CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE Top 25 Most Dangerous Software Errors
Home > CWE List > Reports > Differences between Version 3.2 and Version 3.3  
ID

Differences between Version 3.2 and Version 3.3

Summary
Summary
Total weaknesses/chains/composites (Version 3.3) 808
Total weaknesses/chains/composites (Version 3.2) 806
Total new 11
Total deprecated 2
Total with major changes 238
Total with only minor changes
Total unchanged 937

Summary of Entry Types

Type Version 3.2 Version 3.3
Weakness 806 808
Category 289 295
View 36 37
Deprecated 46 48
Total 1177 1188

Field Change Summary
Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field Major Minor
Name 6 0
Description 8 0
Applicable_Platforms 0 0
Time_of_Introduction 0 0
Demonstrative_Examples 4 0
Detection_Factors 0 0
Likelihood_of_Exploit 0 0
Common_Consequences 0 0
Relationships 161 0
References 15 0
Potential_Mitigations 0 0
Observed_Examples 0 0
Terminology_Notes 0 0
Alternate_Terms 0 0
Related_Attack_Patterns 75 0
Relationship_Notes 0 0
Taxonomy_Mappings 1 0
Maintenance_Notes 3 0
Modes_of_Introduction 0 0
Research_Gaps 0 0
Background_Details 0 0
Theoretical_Notes 0 0
Weakness_Ordinalities 0 0
Other_Notes 0 0
View_Type 0 0
View_Structure 0 0
View_Filter 0 0
View_Audience 0 0
Type 49 0
Source_Taxonomy 0 0

Form and Abstraction Changes

From To Total CWE IDs
Unchanged 1128
Category Deprecated 2 17, 18
Weakness/Base Weakness/Class 10 311, 327, 406, 407, 436, 662, 666, 672, 674, 834
Weakness/Base Weakness/Variant 15 95, 98, 323, 336, 337, 339, 379, 416, 453, 456, 759, 760, 827, 830, 911
Weakness/Class Weakness/Base 8 22, 94, 185, 203, 681, 757, 829, 924
Weakness/Variant Weakness/Base 14 256, 276, 306, 312, 319, 457, 502, 561, 601, 611, 617, 765, 776, 783

Status Changes

From To Total
Unchanged 1175
Draft Deprecated 2

Relationship Changes

The "Version 3.3 Total" lists the total number of relationships in Version 3.3. The "Shared" value is the total number of relationships in entries that were in both Version 3.3 and Version 3.2. The "New" value is the total number of relationships involving entries that did not exist in Version 3.2. Thus, the total number of relationships in Version 3.3 would combine stats from Shared entries and New entries.

Relationship Version 3.3 Total Version 3.2 Total Version 3.3 Shared Unchanged Added to Version 3.3 Removed from Version 3.2 Version 3.3 New
ALL 9307 9267 9271 9051 220 216 36
ChildOf 3989 4009 3979 3904 75 105 10
ParentOf 3989 4009 3979 3904 75 105 10
MemberOf 440 401 432 398 34 3 8
HasMember 440 401 432 398 34 3 8
CanPrecede 128 127 128 127 1
CanFollow 128 127 128 127 1
StartsWith 3 3 3 3
Requires 14 14 14 14
RequiredBy 14 14 14 14
CanAlsoBe 30 30 30 30
PeerOf 132 132 132 132

Nodes Removed from Version 3.2

CWE-ID CWE Name
None.

Nodes Added to Version 3.3

CWE-ID CWE Name
1178 Weaknesses Addressed by the SEI CERT Perl Coding Standard
1179 SEI CERT Perl Coding Standard - Guidelines 01. Input Validation and Data Sanitization (IDS)
1180 SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL)
1181 SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP)
1182 SEI CERT Perl Coding Standard - Guidelines 04. Integers (INT)
1183 SEI CERT Perl Coding Standard - Guidelines 05. Strings (STR)
1184 SEI CERT Perl Coding Standard - Guidelines 06. Object-Oriented Programming (OOP)
1185 SEI CERT Perl Coding Standard - Guidelines 07. File Input and Output (FIO)
1186 SEI CERT Perl Coding Standard - Guidelines 50. Miscellaneous (MSC)
1187 Use of Uninitialized Resource
1188 Insecure Default Initialization of Resource

Nodes Deprecated in Version 3.3

CWE-ID CWE Name
17 DEPRECATED: Code
18 DEPRECATED: Source Code
Important Changes
Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D Description
N Name
R Relationships

R 2 7PK - Environment
R 16 Configuration
DNR 17 DEPRECATED: Code
DNR 18 DEPRECATED: Source Code
R 19 Data Processing Errors
R 20 Improper Input Validation
R 21 Pathname Traversal and Equivalence Errors
R 22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
R 59 Improper Link Resolution Before File Access ('Link Following')
R 74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
R 77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
R 78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
R 88 Argument Injection or Modification
R 89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
R 90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
R 93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
R 99 Improper Control of Resource Identifiers ('Resource Injection')
R 113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
R 116 Improper Encoding or Escaping of Output
R 118 Incorrect Access of Indexable Resource ('Range Error')
R 119 Improper Restriction of Operations within the Bounds of a Memory Buffer
R 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
R 123 Write-what-where Condition
D 125 Out-of-bounds Read
R 131 Incorrect Calculation of Buffer Size
R 134 Use of Externally-Controlled Format String
R 137 Representation Errors
R 171 Cleansing, Canonicalization, and Comparison Errors
R 172 Encoding Error
R 178 Improper Handling of Case Sensitivity
R 183 Permissive Whitelist
R 184 Incomplete Blacklist
R 185 Incorrect Regular Expression
R 189 Numeric Errors
R 193 Off-by-one Error
R 200 Information Exposure
R 203 Information Exposure Through Discrepancy
R 209 Information Exposure Through an Error Message
R 212 Improper Cross-boundary Removal of Sensitive Data
R 220 Sensitive Data Under FTP Root
R 252 Unchecked Return Value
R 254 7PK - Security Features
R 255 Credentials Management
R 264 Permissions, Privileges, and Access Controls
R 269 Improper Privilege Management
R 273 Improper Check for Dropped Privileges
R 276 Incorrect Default Permissions
R 280 Improper Handling of Insufficient Permissions or Privileges
R 281 Improper Preservation of Permissions
R 284 Improper Access Control
R 285 Improper Authorization
R 287 Improper Authentication
R 290 Authentication Bypass by Spoofing
R 294 Authentication Bypass by Capture-replay
R 295 Improper Certificate Validation
R 297 Improper Validation of Certificate with Host Mismatch
R 304 Missing Critical Step in Authentication
R 307 Improper Restriction of Excessive Authentication Attempts
R 310 Cryptographic Issues
R 311 Missing Encryption of Sensitive Data
R 312 Cleartext Storage of Sensitive Information
R 319 Cleartext Transmission of Sensitive Information
R 320 Key Management Errors
R 326 Inadequate Encryption Strength
R 327 Use of a Broken or Risky Cryptographic Algorithm
R 330 Use of Insufficiently Random Values
R 331 Insufficient Entropy
R 332 Insufficient Entropy in PRNG
R 335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
R 345 Insufficient Verification of Data Authenticity
R 346 Origin Validation Error
R 354 Improper Validation of Integrity Check Value
R 358 Improperly Implemented Security Check for Standard
R 361 7PK - Time and State
R 362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
R 367 Time-of-check Time-of-use (TOCTOU) Race Condition
R 371 State Issues
R 384 Session Fixation
R 389 Error Conditions, Return Values, Status Codes
D 391 Unchecked Error Condition
R 398 7PK - Code Quality
R 399 Resource Management Errors
R 400 Uncontrolled Resource Consumption
DN 401 Missing Release of Memory after Effective Lifetime
R 404 Improper Resource Shutdown or Release
R 405 Asymmetric Resource Consumption (Amplification)
NR 407 Inefficient Algorithmic Complexity
R 415 Double Free
R 416 Use After Free
R 417 Channel and Path Errors
R 425 Direct Request ('Forced Browsing')
R 426 Untrusted Search Path
R 427 Uncontrolled Search Path Element
R 428 Unquoted Search Path or Element
R 435 Improper Interaction Between Multiple Correctly-Behaving Entities
R 436 Interpretation Conflict
R 441 Unintended Proxy or Intermediary ('Confused Deputy')
R 452 Initialization and Cleanup Errors
R 453 Insecure Default Variable Initialization
R 456 Missing Initialization of a Variable
R 457 Use of Uninitialized Variable
R 459 Incomplete Cleanup
R 470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
R 472 External Control of Assumed-Immutable Web Parameter
R 476 NULL Pointer Dereference
R 485 7PK - Encapsulation
R 494 Download of Code Without Integrity Check
R 521 Weak Password Requirements
R 522 Insufficiently Protected Credentials
NR 532 Inclusion of Sensitive Information in Log Files
R 538 File and Directory Information Exposure
R 565 Reliance on Cookies without Validation and Integrity Checking
R 601 URL Redirection to Untrusted Site ('Open Redirect')
R 610 Externally Controlled Reference to a Resource in Another Sphere
N 611 Improper Restriction of XML External Entity Reference
R 613 Insufficient Session Expiration
R 617 Reachable Assertion
R 639 Authorization Bypass Through User-Controlled Key
R 640 Weak Password Recovery Mechanism for Forgotten Password
R 664 Improper Control of a Resource Through its Lifetime
R 665 Improper Initialization
R 668 Exposure of Resource to Wrong Sphere
R 669 Incorrect Resource Transfer Between Spheres
R 670 Always-Incorrect Control Flow Implementation
R 672 Operation on a Resource after Expiration or Release
R 674 Uncontrolled Recursion
R 681 Incorrect Conversion between Numeric Types
R 682 Incorrect Calculation
R 693 Protection Mechanism Failure
R 694 Use of Multiple Resources with Duplicate Identifier
R 703 Improper Check or Handling of Exceptional Conditions
R 704 Incorrect Type Conversion or Cast
R 706 Use of Incorrectly-Resolved Name or Reference
R 707 Improper Enforcement of Message or Data Structure
R 732 Incorrect Permission Assignment for Critical Resource
R 749 Exposed Dangerous Method or Function
D R 754 Improper Check for Unusual or Exceptional Conditions
R 755 Improper Handling of Exceptional Conditions
R 763 Release of Invalid Pointer or Reference
R 770 Allocation of Resources Without Limits or Throttling
R 772 Missing Release of Resource after Effective Lifetime
R 774 Allocation of File Descriptors or Handles Without Limits or Throttling
R 775 Missing Release of File Descriptor or Handle after Effective Lifetime
R 776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
R 789 Uncontrolled Memory Allocation
R 798 Use of Hard-coded Credentials
R 829 Inclusion of Functionality from Untrusted Control Sphere
R 834 Excessive Iteration
R 835 Loop with Unreachable Exit Condition ('Infinite Loop')
R 838 Inappropriate Encoding for Output Context
R 843 Access of Resource Using Incompatible Type ('Type Confusion')
R 862 Missing Authorization
R 863 Incorrect Authorization
R 909 Missing Initialization of Resource
R 913 Improper Control of Dynamically-Managed Code Resources
R 915 Improperly Controlled Modification of Dynamically-Determined Object Attributes
R 916 Use of Password Hash With Insufficient Computational Effort
R 918 Server-Side Request Forgery (SSRF)
R 920 Improper Restriction of Power Consumption
R 922 Insecure Storage of Sensitive Information
R 924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel
R 942 Overly Permissive Cross-domain Whitelist
R 943 Improper Neutralization of Special Elements in Data Query Logic
R 1003 Weaknesses for Simplified Mapping of Published Vulnerabilities
R 1021 Improper Restriction of Rendered UI Layers or Frames
D 1153 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 50. Android (DRD)
D 1175 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 18. Concurrency (CON)
Detailed Difference Report
Detailed Difference Report
2 7PK - Environment
Major Relationships
Minor None
15 External Control of System or Configuration Setting
Major Related_Attack_Patterns
Minor None
16 Configuration
Major Relationships
Minor None
17 DEPRECATED: Code
Major Description, Maintenance_Notes, Name, Relationships, Type
Minor None
18 DEPRECATED: Source Code
Major Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings, Type
Minor None
19 Data Processing Errors
Major Relationships
Minor None
20 Improper Input Validation
Major Related_Attack_Patterns, Relationships
Minor None
21 Pathname Traversal and Equivalence Errors
Major Relationships
Minor None
22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Major Related_Attack_Patterns, Relationships, Type
Minor None
23 Relative Path Traversal
Major Related_Attack_Patterns
Minor None
41 Improper Resolution of Path Equivalence
Major Related_Attack_Patterns
Minor None
46 Path Equivalence: 'filename ' (Trailing Space)
Major Related_Attack_Patterns
Minor None
59 Improper Link Resolution Before File Access ('Link Following')
Major Relationships
Minor None
64 Windows Shortcut Following (.LNK)
Major Related_Attack_Patterns
Minor None
74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Major Related_Attack_Patterns, Relationships
Minor None
77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Major Related_Attack_Patterns, Relationships
Minor None
78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Major Relationships
Minor None
83 Improper Neutralization of Script in Attributes in a Web Page
Major Related_Attack_Patterns
Minor None
84 Improper Neutralization of Encoded URI Schemes in a Web Page
Major Related_Attack_Patterns
Minor None
88 Argument Injection or Modification
Major Related_Attack_Patterns, Relationships
Minor None
89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Major Relationships
Minor None
90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Major Relationships
Minor None
91 XML Injection (aka Blind XPath Injection)
Major Related_Attack_Patterns
Minor None
93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
Major Relationships
Minor None
94 Improper Control of Generation of Code ('Code Injection')
Major Related_Attack_Patterns, Type
Minor None
95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Major Type
Minor None
98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Major Type
Minor None
99 Improper Control of Resource Identifiers ('Resource Injection')
Major Relationships
Minor None
113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Major Relationships
Minor None
116 Improper Encoding or Escaping of Output
Major Relationships
Minor None
117 Improper Output Neutralization for Logs
Major Related_Attack_Patterns
Minor None
118 Incorrect Access of Indexable Resource ('Range Error')
Major Relationships
Minor None
119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Major Related_Attack_Patterns, Relationships
Minor None
120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Major Relationships
Minor None
123 Write-what-where Condition
Major Relationships
Minor None
125 Out-of-bounds Read
Major Description, Related_Attack_Patterns
Minor None
131 Incorrect Calculation of Buffer Size
Major Relationships
Minor None
134 Use of Externally-Controlled Format String
Major Relationships
Minor None
137 Representation Errors
Major Relationships
Minor None
150 Improper Neutralization of Escape, Meta, or Control Sequences
Major Related_Attack_Patterns
Minor None
171 Cleansing, Canonicalization, and Comparison Errors
Major Relationships
Minor None
172 Encoding Error
Major Relationships
Minor None
173 Improper Handling of Alternate Encoding
Major Related_Attack_Patterns
Minor None
178 Improper Handling of Case Sensitivity
Major Relationships
Minor None
180 Incorrect Behavior Order: Validate Before Canonicalize
Major Related_Attack_Patterns
Minor None
183 Permissive Whitelist
Major Relationships
Minor None
184 Incomplete Blacklist
Major Related_Attack_Patterns, Relationships
Minor None
185 Incorrect Regular Expression
Major Related_Attack_Patterns, Relationships, Type
Minor None
189 Numeric Errors
Major Relationships
Minor None
193 Off-by-one Error
Major Demonstrative_Examples, Relationships
Minor None
200 Information Exposure
Major Related_Attack_Patterns, Relationships
Minor None
203 Information Exposure Through Discrepancy
Major Relationships, Type
Minor None
209 Information Exposure Through an Error Message
Major Relationships
Minor None
212 Improper Cross-boundary Removal of Sensitive Data
Major Relationships
Minor None
216 Containment Errors (Container Errors)
Major Related_Attack_Patterns
Minor None
220 Sensitive Data Under FTP Root
Major Relationships
Minor None
248 Uncaught Exception
Major Related_Attack_Patterns
Minor None
252 Unchecked Return Value
Major Relationships
Minor None
254 7PK - Security Features
Major Relationships
Minor None
255 Credentials Management
Major Relationships
Minor None
256 Unprotected Storage of Credentials
Major Type
Minor None
259 Use of Hard-coded Password
Major Related_Attack_Patterns
Minor None
264 Permissions, Privileges, and Access Controls
Major Relationships
Minor None
269 Improper Privilege Management
Major Related_Attack_Patterns, Relationships
Minor None
273 Improper Check for Dropped Privileges
Major Relationships
Minor None
276 Incorrect Default Permissions
Major Relationships, Type
Minor None
280 Improper Handling of Insufficient Permissions or Privileges
Major Relationships
Minor None
281 Improper Preservation of Permissions
Major Relationships
Minor None
284 Improper Access Control
Major Related_Attack_Patterns, Relationships
Minor None
285 Improper Authorization
Major Related_Attack_Patterns, Relationships
Minor None
287 Improper Authentication
Major Demonstrative_Examples, Related_Attack_Patterns, Relationships
Minor None
290 Authentication Bypass by Spoofing
Major Related_Attack_Patterns, Relationships
Minor None
294 Authentication Bypass by Capture-replay
Major Relationships
Minor None
295 Improper Certificate Validation
Major Relationships
Minor None
297 Improper Validation of Certificate with Host Mismatch
Major Relationships
Minor None
300 Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Major Related_Attack_Patterns
Minor None
304 Missing Critical Step in Authentication
Major Relationships
Minor None
306 Missing Authentication for Critical Function
Major Related_Attack_Patterns, Type
Minor None
307 Improper Restriction of Excessive Authentication Attempts
Major Demonstrative_Examples, Relationships
Minor None
310 Cryptographic Issues
Major Relationships
Minor None
311 Missing Encryption of Sensitive Data
Major Related_Attack_Patterns, Relationships, Type
Minor None
312 Cleartext Storage of Sensitive Information
Major Relationships, Type
Minor None
319 Cleartext Transmission of Sensitive Information
Major Relationships, Type
Minor None
320 Key Management Errors
Major Relationships
Minor None
323 Reusing a Nonce, Key Pair in Encryption
Major Type
Minor None
326 Inadequate Encryption Strength
Major Relationships
Minor None
327 Use of a Broken or Risky Cryptographic Algorithm
Major Related_Attack_Patterns, Relationships, Type
Minor None
329 Not Using a Random IV with CBC Mode
Major Demonstrative_Examples
Minor None
330 Use of Insufficiently Random Values
Major Relationships
Minor None
331 Insufficient Entropy
Major Relationships
Minor None
332 Insufficient Entropy in PRNG
Major Relationships
Minor None
335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
Major Relationships
Minor None
336 Same Seed in Pseudo-Random Number Generator (PRNG)
Major Type
Minor None
337 Predictable Seed in Pseudo-Random Number Generator (PRNG)
Major Type
Minor None
339 Small Seed Space in PRNG
Major Type
Minor None
345 Insufficient Verification of Data Authenticity
Major Related_Attack_Patterns, Relationships
Minor None
346 Origin Validation Error
Major Related_Attack_Patterns, Relationships
Minor None
353 Missing Support for Integrity Check
Major Related_Attack_Patterns
Minor None
354 Improper Validation of Integrity Check Value
Major Related_Attack_Patterns, Relationships
Minor None
358 Improperly Implemented Security Check for Standard
Major Relationships
Minor None
361 7PK - Time and State
Major Relationships
Minor None
362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Major Relationships
Minor None
367 Time-of-check Time-of-use (TOCTOU) Race Condition
Major Relationships
Minor None
371 State Issues
Major Relationships
Minor None
372 Incomplete Internal State Distinction
Major Related_Attack_Patterns
Minor None
377 Insecure Temporary File
Major Related_Attack_Patterns
Minor None
379 Creation of Temporary File in Directory with Incorrect Permissions
Major Type
Minor None
384 Session Fixation
Major Relationships
Minor None
389 Error Conditions, Return Values, Status Codes
Major Relationships
Minor None
391 Unchecked Error Condition
Major Description, Maintenance_Notes
Minor None
398 7PK - Code Quality
Major Relationships
Minor None
399 Resource Management Errors
Major Relationships
Minor None
400 Uncontrolled Resource Consumption
Major Related_Attack_Patterns, Relationships
Minor None
401 Missing Release of Memory after Effective Lifetime
Major Description, Name
Minor None
404 Improper Resource Shutdown or Release
Major Related_Attack_Patterns, Relationships
Minor None
405 Asymmetric Resource Consumption (Amplification)
Major Relationships
Minor None
406 Insufficient Control of Network Message Volume (Network Amplification)
Major Type
Minor None
407 Inefficient Algorithmic Complexity
Major Name, Relationships, Type
Minor None
415 Double Free
Major Relationships
Minor None
416 Use After Free
Major Relationships, Type
Minor None
417 Channel and Path Errors
Major Relationships
Minor None
424 Improper Protection of Alternate Path
Major Related_Attack_Patterns
Minor None
425 Direct Request ('Forced Browsing')
Major Relationships
Minor None
426 Untrusted Search Path
Major Related_Attack_Patterns, Relationships
Minor None
427 Uncontrolled Search Path Element
Major Related_Attack_Patterns, Relationships
Minor None
428 Unquoted Search Path or Element
Major Related_Attack_Patterns, Relationships
Minor None
430 Deployment of Wrong Handler
Major Related_Attack_Patterns
Minor None
434 Unrestricted Upload of File with Dangerous Type
Major Related_Attack_Patterns
Minor None
435 Improper Interaction Between Multiple Correctly-Behaving Entities
Major Relationships
Minor None
436 Interpretation Conflict
Major Relationships, Type
Minor None
441 Unintended Proxy or Intermediary ('Confused Deputy')
Major Relationships
Minor None
452 Initialization and Cleanup Errors
Major Relationships
Minor None
453 Insecure Default Variable Initialization
Major Relationships, Type
Minor None
456 Missing Initialization of a Variable
Major Relationships, Type
Minor None
457 Use of Uninitialized Variable
Major Relationships, Type
Minor None
459 Incomplete Cleanup
Major Relationships
Minor None
470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Major Relationships
Minor None
472 External Control of Assumed-Immutable Web Parameter
Major Related_Attack_Patterns, Relationships
Minor None
476 NULL Pointer Dereference
Major Relationships
Minor None
485 7PK - Encapsulation
Major Relationships
Minor None
489 Leftover Debug Code
Major Related_Attack_Patterns
Minor None
494 Download of Code Without Integrity Check
Major Related_Attack_Patterns, Relationships
Minor None
497 Exposure of System Data to an Unauthorized Control Sphere
Major Related_Attack_Patterns
Minor None
502 Deserialization of Untrusted Data
Major Type
Minor None
521 Weak Password Requirements
Major Relationships
Minor None
522 Insufficiently Protected Credentials
Major Related_Attack_Patterns, Relationships
Minor None
532 Inclusion of Sensitive Information in Log Files
Major Name, Relationships
Minor None
538 File and Directory Information Exposure
Major Relationships
Minor None
552 Files or Directories Accessible to External Parties
Major Related_Attack_Patterns
Minor None
561 Dead Code
Major Type
Minor None
565 Reliance on Cookies without Validation and Integrity Checking
Major Related_Attack_Patterns, Relationships
Minor None
601 URL Redirection to Untrusted Site ('Open Redirect')
Major Relationships, Type
Minor None
602 Client-Side Enforcement of Server-Side Security
Major Related_Attack_Patterns
Minor None
610 Externally Controlled Reference to a Resource in Another Sphere
Major Relationships
Minor None
611 Improper Restriction of XML External Entity Reference
Major Name, Type
Minor None
613 Insufficient Session Expiration
Major Relationships
Minor None
617 Reachable Assertion
Major Relationships, Type
Minor None
639 Authorization Bypass Through User-Controlled Key
Major Relationships
Minor None
640 Weak Password Recovery Mechanism for Forgotten Password
Major Relationships
Minor None
645 Overly Restrictive Account Lockout Mechanism
Major Related_Attack_Patterns
Minor None
656 Reliance on Security Through Obscurity
Major Related_Attack_Patterns
Minor None
662 Improper Synchronization
Major Type
Minor None
664 Improper Control of a Resource Through its Lifetime
Major Relationships
Minor None
665 Improper Initialization
Major Relationships
Minor None
666 Operation on Resource in Wrong Phase of Lifetime
Major Type
Minor None
668 Exposure of Resource to Wrong Sphere
Major Relationships
Minor None
669 Incorrect Resource Transfer Between Spheres
Major Relationships
Minor None
670 Always-Incorrect Control Flow Implementation
Major Relationships
Minor None
672 Operation on a Resource after Expiration or Release
Major Relationships, Type
Minor None
674 Uncontrolled Recursion
Major Related_Attack_Patterns, Relationships, Type
Minor None
681 Incorrect Conversion between Numeric Types
Major Relationships, Type
Minor None
682 Incorrect Calculation
Major Related_Attack_Patterns, Relationships
Minor None
693 Protection Mechanism Failure
Major Related_Attack_Patterns, Relationships
Minor None
694 Use of Multiple Resources with Duplicate Identifier
Major Relationships
Minor None
697 Incorrect Comparison
Major Related_Attack_Patterns
Minor None
703 Improper Check or Handling of Exceptional Conditions
Major Relationships
Minor None
704 Incorrect Type Conversion or Cast
Major Relationships
Minor None
706 Use of Incorrectly-Resolved Name or Reference
Major Related_Attack_Patterns, Relationships
Minor None
707 Improper Enforcement of Message or Data Structure
Major Related_Attack_Patterns, Relationships
Minor None
732 Incorrect Permission Assignment for Critical Resource
Major Relationships
Minor None
749 Exposed Dangerous Method or Function
Major Relationships
Minor None
750 Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors
Major References
Minor None
751 2009 Top 25 - Insecure Interaction Between Components
Major References
Minor None
752 2009 Top 25 - Risky Resource Management
Major References
Minor None
753 2009 Top 25 - Porous Defenses
Major References
Minor None
754 Improper Check for Unusual or Exceptional Conditions
Major Description, Relationships
Minor None
755 Improper Handling of Exceptional Conditions
Major Relationships
Minor None
757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Major Type
Minor None
759 Use of a One-Way Hash without a Salt
Major Type
Minor None
760 Use of a One-Way Hash with a Predictable Salt
Major Type
Minor None
763 Release of Invalid Pointer or Reference
Major Relationships
Minor None
765 Multiple Unlocks of a Critical Resource
Major Type
Minor None
770 Allocation of Resources Without Limits or Throttling
Major Related_Attack_Patterns, Relationships
Minor None
772 Missing Release of Resource after Effective Lifetime
Major Relationships
Minor None
774 Allocation of File Descriptors or Handles Without Limits or Throttling
Major Relationships
Minor None
775 Missing Release of File Descriptor or Handle after Effective Lifetime
Major Relationships
Minor None
776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Major Relationships, Type
Minor None
783 Operator Precedence Logic Error
Major Type
Minor None
789 Uncontrolled Memory Allocation
Major Relationships
Minor None
798 Use of Hard-coded Credentials
Major Related_Attack_Patterns, Relationships
Minor None
800 Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
Major References
Minor None
801 2010 Top 25 - Insecure Interaction Between Components
Major References
Minor None
802 2010 Top 25 - Risky Resource Management
Major References
Minor None
803 2010 Top 25 - Porous Defenses
Major References
Minor None
805 Buffer Access with Incorrect Length Value
Major Related_Attack_Patterns
Minor None
808 2010 Top 25 - Weaknesses On the Cusp
Major References
Minor None
822 Untrusted Pointer Dereference
Major Related_Attack_Patterns
Minor None
823 Use of Out-of-range Pointer Offset
Major Related_Attack_Patterns
Minor None
827 Improper Control of Document Type Definition
Major Type
Minor None
829 Inclusion of Functionality from Untrusted Control Sphere
Major Related_Attack_Patterns, Relationships, Type
Minor None
830 Inclusion of Web Functionality from an Untrusted Source
Major Type
Minor None
834 Excessive Iteration
Major Relationships, Type
Minor None
835 Loop with Unreachable Exit Condition ('Infinite Loop')
Major Relationships
Minor None
838 Inappropriate Encoding for Output Context
Major Relationships
Minor None
843 Access of Resource Using Incompatible Type ('Type Confusion')
Major Relationships
Minor None
862 Missing Authorization
Major Relationships
Minor None
863 Incorrect Authorization
Major Relationships
Minor None
864 2011 Top 25 - Insecure Interaction Between Components
Major References
Minor None
865 2011 Top 25 - Risky Resource Management
Major References
Minor None
866 2011 Top 25 - Porous Defenses
Major References
Minor None
867 2011 Top 25 - Weaknesses On the Cusp
Major References
Minor None
900 Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors
Major References
Minor None
909 Missing Initialization of Resource
Major Relationships
Minor None
911 Improper Update of Reference Count
Major Type
Minor None
912 Hidden Functionality
Major Related_Attack_Patterns
Minor None
913 Improper Control of Dynamically-Managed Code Resources
Major Relationships
Minor None
915 Improperly Controlled Modification of Dynamically-Determined Object Attributes
Major Relationships
Minor None
916 Use of Password Hash With Insufficient Computational Effort
Major Related_Attack_Patterns, Relationships
Minor None
918 Server-Side Request Forgery (SSRF)
Major Relationships
Minor None
920 Improper Restriction of Power Consumption
Major Relationships
Minor None
922 Insecure Storage of Sensitive Information
Major Relationships
Minor None
924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Major Relationships, Type
Minor None
940 Improper Verification of Source of a Communication Channel
Major Related_Attack_Patterns
Minor None
942 Overly Permissive Cross-domain Whitelist
Major Relationships
Minor None
943 Improper Neutralization of Special Elements in Data Query Logic
Major Relationships
Minor None
1003 Weaknesses for Simplified Mapping of Published Vulnerabilities
Major Relationships
Minor None
1021 Improper Restriction of Rendered UI Layers or Frames
Major Related_Attack_Patterns, Relationships
Minor None
1039 Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations
Major References
Minor None
1153 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 50. Android (DRD)
Major Description
Minor None
1175 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 18. Concurrency (CON)
Major Description
Minor None
More information is available — Please select a different filter.
Page Last Updated: June 20, 2019