CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.10)  
ID

CWE VIEW: Weakness Base Elements

View ID: 677
Structure: Implicit Slice
Status: Draft
Presentation Filter:
+ View Data

View Objective

This view (slice) displays only weakness base elements.

View Filter: .//@Weakness_Abstraction='Base'

+ Relationships
Weakness BaseWeakness Base Absolute Path Traversal - (36)
Weakness BaseWeakness Base Acceptance of Extraneous Untrusted Data With Trusted Data - (349)
Weakness BaseWeakness Base Access of Memory Location After End of Buffer - (788)
Weakness BaseWeakness Base Access of Memory Location Before Start of Buffer - (786)
Weakness BaseWeakness Base Access of Resource Using Incompatible Type ('Type Confusion') - (843)
Weakness BaseWeakness Base Access of Uninitialized Pointer - (824)
Weakness BaseWeakness Base Addition of Data Structure Sentinel - (464)
Weakness BaseWeakness Base Algorithmic Complexity - (407)
Weakness BaseWeakness Base Allocation of Resources Without Limits or Throttling - (770)
Weakness BaseWeakness Base Argument Injection or Modification - (88)
Weakness BaseWeakness Base Assignment of a Fixed Address to a Pointer - (587)
Weakness BaseWeakness Base Authentication Bypass by Capture-replay - (294)
Weakness BaseWeakness Base Authentication Bypass by Primary Weakness - (305)
Weakness BaseWeakness Base Authentication Bypass by Spoofing - (290)
Weakness BaseWeakness Base Authentication Bypass Using an Alternate Path or Channel - (288)
Weakness BaseWeakness Base Authorization Bypass Through User-Controlled Key - (639)
Weakness BaseWeakness Base Behavioral Change in New Version or Environment - (439)
Weakness BaseWeakness Base Buffer Access with Incorrect Length Value - (805)
Weakness BaseWeakness Base Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - (120)
Weakness BaseWeakness Base Buffer Underwrite ('Buffer Underflow') - (124)
Weakness BaseWeakness Base Cleartext Storage of Sensitive Information - (312)
Weakness BaseWeakness Base Cleartext Transmission of Sensitive Information - (319)
Weakness BaseWeakness Base Client-Side Enforcement of Server-Side Security - (602)
Weakness BaseWeakness Base Collapse of Data into Unsafe Value - (182)
Weakness BaseWeakness Base Comparison of Object References Instead of Object Contents - (595)
Weakness BaseWeakness Base Compiler Optimization Removal or Modification of Security-critical Code - (733)
Weakness BaseWeakness Base Compiler Removal of Code to Clear Buffers - (14)
Weakness BaseWeakness Base Context Switching Race Condition - (368)
Weakness BaseWeakness Base Covert Storage Channel - (515)
Weakness BaseWeakness Base Covert Timing Channel - (385)
Weakness BaseWeakness Base Creation of Temporary File in Directory with Incorrect Permissions - (379)
Weakness BaseWeakness Base Creation of Temporary File With Insecure Permissions - (378)
Weakness BaseWeakness Base Dangerous Signal Handler not Disabled During Sensitive Operations - (432)
Weakness BaseWeakness Base Dangling Database Cursor ('Cursor Injection') - (619)
Weakness BaseWeakness Base Deadlock - (833)
Weakness BaseWeakness Base Declaration of Catch for Generic Exception - (396)
Weakness BaseWeakness Base Declaration of Throws for Generic Exception - (397)
Weakness BaseWeakness Base Deletion of Data Structure Sentinel - (463)
Weakness BaseWeakness Base Deployment of Wrong Handler - (430)
DeprecatedDeprecated DEPRECATED (Duplicate): Covert Timing Channel - (516)
DeprecatedDeprecated DEPRECATED (Duplicate): Failure to provide confidentiality for stored data - (218)
DeprecatedDeprecated DEPRECATED (Duplicate): General Information Management Problems - (225)
DeprecatedDeprecated DEPRECATED (Duplicate): HTTP response splitting - (443)
DeprecatedDeprecated DEPRECATED (Duplicate): Miscalculated Null Termination - (132)
DeprecatedDeprecated DEPRECATED (Duplicate): Proxied Trusted Channel - (423)
DeprecatedDeprecated DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision - (247)
DeprecatedDeprecated DEPRECATED: Failure to Protect Stored Data from Modification - (217)
DeprecatedDeprecated DEPRECATED: Improper Sanitization of Custom Special Characters - (92)
DeprecatedDeprecated DEPRECATED: Incorrect Initialization - (458)
DeprecatedDeprecated DEPRECATED: State Synchronization Error - (373)
Weakness BaseWeakness Base Direct Request ('Forced Browsing') - (425)
Weakness BaseWeakness Base Direct Use of Unsafe JNI - (111)
Weakness BaseWeakness Base Divide By Zero - (369)
Weakness BaseWeakness Base Double-Checked Locking - (609)
Weakness BaseWeakness Base Download of Code Without Integrity Check - (494)
Weakness BaseWeakness Base Duplicate Key in Associative List (Alist) - (462)
Weakness BaseWeakness Base Dynamic Variable Evaluation - (627)
Weakness BaseWeakness Base Excessive Iteration - (834)
Weakness BaseWeakness Base Executable Regular Expression Error - (624)
Weakness BaseWeakness Base Execution After Redirect (EAR) - (698)
Weakness BaseWeakness Base Expected Behavior Violation - (440)
Weakness BaseWeakness Base Expired Pointer Dereference - (825)
Weakness BaseWeakness Base Exposed Dangerous Method or Function - (749)
Weakness BaseWeakness Base Exposed Unsafe ActiveX Method - (618)
Weakness BaseWeakness Base Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') - (403)
Weakness BaseWeakness Base External Control of Assumed-Immutable Web Parameter - (472)
Weakness BaseWeakness Base External Control of System or Configuration Setting - (15)
Weakness BaseWeakness Base External Initialization of Trusted Variables or Data Stores - (454)
Weakness BaseWeakness Base File and Directory Information Exposure - (538)
Weakness BaseWeakness Base Files or Directories Accessible to External Parties - (552)
Weakness BaseWeakness Base Function Call with Incorrectly Specified Arguments - (628)
Weakness BaseWeakness Base Guessable CAPTCHA - (804)
Weakness BaseWeakness Base Improper Authorization in Handler for Custom URL Scheme - (939)
Weakness BaseWeakness Base Improper Certificate Validation - (295)
Weakness BaseWeakness Base Improper Check for Dropped Privileges - (273)
Weakness BaseWeakness Base Improper Control of Document Type Definition - (827)
Weakness BaseWeakness Base Improper Control of Dynamically-Identified Variables - (914)
Weakness BaseWeakness Base Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') - (98)
Weakness BaseWeakness Base Improper Control of Resource Identifiers ('Resource Injection') - (99)
Weakness BaseWeakness Base Improper Cross-boundary Removal of Sensitive Data - (212)
Weakness BaseWeakness Base Improper Enforcement of a Single, Unique Action - (837)
Weakness BaseWeakness Base Improper Enforcement of Behavioral Workflow - (841)
Weakness BaseWeakness Base Improper Following of a Certificate's Chain of Trust - (296)
Weakness BaseWeakness Base Improper Handling of Additional Special Element - (167)
Weakness BaseWeakness Base Improper Handling of Case Sensitivity - (178)
Weakness BaseWeakness Base Improper Handling of File Names that Identify Virtual Resources - (66)
Weakness BaseWeakness Base Improper Handling of Highly Compressed Data (Data Amplification) - (409)
Weakness BaseWeakness Base Improper Handling of Inconsistent Special Elements - (168)
Weakness BaseWeakness Base Improper Handling of Insufficient Permissions or Privileges - (280)
Weakness BaseWeakness Base Improper Handling of Insufficient Privileges - (274)
Weakness BaseWeakness Base Improper Handling of Length Parameter Inconsistency - (130)
Weakness BaseWeakness Base Improper Handling of Missing Special Element - (166)
Weakness BaseWeakness Base Improper Handling of Parameters - (233)
Weakness BaseWeakness Base Improper Handling of Structural Elements - (237)
Weakness BaseWeakness Base Improper Handling of Unexpected Data Type - (241)
Weakness BaseWeakness Base Improper Handling of Values - (229)
Weakness BaseWeakness Base Improper Link Resolution Before File Access ('Link Following') - (59)
Weakness BaseWeakness Base Improper Locking - (667)
Weakness BaseWeakness Base Improper Neutralization of CRLF Sequences ('CRLF Injection') - (93)
Weakness BaseWeakness Base Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') - (113)
Weakness BaseWeakness Base Improper Neutralization of Data within XPath Expressions ('XPath Injection') - (643)
Weakness BaseWeakness Base Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') - (652)
Weakness BaseWeakness Base Improper Neutralization of Delimiters - (140)
Weakness BaseWeakness Base Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') - (95)
Weakness BaseWeakness Base Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') - (96)
Weakness BaseWeakness Base Improper Neutralization of Equivalent Special Elements - (76)
Weakness BaseWeakness Base Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - (79)
Weakness BaseWeakness Base Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') - (917)
Weakness BaseWeakness Base Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') - (90)
Weakness BaseWeakness Base Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - (78)
Weakness BaseWeakness Base Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - (89)
Weakness BaseWeakness Base Improper Null Termination - (170)
Weakness BaseWeakness Base Improper Output Neutralization for Logs - (117)
Weakness BaseWeakness Base Improper Preservation of Permissions - (281)
Weakness BaseWeakness Base Improper Privilege Management - (269)
Weakness BaseWeakness Base Improper Release of Memory Before Removing Last Reference ('Memory Leak') - (401)
Weakness BaseWeakness Base Improper Resolution of Path Equivalence - (41)
Weakness BaseWeakness Base Improper Resource Locking - (413)
Weakness BaseWeakness Base Improper Resource Shutdown or Release - (404)
Weakness BaseWeakness Base Improper Restriction of Excessive Authentication Attempts - (307)
Weakness BaseWeakness Base Improper Restriction of Names for Files and Other Resources - (641)
Weakness BaseWeakness Base Improper Restriction of Power Consumption - (920)
Weakness BaseWeakness Base Improper Synchronization - (662)
Weakness BaseWeakness Base Improper Update of Reference Count - (911)
Weakness BaseWeakness Base Improper Validation of Array Index - (129)
Weakness BaseWeakness Base Improper Validation of Integrity Check Value - (354)
Weakness BaseWeakness Base Improper Verification of Cryptographic Signature - (347)
Weakness BaseWeakness Base Improper Verification of Source of a Communication Channel - (940)
Weakness BaseWeakness Base Improperly Controlled Modification of Dynamically-Determined Object Attributes - (915)
Weakness BaseWeakness Base Improperly Implemented Security Check for Standard - (358)
Weakness BaseWeakness Base Inappropriate Encoding for Output Context - (838)
Weakness BaseWeakness Base Inclusion of Web Functionality from an Untrusted Source - (830)
Weakness BaseWeakness Base Incomplete Blacklist - (184)
Weakness BaseWeakness Base Incomplete Cleanup - (459)
Weakness BaseWeakness Base Incomplete Filtering of Special Elements - (791)
Weakness BaseWeakness Base Incomplete Internal State Distinction - (372)
Weakness BaseWeakness Base Incomplete Model of Endpoint Features - (437)
Weakness BaseWeakness Base Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') - (444)
Weakness BaseWeakness Base Incorrect Behavior Order: Authorization Before Parsing and Canonicalization - (551)
Weakness BaseWeakness Base Incorrect Behavior Order: Early Amplification - (408)
Weakness BaseWeakness Base Incorrect Behavior Order: Early Validation - (179)
Weakness BaseWeakness Base Incorrect Behavior Order: Validate Before Canonicalize - (180)
Weakness BaseWeakness Base Incorrect Behavior Order: Validate Before Filter - (181)
Weakness BaseWeakness Base Incorrect Calculation of Buffer Size - (131)
Weakness BaseWeakness Base Incorrect Calculation of Multi-Byte String Length - (135)
Weakness BaseWeakness Base Incorrect Check of Function Return Value - (253)
Weakness BaseWeakness Base Incorrect Conversion between Numeric Types - (681)
Weakness BaseWeakness Base Incorrect Implementation of Authentication Algorithm - (303)
Weakness BaseWeakness Base Incorrect Ownership Assignment - (708)
Weakness BaseWeakness Base Incorrect Pointer Scaling - (468)
Weakness BaseWeakness Base Incorrect Privilege Assignment - (266)
Weakness BaseWeakness Base Incorrect Provision of Specified Functionality - (684)
Weakness BaseWeakness Base Incorrect Semantic Object Comparison - (596)
Weakness BaseWeakness Base Incorrect Synchronization - (821)
Weakness BaseWeakness Base Incorrect Use of Privileged APIs - (648)
Weakness BaseWeakness Base Incorrectly Specified Destination in a Communication Channel - (941)
Weakness BaseWeakness Base Information Exposure Through an Error Message - (209)
Weakness BaseWeakness Base Information Exposure Through Behavioral Discrepancy - (205)
Weakness BaseWeakness Base Information Exposure Through Externally-generated Error Message - (211)
Weakness BaseWeakness Base Information Exposure Through Self-generated Error Message - (210)
Weakness BaseWeakness Base Information Exposure Through Timing Discrepancy - (208)
Weakness BaseWeakness Base Insecure Default Variable Initialization - (453)
Weakness BaseWeakness Base Insecure Temporary File - (377)
Weakness BaseWeakness Base Insufficient Compartmentalization - (653)
Weakness BaseWeakness Base Insufficient Control of Network Message Volume (Network Amplification) - (406)
Weakness BaseWeakness Base Insufficient Entropy - (331)
Weakness BaseWeakness Base Insufficient Logging - (778)
Weakness BaseWeakness Base Insufficient Psychological Acceptability - (655)
Weakness BaseWeakness Base Insufficient Resource Pool - (410)
Weakness BaseWeakness Base Insufficient Session Expiration - (613)
Weakness BaseWeakness Base Insufficient Type Distinction - (351)
Weakness BaseWeakness Base Insufficient UI Warning of Dangerous Operations - (357)
Weakness BaseWeakness Base Insufficiently Protected Credentials - (522)
Weakness BaseWeakness Base Integer Overflow or Wraparound - (190)
Weakness BaseWeakness Base Integer Underflow (Wrap or Wraparound) - (191)
Weakness BaseWeakness Base Intentional Information Exposure - (213)
Weakness BaseWeakness Base Interpretation Conflict - (436)
Weakness BaseWeakness Base Key Exchange without Entity Authentication - (322)
Weakness BaseWeakness Base Least Privilege Violation - (272)
Weakness BaseWeakness Base Leftover Debug Code - (489)
Weakness BaseWeakness Base Logging of Excessive Data - (779)
Weakness BaseWeakness Base Logic/Time Bomb - (511)
Weakness BaseWeakness Base Loop with Unreachable Exit Condition ('Infinite Loop') - (835)
Weakness BaseWeakness Base Misinterpretation of Input - (115)
Weakness BaseWeakness Base Missing Check for Certificate Revocation after Initial Check - (370)
Weakness BaseWeakness Base Missing Critical Step in Authentication - (304)
Weakness BaseWeakness Base Missing Encryption of Sensitive Data - (311)
Weakness BaseWeakness Base Missing Handler - (431)
Weakness BaseWeakness Base Missing Initialization of a Variable - (456)
Weakness BaseWeakness Base Missing Initialization of Resource - (909)
Weakness BaseWeakness Base Missing Lock Check - (414)
Weakness BaseWeakness Base Missing Reference to Active Allocated Resource - (771)
Weakness BaseWeakness Base Missing Release of Resource after Effective Lifetime - (772)
Weakness BaseWeakness Base Missing Report of Error Condition - (392)
Weakness BaseWeakness Base Missing Required Cryptographic Step - (325)
Weakness BaseWeakness Base Missing Standardized Error Handling Mechanism - (544)
Weakness BaseWeakness Base Missing Support for Integrity Check - (353)
Weakness BaseWeakness Base Missing Synchronization - (820)
Weakness BaseWeakness Base Missing XML Validation - (112)
Weakness BaseWeakness Base Modification of Assumed-Immutable Data (MAID) - (471)
Weakness BaseWeakness Base Multiple Binds to the Same Port - (605)
Weakness BaseWeakness Base Multiple Interpretations of UI Input - (450)
Weakness BaseWeakness Base Non-exit on Failed Initialization - (455)
Weakness BaseWeakness Base Non-Replicating Malicious Code - (508)
Weakness BaseWeakness Base NULL Pointer Dereference - (476)
Weakness BaseWeakness Base Numeric Range Comparison Without Minimum Check - (839)
Weakness BaseWeakness Base Numeric Truncation Error - (197)
Weakness BaseWeakness Base Object Model Violation: Just One of Equals and Hashcode Defined - (581)
Weakness BaseWeakness Base Obscured Security-relevant Information by Alternate Name - (224)
Weakness BaseWeakness Base Obsolete Feature in UI - (448)
Weakness BaseWeakness Base Off-by-one Error - (193)
Weakness BaseWeakness Base Omission of Security-relevant Information - (223)
Weakness BaseWeakness Base Omitted Break Statement in Switch - (484)
Weakness BaseWeakness Base Only Filtering Special Elements at a Specified Location - (795)
Weakness BaseWeakness Base Operation on a Resource after Expiration or Release - (672)
Weakness BaseWeakness Base Operation on Resource in Wrong Phase of Lifetime - (666)
Weakness BaseWeakness Base Origin Validation Error - (346)
Weakness BaseWeakness Base Out-of-bounds Read - (125)
Weakness BaseWeakness Base Out-of-bounds Write - (787)
Weakness BaseWeakness Base Overly Restrictive Account Lockout Mechanism - (645)
Weakness BaseWeakness Base Overly Restrictive Regular Expression - (186)
Weakness BaseWeakness Base Partial Comparison - (187)
Weakness BaseWeakness Base Passing Mutable Objects to an Untrusted Method - (374)
Weakness BaseWeakness Base Password Aging with Long Expiration - (263)
Weakness BaseWeakness Base Permissive Regular Expression - (625)
Weakness BaseWeakness Base Permissive Whitelist - (183)
Weakness BaseWeakness Base Placement of User into Incorrect Group - (842)
Weakness BaseWeakness Base Predictable Exact Value from Previous Values - (342)
Weakness BaseWeakness Base Predictable from Observable State - (341)
Weakness BaseWeakness Base Predictable Seed in PRNG - (337)
Weakness BaseWeakness Base Predictable Value Range from Previous Values - (343)
Weakness BaseWeakness Base Premature Release of Resource During Expected Lifetime - (826)
Weakness BaseWeakness Base Privilege Chaining - (268)
Weakness BaseWeakness Base Privilege Context Switching Error - (270)
Weakness BaseWeakness Base Privilege Defined With Unsafe Actions - (267)
Weakness BaseWeakness Base Process Control - (114)
Weakness BaseWeakness Base Product UI does not Warn User of Unsafe Actions - (356)
Weakness BaseWeakness Base Race Condition During Access to Alternate Channel - (421)
Weakness BaseWeakness Base Race Condition Enabling Link Following - (363)
Weakness BaseWeakness Base Race Condition in Switch - (365)
Weakness BaseWeakness Base Race Condition within a Thread - (366)
Weakness BaseWeakness Base Relative Path Traversal - (23)
Weakness BaseWeakness Base Release of Invalid Pointer or Reference - (763)
Weakness BaseWeakness Base Reliance on a Single Factor in a Security Decision - (654)
Weakness BaseWeakness Base Reliance on Cookies without Validation and Integrity Checking - (565)
Weakness BaseWeakness Base Reliance on Data/Memory Layout - (188)
Weakness BaseWeakness Base Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking - (649)
Weakness BaseWeakness Base Reliance on Security Through Obscurity - (656)
Weakness BaseWeakness Base Reliance on Untrusted Inputs in a Security Decision - (807)
Weakness BaseWeakness Base Replicating Malicious Code (Virus or Worm) - (509)
Weakness BaseWeakness Base Response Discrepancy Information Exposure - (204)
Weakness BaseWeakness Base Return Inside Finally Block - (584)
Weakness BaseWeakness Base Return of Pointer Value Outside of Expected Range - (466)
Weakness BaseWeakness Base Return of Stack Variable Address - (562)
Weakness BaseWeakness Base Return of Wrong Status Code - (393)
Weakness BaseWeakness Base Returning a Mutable Object to an Untrusted Caller - (375)
Weakness BaseWeakness Base Reusing a Nonce, Key Pair in Encryption - (323)
Weakness BaseWeakness Base Reversible One-Way Hash - (328)
Weakness BaseWeakness Base Same Seed in PRNG - (336)
Weakness BaseWeakness Base Sensitive Information Uncleared Before Release - (226)
Weakness BaseWeakness Base Server-Side Request Forgery (SSRF) - (918)
Weakness BaseWeakness Base Signal Handler Function Associated with Multiple Signals - (831)
Weakness BaseWeakness Base Signal Handler Race Condition - (364)
Weakness BaseWeakness Base Signal Handler with Functionality that is not Asynchronous-Safe - (828)
Weakness BaseWeakness Base Small Seed Space in PRNG - (339)
Weakness BaseWeakness Base Small Space of Random Values - (334)
Weakness BaseWeakness Base Spyware - (512)
Weakness BaseWeakness Base Storage of Sensitive Data in a Mechanism without Access Control - (921)
Weakness BaseWeakness Base Storing Passwords in a Recoverable Format - (257)
Weakness BaseWeakness Base Symbolic Name not Mapping to Correct Object - (386)
Weakness BaseWeakness Base The UI Performs the Wrong Action - (449)
Weakness BaseWeakness Base Time-of-check Time-of-use (TOCTOU) Race Condition - (367)
Weakness BaseWeakness Base Trapdoor - (510)
Weakness BaseWeakness Base Trojan Horse - (507)
Weakness BaseWeakness Base Truncation of Security-relevant Information - (222)
Weakness BaseWeakness Base Trust Boundary Violation - (501)
Weakness BaseWeakness Base Trust of System Event Data - (360)
Weakness BaseWeakness Base UI Discrepancy for Security Feature - (446)
Weakness BaseWeakness Base Uncaught Exception - (248)
Weakness BaseWeakness Base Uncaught Exception in Servlet - (600)
Weakness BaseWeakness Base Unchecked Error Condition - (391)
Weakness BaseWeakness Base Unchecked Input for Loop Condition - (606)
Weakness BaseWeakness Base Unchecked Return Value - (252)
Weakness BaseWeakness Base Uncontrolled Recursion - (674)
Weakness BaseWeakness Base Uncontrolled Resource Consumption ('Resource Exhaustion') - (400)
Weakness BaseWeakness Base Uncontrolled Search Path Element - (427)
Weakness BaseWeakness Base Undefined Behavior for Input to API - (475)
Weakness BaseWeakness Base Unexpected Sign Extension - (194)
Weakness BaseWeakness Base Unexpected Status Code or Return Value - (394)
Weakness BaseWeakness Base Unimplemented or Unsupported Feature in UI - (447)
Weakness BaseWeakness Base Unlock of a Resource that is not Locked - (832)
Weakness BaseWeakness Base Unprotected Alternate Channel - (420)
Weakness BaseWeakness Base Unprotected Primary Channel - (419)
Weakness BaseWeakness Base Unquoted Search Path or Element - (428)
Weakness BaseWeakness Base Unrestricted Externally Accessible Lock - (412)
Weakness BaseWeakness Base Unrestricted Upload of File with Dangerous Type - (434)
Weakness BaseWeakness Base Unsynchronized Access to Shared Data in a Multithreaded Context - (567)
Weakness BaseWeakness Base Untrusted Pointer Dereference - (822)
Weakness BaseWeakness Base Unverified Ownership - (283)
Weakness BaseWeakness Base Use After Free - (416)
Weakness BaseWeakness Base Use of a Broken or Risky Cryptographic Algorithm - (327)
Weakness BaseWeakness Base Use of a Key Past its Expiration Date - (324)
Weakness BaseWeakness Base Use of a Non-reentrant Function in a Concurrent Context - (663)
Weakness BaseWeakness Base Use of a One-Way Hash with a Predictable Salt - (760)
Weakness BaseWeakness Base Use of a One-Way Hash without a Salt - (759)
Weakness BaseWeakness Base Use of Client-Side Authentication - (603)
Weakness BaseWeakness Base Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) - (338)
Weakness BaseWeakness Base Use of Expired File Descriptor - (910)
Weakness BaseWeakness Base Use of Externally-Controlled Format String - (134)
Weakness BaseWeakness Base Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') - (470)
Weakness BaseWeakness Base Use of Function with Inconsistent Implementations - (474)
Weakness BaseWeakness Base Use of Hard-coded Credentials - (798)
Weakness BaseWeakness Base Use of Hard-coded Cryptographic Key - (321)
Weakness BaseWeakness Base Use of Hard-coded Password - (259)
Weakness BaseWeakness Base Use of Incorrect Byte Ordering - (198)
Weakness BaseWeakness Base Use of Incorrect Operator - (480)
Weakness BaseWeakness Base Use of Inherently Dangerous Function - (242)
Weakness BaseWeakness Base Use of Invariant Value in Dynamically Changing Context - (344)
Weakness BaseWeakness Base Use of Less Trusted Source - (348)
Weakness BaseWeakness Base Use of Low-Level Functionality - (695)
Weakness BaseWeakness Base Use of Multiple Resources with Duplicate Identifier - (694)
Weakness BaseWeakness Base Use of NullPointerException Catch to Detect NULL Pointer Dereference - (395)
Weakness BaseWeakness Base Use of Obsolete Functions - (477)
Weakness BaseWeakness Base Use of Out-of-range Pointer Offset - (823)
Weakness BaseWeakness Base Use of Password Hash Instead of Password for Authentication - (836)
Weakness BaseWeakness Base Use of Password Hash With Insufficient Computational Effort - (916)
Weakness BaseWeakness Base Use of Password System for Primary Authentication - (309)
Weakness BaseWeakness Base Use of Pointer Subtraction to Determine Size - (469)
Weakness BaseWeakness Base Use of Potentially Dangerous Function - (676)
Weakness BaseWeakness Base Use of Single-factor Authentication - (308)
Weakness BaseWeakness Base Use of Uninitialized Resource - (908)
Weakness BaseWeakness Base User Interface (UI) Misrepresentation of Critical Information - (451)
Weakness BaseWeakness Base Variable Extraction Error - (621)
Weakness BaseWeakness Base Weak Password Recovery Mechanism for Forgotten Password - (640)
Weakness BaseWeakness Base Weak Password Requirements - (521)
Weakness BaseWeakness Base Wrap-around Error - (128)
Weakness BaseWeakness Base Write-what-where Condition - (123)
Weakness BaseWeakness Base XML Injection (aka Blind XPath Injection) - (91)
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated View_Filter, View_Structure
+ View Metrics
CWEs in this viewTotal CWEs
Total338out of1005
Views0out of33
Categories0out of244
Weaknesses338out of720
Compound_Elements0out of8

More information is available — Please select a different filter.
Page Last Updated: January 19, 2017