CWE - Differences between Version 4.14 and Version 4.15

Home > CWE List > Reports > Differences between Version 4.14 and Version 4.15

Differences between Version 4.14 and Version 4.15

Summary | Field Change Summary | Important Changes | Detailed Difference Report

Summary

Total weaknesses/chains/composites (Version 4.15)	939
Total weaknesses/chains/composites (Version 4.14)	938
Total new	1
Total deprecated	0
Total with major changes	56
Total with only minor changes	5
Total unchanged	1365

Summary of Entry Types

Type	Version 4.14	Version 4.15
Weakness	938	939
Category	374	374
View	50	50
Deprecated	64	64
Total	1426	1427

Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field	Major	Minor
Name	0	0
Description	13	0
Diagram	15	0
Relationships	8	0
Common_Consequences	15	2
Applicable_Platforms	6	0
Modes_of_Introduction	3	0
Detection_Factors	0	0
Potential_Mitigations	3	3
Demonstrative_Examples	8	0
Observed_Examples	14	0
Related_Attack_Patterns	0	0
Weakness_Ordinalities	5	0
Time_of_Introduction	1	0
Likelihood_of_Exploit	0	0
References	20	1
Mapping_Notes	3	0
Terminology_Notes	2	0
Alternate_Terms	10	0
Relationship_Notes	1	0
Taxonomy_Mappings	0	0
Maintenance_Notes	0	0
Research_Gaps	0	0
Background_Details	1	0
Theoretical_Notes	0	0
Other_Notes	3	0
View_Type	0	0
View_Structure	0	0
View_Filter	0	0
View_Audience	0	0
Type	0	0
Source_Taxonomy	0	0

Form and Abstraction Changes

From	To	Total	CWE IDs
Unchanged		1426

Status Changes

From	To	Total
Unchanged		1426

Relationship Changes

The "Version 4.15 Total" lists the total number of relationships in Version 4.15. The "Shared" value is the total number of relationships in entries that were in both Version 4.15 and Version 4.14. The "New" value is the total number of relationships involving entries that did not exist in Version 4.14. Thus, the total number of relationships in Version 4.15 would combine stats from Shared entries and New entries.

Relationship	Version 4.15 Total	Version 4.14 Total	Version 4.15 Shared	Unchanged	Added to Version 4.15	Version 4.15 New
ALL	12462	12450	12458	12450	8	4
ChildOf	5287	5285	5285	5285		2
ParentOf	5287	5285	5285	5285		2
MemberOf	690	690	690	690
HasMember	690	690	690	690
CanPrecede	141	137	141	137	4
CanFollow	141	137	141	137	4
StartsWith	3	3	3	3
Requires	13	13	13	13
RequiredBy	13	13	13	13
CanAlsoBe	27	27	27	27
PeerOf	170	170	170	170

Nodes Removed in Version 4.15

CWE-ID	CWE Name
None.

Nodes Added to Version 4.15

CWE-ID	CWE Name
1426	Improper Validation of Generative AI Output

Nodes Deprecated in Version 4.15

CWE-ID	CWE Name
None.

Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D	Description
N	Name
R	Relationships

D		22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
D		77	Improper Neutralization of Special Elements used in a Command ('Command Injection')
D		78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
D		89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
D		119	Improper Restriction of Operations within the Bounds of a Memory Buffer
D		125	Out-of-bounds Read
D		190	Integer Overflow or Wraparound
D		306	Missing Authentication for Critical Function
	R	340	Generation of Predictable Numbers or Identifiers
	R	362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
	R	384	Session Fixation
D	R	416	Use After Free
D		434	Unrestricted Upload of File with Dangerous Type
D	R	476	NULL Pointer Dereference
	R	707	Improper Neutralization
	R	754	Improper Check for Unusual or Exceptional Conditions
D		787	Out-of-bounds Write
D		798	Use of Hard-coded Credentials
	R	1409	Comprehensive Categorization: Injection

Detailed Difference Report

20	Improper Input Validation
	Major	Observed_Examples
	Minor	None
22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
	Major	Common_Consequences, Description, Diagram, Observed_Examples, Other_Notes, References
	Minor	None
23	Relative Path Traversal
	Major	Observed_Examples, References
	Minor	None
36	Absolute Path Traversal
	Major	References
	Minor	None
62	UNIX Hard Link
	Major	Observed_Examples
	Minor	None
74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
	Major	Observed_Examples
	Minor	None
77	Improper Neutralization of Special Elements used in a Command ('Command Injection')
	Major	Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Diagram, Mapping_Notes, Modes_of_Introduction, Observed_Examples, Other_Notes, Terminology_Notes
	Minor	None
78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
	Major	Alternate_Terms, Common_Consequences, Demonstrative_Examples, Description, Diagram, References
	Minor	None
88	Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
	Major	Observed_Examples
	Minor	None
89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
	Major	Alternate_Terms, Common_Consequences, Description, Diagram, References
	Minor	None
94	Improper Control of Generation of Code ('Code Injection')
	Major	Applicable_Platforms, Observed_Examples
	Minor	None
95	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
	Major	Applicable_Platforms, Observed_Examples
	Minor	None
116	Improper Encoding or Escaping of Output
	Major	Applicable_Platforms
	Minor	None
119	Improper Restriction of Operations within the Bounds of a Memory Buffer
	Major	Alternate_Terms, Background_Details, Common_Consequences, Description, Diagram
	Minor	None
125	Out-of-bounds Read
	Major	Alternate_Terms, Common_Consequences, Description, Diagram, Weakness_Ordinalities
	Minor	None
135	Incorrect Calculation of Multi-Byte String Length
	Major	Common_Consequences
	Minor	None
184	Incomplete List of Disallowed Inputs
	Major	Observed_Examples
	Minor	None
190	Integer Overflow or Wraparound
	Major	Alternate_Terms, Common_Consequences, Description, Diagram, Mapping_Notes, Modes_of_Introduction, Other_Notes, References, Relationship_Notes, Terminology_Notes
	Minor	None
226	Sensitive Information in Resource Not Removed Before Reuse
	Major	None
	Minor	References
269	Improper Privilege Management
	Major	Diagram
	Minor	None
287	Improper Authentication
	Major	Diagram
	Minor	None
300	Channel Accessible by Non-Endpoint
	Major	Alternate_Terms
	Minor	None
306	Missing Authentication for Critical Function
	Major	Common_Consequences, Description, Diagram, Modes_of_Introduction, Potential_Mitigations, Time_of_Introduction
	Minor	None
340	Generation of Predictable Numbers or Identifiers
	Major	Relationships
	Minor	None
362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
	Major	Relationships
	Minor	None
384	Session Fixation
	Major	Relationships
	Minor	None
385	Covert Timing Channel
	Major	References
	Minor	None
416	Use After Free
	Major	Alternate_Terms, Common_Consequences, Description, Diagram, Potential_Mitigations, Relationships, Weakness_Ordinalities
	Minor	None
426	Untrusted Search Path
	Major	Demonstrative_Examples
	Minor	None
434	Unrestricted Upload of File with Dangerous Type
	Major	Common_Consequences, Description, Diagram, Weakness_Ordinalities
	Minor	None
476	NULL Pointer Dereference
	Major	Alternate_Terms, Demonstrative_Examples, Description, Diagram, Potential_Mitigations, Relationships, Weakness_Ordinalities
	Minor	None
506	Embedded Malicious Code
	Major	References
	Minor	None
507	Trojan Horse
	Major	References
	Minor	None
508	Non-Replicating Malicious Code
	Major	References
	Minor	None
509	Replicating Malicious Code (Virus or Worm)
	Major	References
	Minor	None
510	Trapdoor
	Major	References
	Minor	None
511	Logic/Time Bomb
	Major	References
	Minor	None
514	Covert Channel
	Major	References
	Minor	None
515	Covert Storage Channel
	Major	References
	Minor	None
707	Improper Neutralization
	Major	Relationships
	Minor	None
754	Improper Check for Unusual or Exceptional Conditions
	Major	Relationships
	Minor	None
786	Access of Memory Location Before Start of Buffer
	Major	Common_Consequences
	Minor	None
787	Out-of-bounds Write
	Major	Alternate_Terms, Common_Consequences, Description, Diagram, Weakness_Ordinalities
	Minor	Potential_Mitigations
788	Access of Memory Location After End of Buffer
	Major	Common_Consequences
	Minor	None
798	Use of Hard-coded Credentials
	Major	Common_Consequences, Description, Diagram
	Minor	None
805	Buffer Access with Incorrect Length Value
	Major	None
	Minor	Potential_Mitigations
806	Buffer Access Using Size of Source Buffer
	Major	None
	Minor	Potential_Mitigations
824	Access of Uninitialized Pointer
	Major	Observed_Examples
	Minor	None
915	Improperly Controlled Modification of Dynamically-Determined Object Attributes
	Major	Observed_Examples
	Minor	None
1039	Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations
	Major	Applicable_Platforms
	Minor	None
1209	Failure to Disable Reserved Bits
	Major	None
	Minor	Common_Consequences
1221	Incorrect Register Defaults or Module Parameters
	Major	Demonstrative_Examples, References
	Minor	None
1232	Improper Lock Behavior After Power State Transition
	Major	Demonstrative_Examples, References
	Minor	None
1255	Comparison Logic is Vulnerable to Power Side-Channel Attacks
	Major	None
	Minor	Common_Consequences
1258	Exposure of Sensitive System Information Due to Uncleared Debug Information
	Major	Demonstrative_Examples, References
	Minor	None
1287	Improper Validation of Specified Type of Input
	Major	Observed_Examples
	Minor	None
1336	Improper Neutralization of Special Elements Used in a Template Engine
	Major	Applicable_Platforms, Observed_Examples
	Minor	None
1393	Use of Default Password
	Major	References
	Minor	None
1409	Comprehensive Categorization: Injection
	Major	Relationships
	Minor	None
1419	Incorrect Initialization of Resource
	Major	Demonstrative_Examples, References
	Minor	None
1420	Exposure of Sensitive Information during Transient Execution
	Major	Mapping_Notes
	Minor	None

Page Last Updated: July 16, 2024


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Common Weakness Enumeration