropriate Source Code Style or Formatting |
Weakness | |
| CWE:1097 Persistent Storable Data Element without Associated Comparison Control Element |
Weakness | |
| CWE:1126 Declaration of Variable with Unnecessarily Wide Scope |
Weakness | |
| CWE:1164 Irrelevant Code |
Weakness | |
| CWE:1173 Improper Use of Validation Framework |
Weakness | |
| CWE:1176 Inefficient CPU Computation |
Weakness | |
| CWE:1204 Generation of Weak Initialization Vector (IV) |
Weakness | |
| CWE:1339 Insufficient Precision or Accuracy of a Real Number |
Weakness | |
| CWE:1390 Weak Authentication |
Weakness | |
| CWE |
Entity Type | Java Warning Classes |
| CWE:2 7PK - Environment |
Category | |
| CWE:5 J2EE Misconfiguration: Data Transmission Without Encryption |
Weakness | |
| CWE:7 J2EE Misconfiguration: Missing Custom Error Page |
Weakness | |
| CWE:19 Data Processing Errors |
Category | |
| CWE:20 Improper Input Validation |
Weakness | |
| CWE:22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Weakness | |
| CWE:73 External Control of File Name or Path |
Weakness | |
| CWE:74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:77 Improper Neutralization of Special Elements used in a Command ('Command Injection') |
Weakness | |
| CWE:78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Weakness | |
| CWE:79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
Weakness | |
| CWE:81 Improper Neutralization of Script in an Error Message Web Page |
Weakness | |
| CWE:89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
Weakness | |
| CWE:90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
Weakness | |
| CWE:91 XML Injection (aka Blind XPath Injection) |
Weakness | |
| CWE:93 Improper Neutralization of CRLF Sequences ('CRLF Injection') |
Weakness | |
| CWE:94 Improper Control of Generation of Code ('Code Injection') |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
Weakness | |
| CWE:103 Struts: Incomplete validate() Method Definition |
Weakness | |
| CWE:113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') |
Weakness | |
| CWE:114 Process Control |
Weakness | |
| CWE:116 Improper Encoding or Escaping of Output |
Weakness | |
| CWE:117 Improper Output Neutralization for Logs |
Weakness | |
| CWE:133 String Errors |
Category | |
| CWE:134 Use of Externally-Controlled Format String |
Weakness | |
| CWE:136 Type Errors |
Category | |
| CWE:137 Data Neutralization Issues |
Category | |
| CWE:189 Numeric Errors |
Category | |
| CWE:190 Integer Overflow or Wraparound |
Weakness | |
| CWE:191 Integer Underflow (Wrap or Wraparound) |
Weakness | |
| CWE:192 Integer Coercion Error |
Weakness | |
| CWE:197 Numeric Truncation Error |
Weakness | |
| CWE:199 Information Management Errors |
Category | |
| CWE:200 Exposure of Sensitive Information to an Unauthorized Actor |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:209 Generation of Error Message Containing Sensitive Information |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:211 Externally-Generated Error Message Containing Sensitive Information |
Weakness | |
| CWE:221 Information Loss or Omission |
Weakness | |
| CWE:227 7PK - API Abuse |
Category |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:252 Unchecked Return Value |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:253 Incorrect Check of Function Return Value |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:254 7PK - Security Features |
Category | |
| CWE:255 Credentials Management Errors |
Category | |
| CWE:259 Use of Hard-coded Password |
Weakness | |
| CWE:265 Privilege Issues |
Category | |
| CWE:275 Permission Issues |
Category | |
| CWE:284 Improper Access Control |
Weakness | |
| CWE:285 Improper Authorization |
Weakness | |
| CWE:287 Improper Authentication |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:295 Improper Certificate Validation |
Weakness | |
| CWE:310 Cryptographic Issues |
Category | |
| CWE:311 Missing Encryption of Sensitive Data |
Weakness | |
| CWE:319 Cleartext Transmission of Sensitive Information |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:320 Key Management Errors |
Category | |
| CWE:321 Use of Hard-coded Cryptographic Key |
Weakness | |
| CWE:325 Missing Cryptographic Step |
Weakness | |
| CWE:326 Inadequate Encryption Strength |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:327 Use of a Broken or Risky Cryptographic Algorithm |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:328 Use of Weak Hash |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:330 Use of Insufficiently Random Values |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) |
Weakness | |
| CWE:336 Same Seed in Pseudo-Random Number Generator (PRNG) |
Weakness | |
| CWE:338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
Weakness | |
| CWE:344 Use of Invariant Value in Dynamically Changing Context |
Weakness | |
| CWE:345 Insufficient Verification of Data Authenticity |
Weakness | |
| CWE:349 Acceptance of Extraneous Untrusted Data With Trusted Data |
Weakness | |
| CWE:361 7PK - Time and State |
Category | |
| CWE:362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
Weakness | |
| CWE:366 Race Condition within a Thread |
Weakness | |
| CWE:382 J2EE Bad Practices: Use of System.exit() |
Weakness | |
| CWE:383 J2EE Bad Practices: Direct Use of Threads |
Weakness | |
| CWE:388 7PK - Errors |
Category | |
| CWE:389 Error Conditions, Return Values, Status Codes |
Category | |
| CWE:390 Detection of Error Condition Without Action |
Weakness | |
| CWE:392 Missing Report of Error Condition |
Weakness | |
| CWE:395 Use of NullPointerException Catch to Detect NULL Pointer Dereference |
Weakness | |
| CWE:396 Declaration of Catch for Generic Exception |
Weakness | |
| CWE:397 Declaration of Throws for Generic Exception |
Weakness | |
| CWE:398 7PK - Code Quality |
Category |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:399 Resource Management Errors |
Category | |
| CWE:400 Uncontrolled Resource Consumption |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:404 Improper Resource Shutdown or Release |
Weakness | |
| CWE:405 Asymmetric Resource Consumption (Amplification) |
Weakness | |
| CWE:411 Resource Locking Problems |
Category | |
| CWE:412 Unrestricted Externally Accessible Lock |
Weakness | |
| CWE:413 Improper Resource Locking |
Weakness | |
| CWE:435 Improper Interaction Between Multiple Correctly-Behaving Entities |
Weakness | |
| CWE:436 Interpretation Conflict |
Weakness | |
| CWE:438 Behavioral Problems |
Category | |
| CWE:440 Expected Behavior Violation |
Weakness | |
| CWE:452 Initialization and Cleanup Errors |
Category | |
| CWE:456 Missing Initialization of a Variable |
Weakness | |
| CWE:459 Incomplete Cleanup |
Weakness | |
| CWE:465 Pointer Issues |
Category | |
| CWE:470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') |
Weakness | |
| CWE:471 Modification of Assumed-Immutable Data (MAID) |
Weakness | |
| CWE:476 NULL Pointer Dereference |
Weakness | |
| CWE:477 Use of Obsolete Function |
Weakness | |
| CWE:480 Use of Incorrect Operator |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:481 Assigning instead of Comparing |
Weakness | |
| CWE:485 7PK - Encapsulation |
Category |
| also related |
|
| hierarchy ancestor |
|
|
| CWE:486 Comparison of Classes by Name |
Weakness | |
| CWE:487 Reliance on Package-level Scope |
Weakness | |
| CWE:489 Active Debug Code |
Weakness | |
| CWE:491 Public cloneable() Method Without Final ('Object Hijack') |
Weakness | |
| CWE:492 Use of Inner Class Containing Sensitive Data |
Weakness | |
| CWE:493 Critical Public Variable Without Final Modifier |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:495 Private Data Structure Returned From A Public Method |
Weakness | |
| CWE:496 Public Data Assigned to Private Array-Typed Field |
Weakness | |
| CWE:498 Cloneable Class Containing Sensitive Information |
Weakness | |
| CWE:499 Serializable Class Containing Sensitive Data |
Weakness | |
| CWE:501 Trust Boundary Violation |
Weakness | |
| CWE:502 Deserialization of Untrusted Data |
Weakness | |
| CWE:522 Insufficiently Protected Credentials |
Weakness | |
| CWE:524 Use of Cache Containing Sensitive Information |
Weakness | |
| CWE:537 Java Runtime Error Message Containing Sensitive Information |
Weakness | |
| CWE:538 Insertion of Sensitive Information into Externally-Accessible File or Directory |
Weakness | |
| CWE:543 Use of Singleton Pattern Without Synchronization in a Multithreaded Context |
Weakness | |
| CWE:547 Use of Hard-coded, Security-relevant Constants |
Weakness | |
| CWE:550 Server-generated Error Message Containing Sensitive Information |
Weakness | |
| CWE:557 Concurrency Issues |
Category | |
| CWE:561 Dead Code |
Weakness | |
| CWE:563 Assignment to Variable without Use |
Weakness | |
| CWE:567 Unsynchronized Access to Shared Data in a Multithreaded Context |
Weakness | |
| CWE:568 finalize() Method Without super.finalize() |
Weakness | |
| CWE:569 Expression Issues |
Category | |
| CWE:570 Expression is Always False |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:571 Expression is Always True |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:572 Call to Thread run() instead of start() |
Weakness | |
| CWE:573 Improper Following of Specification by Caller |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:580 clone() Method Without super.clone() |
Weakness | |
| CWE:581 Object Model Violation: Just One of Equals and Hashcode Defined |
Weakness | |
| CWE:582 Array Declared Public, Final, and Static |
Weakness | |
| CWE:583 finalize() Method Declared Public |
Weakness | |
| CWE:585 Empty Synchronized Block |
Weakness | |
| CWE:586 Explicit Call to Finalize() |
Weakness | |
| CWE:595 Comparison of Object References Instead of Object Contents |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:597 Use of Wrong Operator in String Comparison |
Weakness | |
| CWE:601 URL Redirection to Untrusted Site ('Open Redirect') |
Weakness | |
| CWE:607 Public Static Final Field References Mutable Object |
Weakness | |
| CWE:608 Struts: Non-private Field in ActionForm Class |
Weakness | |
| CWE:609 Double-Checked Locking |
Weakness | |
| CWE:610 Externally Controlled Reference to a Resource in Another Sphere |
Weakness | |
| CWE:611 Improper Restriction of XML External Entity Reference |
Weakness | |
| CWE:613 Insufficient Session Expiration |
Weakness | |
| CWE:614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute |
Weakness | |
| CWE:624 Executable Regular Expression Error |
Weakness | |
| CWE:628 Function Call with Incorrectly Specified Arguments |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:629 Weaknesses in OWASP Top Ten (2007) |
View | |
| CWE:635 Weaknesses Originally Used by NVD from 2008 to 2016 |
View | |
| CWE:642 External Control of Critical State Data |
Weakness | |
| CWE:643 Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
Weakness | |
| CWE:657 Violation of Secure Design Principles |
Weakness | |
| CWE:658 Weaknesses in Software Written in C |
View | |
| CWE:659 Weaknesses in Software Written in C++ |
View | |
| CWE:660 Weaknesses in Software Written in Java |
View | |
| CWE:661 Weaknesses in Software Written in PHP |
View | |
| CWE:662 Improper Synchronization |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:664 Improper Control of a Resource Through its Lifetime |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:665 Improper Initialization |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:666 Operation on Resource in Wrong Phase of Lifetime |
Weakness | |
| CWE:667 Improper Locking |
Weakness | |
| CWE:668 Exposure of Resource to Wrong Sphere |
Weakness | |
| CWE:670 Always-Incorrect Control Flow Implementation |
Weakness | |
| CWE:671 Lack of Administrator Control over Security |
Weakness | |
| CWE:672 Operation on a Resource after Expiration or Release |
Weakness | |
| CWE:674 Uncontrolled Recursion |
Weakness | |
| CWE:676 Use of Potentially Dangerous Function |
Weakness | |
| CWE:677 Weakness Base Elements |
View | |
| CWE:681 Incorrect Conversion between Numeric Types |
Weakness | |
| CWE:682 Incorrect Calculation |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:683 Function Call With Incorrect Order of Arguments |
Weakness | |
| CWE:684 Incorrect Provision of Specified Functionality |
Weakness | |
| CWE:685 Function Call With Incorrect Number of Arguments |
Weakness | |
| CWE:686 Function Call With Incorrect Argument Type |
Weakness | |
| CWE:688 Function Call With Incorrect Variable or Reference as Argument |
Weakness | |
| CWE:690 Unchecked Return Value to NULL Pointer Dereference |
Weakness | |
| CWE:691 Insufficient Control Flow Management |
Weakness | |
| CWE:693 Protection Mechanism Failure |
Weakness | |
| CWE:695 Use of Low-Level Functionality |
Weakness | |
| CWE:697 Incorrect Comparison |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:698 Execution After Redirect (EAR) |
Weakness | |
| CWE:699 Software Development |
View | |
| CWE:700 Seven Pernicious Kingdoms |
View | |
| CWE:701 Weaknesses Introduced During Design |
View | |
| CWE:702 Weaknesses Introduced During Implementation |
View | |
| CWE:703 Improper Check or Handling of Exceptional Conditions |
Weakness | |
| CWE:704 Incorrect Type Conversion or Cast |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:705 Incorrect Control Flow Scoping |
Weakness | |
| CWE:706 Use of Incorrectly-Resolved Name or Reference |
Weakness | |
| CWE:707 Improper Neutralization |
Weakness | |
| CWE:709 Named Chains |
View | |
| CWE:710 Improper Adherence to Coding Standards |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:711 Weaknesses in OWASP Top Ten (2004) |
View | |
| CWE:712 OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS) |
Category | |
| CWE:713 OWASP Top Ten 2007 Category A2 - Injection Flaws |
Category | |
| CWE:714 OWASP Top Ten 2007 Category A3 - Malicious File Execution |
Category | |
| CWE:715 OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference |
Category | |
| CWE:717 OWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error Handling |
Category | |
| CWE:718 OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management |
Category | |
| CWE:719 OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
Category | |
| CWE:720 OWASP Top Ten 2007 Category A9 - Insecure Communications |
Category | |
| CWE:721 OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access |
Category | |
| CWE:722 OWASP Top Ten 2004 Category A1 - Unvalidated Input |
Category | |
| CWE:723 OWASP Top Ten 2004 Category A2 - Broken Access Control |
Category | |
| CWE:724 OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management |
Category | |
| CWE:725 OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws |
Category | |
| CWE:726 OWASP Top Ten 2004 Category A5 - Buffer Overflows |
Category | |
| CWE:727 OWASP Top Ten 2004 Category A6 - Injection Flaws |
Category | |
| CWE:728 OWASP Top Ten 2004 Category A7 - Improper Error Handling |
Category | |
| CWE:729 OWASP Top Ten 2004 Category A8 - Insecure Storage |
Category | |
| CWE:730 OWASP Top Ten 2004 Category A9 - Denial of Service |
Category | |
| CWE:731 OWASP Top Ten 2004 Category A10 - Insecure Configuration Management |
Category | |
| CWE:732 Incorrect Permission Assignment for Critical Resource |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:734 Weaknesses Addressed by the CERT C Secure Coding Standard (2008) |
View | |
| CWE:735 CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE) |
Category | |
| CWE:736 CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL) |
Category | |
| CWE:737 CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP) |
Category | |
| CWE:738 CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT) |
Category | |
| CWE:739 CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP) |
Category | |
| CWE:740 CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR) |
Category | |
| CWE:741 CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR) |
Category | |
| CWE:742 CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM) |
Category | |
| CWE:743 CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO) |
Category | |
| CWE:744 CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV) |
Category | |
| CWE:745 CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG) |
Category | |
| CWE:746 CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR) |
Category | |
| CWE:747 CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC) |
Category | |
| CWE:748 CERT C Secure Coding Standard (2008) Appendix - POSIX (POS) |
Category | |
| CWE:749 Exposed Dangerous Method or Function |
Weakness | |
| CWE:750 Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors |
View | |
| CWE:751 2009 Top 25 - Insecure Interaction Between Components |
Category | |
| CWE:752 2009 Top 25 - Risky Resource Management |
Category | |
| CWE:753 2009 Top 25 - Porous Defenses |
Category | |
| CWE:754 Improper Check for Unusual or Exceptional Conditions |
Weakness | |
| CWE:755 Improper Handling of Exceptional Conditions |
Weakness | |
| CWE:756 Missing Custom Error Page |
Weakness | |
| CWE:757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') |
Weakness | |
| CWE:766 Critical Data Element Declared Public |
Weakness | |
| CWE:768 Incorrect Short Circuit Evaluation |
Weakness | |
| CWE:770 Allocation of Resources Without Limits or Throttling |
Weakness | |
| CWE:771 Missing Reference to Active Allocated Resource |
Weakness | |
| CWE:772 Missing Release of Resource after Effective Lifetime |
Weakness | |
| CWE:789 Memory Allocation with Excessive Size Value |
Weakness | |
| CWE:798 Use of Hard-coded Credentials |
Weakness | |
| CWE:800 Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors |
View | |
| CWE:801 2010 Top 25 - Insecure Interaction Between Components |
Category | |
| CWE:802 2010 Top 25 - Risky Resource Management |
Category | |
| CWE:803 2010 Top 25 - Porous Defenses |
Category | |
| CWE:808 2010 Top 25 - Weaknesses On the Cusp |
Category | |
| CWE:809 Weaknesses in OWASP Top Ten (2010) |
View | |
| CWE:810 OWASP Top Ten 2010 Category A1 - Injection |
Category | |
| CWE:811 OWASP Top Ten 2010 Category A2 - Cross-Site Scripting (XSS) |
Category | |
| CWE:812 OWASP Top Ten 2010 Category A3 - Broken Authentication and Session Management |
Category | |
| CWE:813 OWASP Top Ten 2010 Category A4 - Insecure Direct Object References |
Category | |
| CWE:815 OWASP Top Ten 2010 Category A6 - Security Misconfiguration |
Category | |
| CWE:816 OWASP Top Ten 2010 Category A7 - Insecure Cryptographic Storage |
Category | |
| CWE:817 OWASP Top Ten 2010 Category A8 - Failure to Restrict URL Access |
Category | |
| CWE:818 OWASP Top Ten 2010 Category A9 - Insufficient Transport Layer Protection |
Category | |
| CWE:819 OWASP Top Ten 2010 Category A10 - Unvalidated Redirects and Forwards |
Category | |
| CWE:820 Missing Synchronization |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:821 Incorrect Synchronization |
Weakness | |
| CWE:833 Deadlock |
Weakness | |
| CWE:834 Excessive Iteration |
Weakness | |
| CWE:840 Business Logic Errors |
Category | |
| CWE:844 Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011) |
View | |
| CWE:845 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 2 - Input Validation and Data Sanitization (IDS) |
Category | |
| CWE:846 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 3 - Declarations and Initialization (DCL) |
Category | |
| CWE:847 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP) |
Category | |
| CWE:848 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 5 - Numeric Types and Operations (NUM) |
Category | |
| CWE:849 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 6 - Object Orientation (OBJ) |
Category | |
| CWE:850 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET) |
Category | |
| CWE:851 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR) |
Category | |
| CWE:852 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA) |
Category | |
| CWE:853 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK) |
Category | |
| CWE:854 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 11 - Thread APIs (THI) |
Category | |
| CWE:855 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS) |
Category | |
| CWE:857 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO) |
Category | |
| CWE:858 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER) |
Category | |
| CWE:859 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC) |
Category | |
| CWE:860 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV) |
Category | |
| CWE:861 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC) |
Category | |
| CWE:864 2011 Top 25 - Insecure Interaction Between Components |
Category | |
| CWE:865 2011 Top 25 - Risky Resource Management |
Category | |
| CWE:866 2011 Top 25 - Porous Defenses |
Category | |
| CWE:867 2011 Top 25 - Weaknesses On the Cusp |
Category | |
| CWE:868 Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version) |
View | |
| CWE:871 CERT C++ Secure Coding Section 03 - Expressions (EXP) |
Category | |
| CWE:872 CERT C++ Secure Coding Section 04 - Integers (INT) |
Category | |
| CWE:873 CERT C++ Secure Coding Section 05 - Floating Point Arithmetic (FLP) |
Category | |
| CWE:874 CERT C++ Secure Coding Section 06 - Arrays and the STL (ARR) |
Category | |
| CWE:875 CERT C++ Secure Coding Section 07 - Characters and Strings (STR) |
Category | |
| CWE:876 CERT C++ Secure Coding Section 08 - Memory Management (MEM) |
Category | |
| CWE:877 CERT C++ Secure Coding Section 09 - Input Output (FIO) |
Category | |
| CWE:878 CERT C++ Secure Coding Section 10 - Environment (ENV) |
Category | |
| CWE:879 CERT C++ Secure Coding Section 11 - Signals (SIG) |
Category | |
| CWE:880 CERT C++ Secure Coding Section 12 - Exceptions and Error Handling (ERR) |
Category | |
| CWE:882 CERT C++ Secure Coding Section 14 - Concurrency (CON) |
Category | |
| CWE:883 CERT C++ Secure Coding Section 49 - Miscellaneous (MSC) |
Category | |
| CWE:884 CWE Cross-section |
View | |
| CWE:885 SFP Primary Cluster: Risky Values |
Category | |
| CWE:886 SFP Primary Cluster: Unused entities |
Category | |
| CWE:887 SFP Primary Cluster: API |
Category | |
| CWE:888 Software Fault Pattern (SFP) Clusters |
View | |
| CWE:889 SFP Primary Cluster: Exception Management |
Category | |
| CWE:890 SFP Primary Cluster: Memory Access |
Category | |
| CWE:892 SFP Primary Cluster: Resource Management |
Category | |
| CWE:893 SFP Primary Cluster: Path Resolution |
Category | |
| CWE:894 SFP Primary Cluster: Synchronization |
Category | |
| CWE:895 SFP Primary Cluster: Information Leak |
Category | |
| CWE:896 SFP Primary Cluster: Tainted Input |
Category | |
| CWE:897 SFP Primary Cluster: Entry Points |
Category | |
| CWE:898 SFP Primary Cluster: Authentication |
Category | |
| CWE:899 SFP Primary Cluster: Access Control |
Category | |
| CWE:900 Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors |
View | |
| CWE:902 SFP Primary Cluster: Channel |
Category | |
| CWE:903 SFP Primary Cluster: Cryptography |
Category | |
| CWE:905 SFP Primary Cluster: Predictability |
Category | |
| CWE:906 SFP Primary Cluster: UI |
Category | |
| CWE:907 SFP Primary Cluster: Other |
Category | |
| CWE:909 Missing Initialization of Resource |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:913 Improper Control of Dynamically-Managed Code Resources |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:915 Improperly Controlled Modification of Dynamically-Determined Object Attributes |
Weakness | |
| CWE:916 Use of Password Hash With Insufficient Computational Effort |
Weakness | |
| CWE:917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') |
Weakness | |
| CWE:919 Weaknesses in Mobile Applications |
View | |
| CWE:922 Insecure Storage of Sensitive Information |
Weakness | |
| CWE:928 Weaknesses in OWASP Top Ten (2013) |
View | |
| CWE:929 OWASP Top Ten 2013 Category A1 - Injection |
Category | |
| CWE:930 OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management |
Category | |
| CWE:931 OWASP Top Ten 2013 Category A3 - Cross-Site Scripting (XSS) |
Category | |
| CWE:932 OWASP Top Ten 2013 Category A4 - Insecure Direct Object References |
Category | |
| CWE:933 OWASP Top Ten 2013 Category A5 - Security Misconfiguration |
Category | |
| CWE:934 OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure |
Category | |
| CWE:935 OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control |
Category | |
| CWE:938 OWASP Top Ten 2013 Category A10 - Unvalidated Redirects and Forwards |
Category | |
| CWE:943 Improper Neutralization of Special Elements in Data Query Logic |
Weakness | |
| CWE:944 SFP Secondary Cluster: Access Management |
Category | |
| CWE:945 SFP Secondary Cluster: Insecure Resource Access |
Category | |
| CWE:946 SFP Secondary Cluster: Insecure Resource Permissions |
Category | |
| CWE:947 SFP Secondary Cluster: Authentication Bypass |
Category | |
| CWE:949 SFP Secondary Cluster: Faulty Endpoint Authentication |
Category | |
| CWE:950 SFP Secondary Cluster: Hardcoded Sensitive Data |
Category | |
| CWE:951 SFP Secondary Cluster: Insecure Authentication Policy |
Category | |
| CWE:957 SFP Secondary Cluster: Protocol Error |
Category | |
| CWE:958 SFP Secondary Cluster: Broken Cryptography |
Category | |
| CWE:959 SFP Secondary Cluster: Weak Cryptography |
Category | |
| CWE:960 SFP Secondary Cluster: Ambiguous Exception Type |
Category | |
| CWE:961 SFP Secondary Cluster: Incorrect Exception Behavior |
Category | |
| CWE:962 SFP Secondary Cluster: Unchecked Status Condition |
Category | |
| CWE:963 SFP Secondary Cluster: Exposed Data |
Category | |
| CWE:965 SFP Secondary Cluster: Insecure Session Management |
Category | |
| CWE:966 SFP Secondary Cluster: Other Exposures |
Category | |
| CWE:971 SFP Secondary Cluster: Faulty Pointer Use |
Category | |
| CWE:975 SFP Secondary Cluster: Architecture |
Category | |
| CWE:977 SFP Secondary Cluster: Design |
Category | |
| CWE:978 SFP Secondary Cluster: Implementation |
Category | |
| CWE:980 SFP Secondary Cluster: Link in Resource Name Resolution |
Category | |
| CWE:981 SFP Secondary Cluster: Path Traversal |
Category | |
| CWE:982 SFP Secondary Cluster: Failure to Release Resource |
Category | |
| CWE:983 SFP Secondary Cluster: Faulty Resource Use |
Category | |
| CWE:984 SFP Secondary Cluster: Life Cycle |
Category | |
| CWE:985 SFP Secondary Cluster: Unrestricted Consumption |
Category | |
| CWE:986 SFP Secondary Cluster: Missing Lock |
Category | |
| CWE:987 SFP Secondary Cluster: Multiple Locks/Unlocks |
Category | |
| CWE:988 SFP Secondary Cluster: Race Condition Window |
Category | |
| CWE:989 SFP Secondary Cluster: Unrestricted Lock |
Category | |
| CWE:990 SFP Secondary Cluster: Tainted Input to Command |
Category | |
| CWE:991 SFP Secondary Cluster: Tainted Input to Environment |
Category | |
| CWE:992 SFP Secondary Cluster: Faulty Input Transformation |
Category | |
| CWE:994 SFP Secondary Cluster: Tainted Input to Variable |
Category | |
| CWE:997 SFP Secondary Cluster: Information Loss |
Category | |
| CWE:998 SFP Secondary Cluster: Glitch in Computation |
Category | |
| CWE:1000 Research Concepts |
View | |
| CWE:1001 SFP Secondary Cluster: Use of an Improper API |
Category | |
| CWE:1002 SFP Secondary Cluster: Unexpected Entry Points |
Category | |
| CWE:1003 Weaknesses for Simplified Mapping of Published Vulnerabilities |
View | |
| CWE:1005 7PK - Input Validation and Representation |
Category | |
| CWE:1006 Bad Coding Practices |
Category | |
| CWE:1008 Architectural Concepts |
View | |
| CWE:1009 Audit |
Category | |
| CWE:1010 Authenticate Actors |
Category | |
| CWE:1011 Authorize Actors |
Category | |
| CWE:1012 Cross Cutting |
Category | |
| CWE:1013 Encrypt Data |
Category | |
| CWE:1014 Identify Actors |
Category | |
| CWE:1015 Limit Access |
Category | |
| CWE:1016 Limit Exposure |
Category | |
| CWE:1018 Manage User Sessions |
Category | |
| CWE:1019 Validate Inputs |
Category | |
| CWE:1020 Verify Message Integrity |
Category | |
| CWE:1023 Incomplete Comparison with Missing Factors |
Weakness | |
| CWE:1024 Comparison of Incompatible Types |
Weakness | |
| CWE:1025 Comparison Using Wrong Factors |
Weakness | |
| CWE:1026 Weaknesses in OWASP Top Ten (2017) |
View | |
| CWE:1027 OWASP Top Ten 2017 Category A1 - Injection |
Category | |
| CWE:1028 OWASP Top Ten 2017 Category A2 - Broken Authentication |
Category | |
| CWE:1029 OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure |
Category | |
| CWE:1030 OWASP Top Ten 2017 Category A4 - XML External Entities (XXE) |
Category | |
| CWE:1031 OWASP Top Ten 2017 Category A5 - Broken Access Control |
Category | |
| CWE:1032 OWASP Top Ten 2017 Category A6 - Security Misconfiguration |
Category | |
| CWE:1033 OWASP Top Ten 2017 Category A7 - Cross-Site Scripting (XSS) |
Category | |
| CWE:1034 OWASP Top Ten 2017 Category A8 - Insecure Deserialization |
Category | |
| CWE:1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities |
Category | |
| CWE:1040 Quality Weaknesses with Indirect Security Impacts |
View | |
| CWE:1041 Use of Redundant Code |
Weakness | |
| CWE:1061 Insufficient Encapsulation |
Weakness | |
| CWE:1071 Empty Code Block |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:1076 Insufficient Adherence to Expected Conventions |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:1077 Floating Point Comparison with Incorrect Operator |
Weakness | |
| CWE:1078 Inappropriate Source Code Style or Formatting |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:1081 Entries with Maintenance Notes |
View | |
| CWE:1097 Persistent Storable Data Element without Associated Comparison Control Element |
Weakness |
| closely mapped |
|
| also related |
|
|
| CWE:1126 Declaration of Variable with Unnecessarily Wide Scope |
Weakness | |
| CWE:1128 CISQ Quality Measures (2016) |
View | |
| CWE:1129 CISQ Quality Measures (2016) - Reliability |
Category | |
| CWE:1130 CISQ Quality Measures (2016) - Maintainability |
Category | |
| CWE:1131 CISQ Quality Measures (2016) - Security |
Category | |
| CWE:1133 Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java |
View | |
| CWE:1134 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 00. Input Validation and Data Sanitization (IDS) |
Category | |
| CWE:1135 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 01. Declarations and Initialization (DCL) |
Category | |
| CWE:1136 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 02. Expressions (EXP) |
Category | |
| CWE:1137 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM) |
Category | |
| CWE:1139 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 05. Object Orientation (OBJ) |
Category | |
| CWE:1140 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 06. Methods (MET) |
Category | |
| CWE:1141 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 07. Exceptional Behavior (ERR) |
Category | |
| CWE:1142 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 08. Visibility and Atomicity (VNA) |
Category | |
| CWE:1143 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 09. Locking (LCK) |
Category | |
| CWE:1144 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 10. Thread APIs (THI) |
Category | |
| CWE:1145 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 11. Thread Pools (TPS) |
Category | |
| CWE:1147 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO) |
Category | |
| CWE:1148 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 14. Serialization (SER) |
Category | |
| CWE:1149 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 15. Platform Security (SEC) |
Category | |
| CWE:1150 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 16. Runtime Environment (ENV) |
Category | |
| CWE:1152 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 49. Miscellaneous (MSC) |
Category | |
| CWE:1153 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 50. Android (DRD) |
Category | |
| CWE:1154 Weaknesses Addressed by the SEI CERT C Coding Standard |
View | |
| CWE:1157 SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP) |
Category | |
| CWE:1158 SEI CERT C Coding Standard - Guidelines 04. Integers (INT) |
Category | |
| CWE:1159 SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP) |
Category | |
| CWE:1161 SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR) |
Category | |
| CWE:1162 SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM) |
Category | |
| CWE:1163 SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO) |
Category | |
| CWE:1164 Irrelevant Code |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:1165 SEI CERT C Coding Standard - Guidelines 10. Environment (ENV) |
Category | |
| CWE:1166 SEI CERT C Coding Standard - Guidelines 11. Signals (SIG) |
Category | |
| CWE:1167 SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR) |
Category | |
| CWE:1169 SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON) |
Category | |
| CWE:1170 SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC) |
Category | |
| CWE:1171 SEI CERT C Coding Standard - Guidelines 50. POSIX (POS) |
Category | |
| CWE:1173 Improper Use of Validation Framework |
Weakness | |
| CWE:1176 Inefficient CPU Computation |
Weakness | |
| CWE:1177 Use of Prohibited Code |
Weakness | |
| CWE:1178 Weaknesses Addressed by the SEI CERT Perl Coding Standard |
View | |
| CWE:1179 SEI CERT Perl Coding Standard - Guidelines 01. Input Validation and Data Sanitization (IDS) |
Category | |
| CWE:1180 SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL) |
Category | |
| CWE:1181 SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP) |
Category | |
| CWE:1182 SEI CERT Perl Coding Standard - Guidelines 04. Integers (INT) |
Category | |
| CWE:1186 SEI CERT Perl Coding Standard - Guidelines 50. Miscellaneous (MSC) |
Category | |
| CWE:1194 Hardware Design |
View | |
| CWE:1200 Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors |
View | |
| CWE:1204 Generation of Weak Initialization Vector (IV) |
Weakness | |
| CWE:1205 Security Primitives and Cryptography Issues |
Category | |
| CWE:1207 Debug and Test Problems |
Category | |
| CWE:1208 Cross-Cutting Problems |
Category | |
| CWE:1210 Audit / Logging Errors |
Category | |
| CWE:1211 Authentication Errors |
Category | |
| CWE:1213 Random Number Issues |
Category | |
| CWE:1214 Data Integrity Issues |
Category | |
| CWE:1215 Data Validation Issues |
Category | |
| CWE:1217 User Session Errors |
Category | |
| CWE:1219 File Handling Issues |
Category | |
| CWE:1228 API / Function Errors |
Category | |
| CWE:1235 Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations |
Weakness | |
| CWE:1305 CISQ Quality Measures (2020) |
View | |
| CWE:1306 CISQ Quality Measures - Reliability |
Category | |
| CWE:1307 CISQ Quality Measures - Maintainability |
Category | |
| CWE:1308 CISQ Quality Measures - Security |
Category | |
| CWE:1309 CISQ Quality Measures - Efficiency |
Category | |
| CWE:1337 Weaknesses in the 2021 CWE Top 25 Most Dangerous Software Weaknesses |
View | |
| CWE:1339 Insufficient Precision or Accuracy of a Real Number |
Weakness | |
| CWE:1340 CISQ Data Protection Measures |
View | |
| CWE:1344 Weaknesses in OWASP Top Ten (2021) |
View | |
| CWE:1345 OWASP Top Ten 2021 Category A01:2021 - Broken Access Control |
Category | |
| CWE:1346 OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures |
Category | |
| CWE:1347 OWASP Top Ten 2021 Category A03:2021 - Injection |
Category | |
| CWE:1348 OWASP Top Ten 2021 Category A04:2021 - Insecure Design |
Category | |
| CWE:1349 OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration |
Category | |
| CWE:1350 Weaknesses in the 2020 CWE Top 25 Most Dangerous Software Weaknesses |
View | |
| CWE:1352 OWASP Top Ten 2021 Category A06:2021 - Vulnerable and Outdated Components |
Category | |
| CWE:1353 OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures |
Category | |
| CWE:1354 OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures |
Category | |
| CWE:1355 OWASP Top Ten 2021 Category A09:2021 - Security Logging and Monitoring Failures |
Category | |
| CWE:1358 Weaknesses in SEI ETF Categories of Security Vulnerabilities in ICS |
View | |
| CWE:1359 ICS Communications |
Category | |
| CWE:1360 ICS Dependencies (& Architecture) |
Category | |
| CWE:1361 ICS Supply Chain |
Category | |
| CWE:1362 ICS Engineering (Constructions/Deployment) |
Category | |
| CWE:1363 ICS Operations (& Maintenance) |
Category | |
| CWE:1364 ICS Communications: Zone Boundary Failures |
Category | |
| CWE:1365 ICS Communications: Unreliability |
Category | |
| CWE:1366 ICS Communications: Frail Security in Protocols |
Category | |
| CWE:1368 ICS Dependencies (& Architecture): External Digital Systems |
Category | |
| CWE:1369 ICS Supply Chain: IT/OT Convergence/Expansion |
Category | |
| CWE:1370 ICS Supply Chain: Common Mode Frailties |
Category | |
| CWE:1371 ICS Supply Chain: Poorly Documented or Undocumented Features |
Category | |
| CWE:1372 ICS Supply Chain: OT Counterfeit and Malicious Corruption |
Category | |
| CWE:1373 ICS Engineering (Construction/Deployment): Trust Model Problems |
Category | |
| CWE:1375 ICS Engineering (Construction/Deployment): Gaps in Details/Data |
Category | |
| CWE:1376 ICS Engineering (Construction/Deployment): Security Gaps in Commissioning |
Category | |
| CWE:1382 ICS Operations (& Maintenance): Emerging Energy Technologies |
Category | |
| CWE:1383 ICS Operations (& Maintenance): Compliance/Conformance with Regulatory Requirements |
Category | |
| CWE:1387 Weaknesses in the 2022 CWE Top 25 Most Dangerous Software Weaknesses |
View | |
| CWE:1390 Weak Authentication |
Weakness |
| closely mapped |
|
| hierarchy ancestor |
|
|
| CWE:1391 Use of Weak Credentials |
Weakness | |
| CWE:1396 Comprehensive Categorization: Access Control |
Category | |
| CWE:1397 Comprehensive Categorization: Comparison |
Category | |
| CWE:1398 Comprehensive Categorization: Component Interaction |
Category | |
| CWE:1399 Comprehensive Categorization: Memory Safety |
Category | |
| CWE:1400 Comprehensive Categorization for Software Assurance Trends |
View | |
| CWE:1401 Comprehensive Categorization: Concurrency |
Category | |
| CWE:1402 Comprehensive Categorization: Encryption |
Category | |
| CWE:1403 Comprehensive Categorization: Exposed Resource |
Category | |
| CWE:1404 Comprehensive Categorization: File Handling |
Category | |
| CWE:1405 Comprehensive Categorization: Improper Check or Handling of Exceptional Conditions |
Category | |
| CWE:1406 Comprehensive Categorization: Improper Input Validation |
Category | |
| CWE:1407 Comprehensive Categorization: Improper Neutralization |
Category | |
| CWE:1408 Comprehensive Categorization: Incorrect Calculation |
Category | |
| CWE:1409 Comprehensive Categorization: Injection |
Category | |
| CWE:1410 Comprehensive Categorization: Insufficient Control Flow Management |
Category | |
| CWE:1411 Comprehensive Categorization: Insufficient Verification of Data Authenticity |
Category | |
| CWE:1412 Comprehensive Categorization: Poor Coding Practices |
Category | |
| CWE:1413 Comprehensive Categorization: Protection Mechanism Failure |
Category | |
| CWE:1414 Comprehensive Categorization: Randomness |
Category | |
| CWE:1415 Comprehensive Categorization: Resource Control |
Category | |
| CWE:1416 Comprehensive Categorization: Resource Lifecycle Management |
Category | |
| CWE:1417 Comprehensive Categorization: Sensitive Information Exposure |
Category | |
| CWE:1418 Comprehensive Categorization: Violation of Secure Design Principles |
Category | |
| CWE:1424 Weaknesses Addressed by ISA/IEC 62443 Requirements |
View | |
| CWE:1425 Weaknesses in the 2023 CWE Top 25 Most Dangerous Software Weaknesses |
View | |
| CWE:1430 Weaknesses in the 2024 CWE Top 25 Most Dangerous Software Weaknesses |
View | |
| CWE:2000 Comprehensive CWE Dictionary |
View | |