CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > Reports > Differences between Version 4.14 and Version 4.15  
ID

Differences between Version 4.14 and Version 4.15

Summary
Summary
Total weaknesses/chains/composites (Version 4.15) 939
Total weaknesses/chains/composites (Version 4.14) 938
Total new 1
Total deprecated 0
Total with major changes 56
Total with only minor changes 5
Total unchanged 1365

Summary of Entry Types

Type Version 4.14 Version 4.15
Weakness 938 939
Category 374 374
View 50 50
Deprecated 64 64
Total 1426 1427

Field Change Summary
Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field Major Minor
Name 0 0
Description 13 0
Diagram 15 0
Relationships 8 0
Common_Consequences 15 2
Applicable_Platforms 6 0
Modes_of_Introduction 3 0
Detection_Factors 0 0
Potential_Mitigations 3 3
Demonstrative_Examples 8 0
Observed_Examples 14 0
Related_Attack_Patterns 0 0
Weakness_Ordinalities 5 0
Time_of_Introduction 1 0
Likelihood_of_Exploit 0 0
References 20 1
Mapping_Notes 3 0
Terminology_Notes 2 0
Alternate_Terms 10 0
Relationship_Notes 1 0
Taxonomy_Mappings 0 0
Maintenance_Notes 0 0
Research_Gaps 0 0
Background_Details 1 0
Theoretical_Notes 0 0
Other_Notes 3 0
View_Type 0 0
View_Structure 0 0
View_Filter 0 0
View_Audience 0 0
Type 0 0
Source_Taxonomy 0 0

Form and Abstraction Changes

From To Total CWE IDs
Unchanged 1426

Status Changes

From To Total
Unchanged 1426

Relationship Changes

The "Version 4.15 Total" lists the total number of relationships in Version 4.15. The "Shared" value is the total number of relationships in entries that were in both Version 4.15 and Version 4.14. The "New" value is the total number of relationships involving entries that did not exist in Version 4.14. Thus, the total number of relationships in Version 4.15 would combine stats from Shared entries and New entries.

Relationship Version 4.15 Total Version 4.14 Total Version 4.15 Shared Unchanged Added to Version 4.15 Removed from Version 4.14 Version 4.15 New
ALL 12462 12450 12458 12450 8 4
ChildOf 5287 5285 5285 5285 2
ParentOf 5287 5285 5285 5285 2
MemberOf 690 690 690 690
HasMember 690 690 690 690
CanPrecede 141 137 141 137 4
CanFollow 141 137 141 137 4
StartsWith 3 3 3 3
Requires 13 13 13 13
RequiredBy 13 13 13 13
CanAlsoBe 27 27 27 27
PeerOf 170 170 170 170

Nodes Removed in Version 4.15

CWE-ID CWE Name
None.

Nodes Added to Version 4.15

CWE-ID CWE Name
1426 Improper Validation of Generative AI Output

Nodes Deprecated in Version 4.15

CWE-ID CWE Name
None.
Important Changes
Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D Description
N Name
R Relationships

D 22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
D 77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
D 78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
D 89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
D 119 Improper Restriction of Operations within the Bounds of a Memory Buffer
D 125 Out-of-bounds Read
D 190 Integer Overflow or Wraparound
D 306 Missing Authentication for Critical Function
R 340 Generation of Predictable Numbers or Identifiers
R 362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
R 384 Session Fixation
D R 416 Use After Free
D 434 Unrestricted Upload of File with Dangerous Type
D R 476 NULL Pointer Dereference
R 707 Improper Neutralization
R 754 Improper Check for Unusual or Exceptional Conditions
D 787 Out-of-bounds Write
D 798 Use of Hard-coded Credentials
R 1409 Comprehensive Categorization: Injection
Detailed Difference Report
Detailed Difference Report
20 Improper Input Validation
Major Observed_Examples
Minor None
22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Major Common_Consequences, Description, Diagram, Observed_Examples, Other_Notes, References
Minor None
23 Relative Path Traversal
Major Observed_Examples, References
Minor None
36 Absolute Path Traversal
Major References
Minor None
62 UNIX Hard Link
Major Observed_Examples
Minor None
74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Major Observed_Examples
Minor None
77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Major Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Diagram, Mapping_Notes, Modes_of_Introduction, Observed_Examples, Other_Notes, Terminology_Notes
Minor None
78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Major Alternate_Terms, Common_Consequences, Demonstrative_Examples, Description, Diagram, References
Minor None
88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Major Observed_Examples
Minor None
89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Major Alternate_Terms, Common_Consequences, Description, Diagram, References
Minor None
94 Improper Control of Generation of Code ('Code Injection')
Major Applicable_Platforms, Observed_Examples
Minor None
95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Major Applicable_Platforms, Observed_Examples
Minor None
116 Improper Encoding or Escaping of Output
Major Applicable_Platforms
Minor None
119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Major Alternate_Terms, Background_Details, Common_Consequences, Description, Diagram
Minor None
125 Out-of-bounds Read
Major Alternate_Terms, Common_Consequences, Description, Diagram, Weakness_Ordinalities
Minor None
135 Incorrect Calculation of Multi-Byte String Length
Major Common_Consequences
Minor None
184 Incomplete List of Disallowed Inputs
Major Observed_Examples
Minor None
190 Integer Overflow or Wraparound
Major Alternate_Terms, Common_Consequences, Description, Diagram, Mapping_Notes, Modes_of_Introduction, Other_Notes, References, Relationship_Notes, Terminology_Notes
Minor None
226 Sensitive Information in Resource Not Removed Before Reuse
Major None
Minor References
269 Improper Privilege Management
Major Diagram
Minor None
287 Improper Authentication
Major Diagram
Minor None
300 Channel Accessible by Non-Endpoint
Major Alternate_Terms
Minor None
306 Missing Authentication for Critical Function
Major Common_Consequences, Description, Diagram, Modes_of_Introduction, Potential_Mitigations, Time_of_Introduction
Minor None
340 Generation of Predictable Numbers or Identifiers
Major Relationships
Minor None
362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Major Relationships
Minor None
384 Session Fixation
Major Relationships
Minor None
385 Covert Timing Channel
Major References
Minor None
416 Use After Free
Major Alternate_Terms, Common_Consequences, Description, Diagram, Potential_Mitigations, Relationships, Weakness_Ordinalities
Minor None
426 Untrusted Search Path
Major Demonstrative_Examples
Minor None
434 Unrestricted Upload of File with Dangerous Type
Major Common_Consequences, Description, Diagram, Weakness_Ordinalities
Minor None
476 NULL Pointer Dereference
Major Alternate_Terms, Demonstrative_Examples, Description, Diagram, Potential_Mitigations, Relationships, Weakness_Ordinalities
Minor None
506 Embedded Malicious Code
Major References
Minor None
507 Trojan Horse
Major References
Minor None
508 Non-Replicating Malicious Code
Major References
Minor None
509 Replicating Malicious Code (Virus or Worm)
Major References
Minor None
510 Trapdoor
Major References
Minor None
511 Logic/Time Bomb
Major References
Minor None
514 Covert Channel
Major References
Minor None
515 Covert Storage Channel
Major References
Minor None
707 Improper Neutralization
Major Relationships
Minor None
754 Improper Check for Unusual or Exceptional Conditions
Major Relationships
Minor None
786 Access of Memory Location Before Start of Buffer
Major Common_Consequences
Minor None
787 Out-of-bounds Write
Major Alternate_Terms, Common_Consequences, Description, Diagram, Weakness_Ordinalities
Minor Potential_Mitigations
788 Access of Memory Location After End of Buffer
Major Common_Consequences
Minor None
798 Use of Hard-coded Credentials
Major Common_Consequences, Description, Diagram
Minor None
805 Buffer Access with Incorrect Length Value
Major None
Minor Potential_Mitigations
806 Buffer Access Using Size of Source Buffer
Major None
Minor Potential_Mitigations
824 Access of Uninitialized Pointer
Major Observed_Examples
Minor None
915 Improperly Controlled Modification of Dynamically-Determined Object Attributes
Major Observed_Examples
Minor None
1039 Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations
Major Applicable_Platforms
Minor None
1209 Failure to Disable Reserved Bits
Major None
Minor Common_Consequences
1221 Incorrect Register Defaults or Module Parameters
Major Demonstrative_Examples, References
Minor None
1232 Improper Lock Behavior After Power State Transition
Major Demonstrative_Examples, References
Minor None
1255 Comparison Logic is Vulnerable to Power Side-Channel Attacks
Major None
Minor Common_Consequences
1258 Exposure of Sensitive System Information Due to Uncleared Debug Information
Major Demonstrative_Examples, References
Minor None
1287 Improper Validation of Specified Type of Input
Major Observed_Examples
Minor None
1336 Improper Neutralization of Special Elements Used in a Template Engine
Major Applicable_Platforms, Observed_Examples
Minor None
1393 Use of Default Password
Major References
Minor None
1409 Comprehensive Categorization: Injection
Major Relationships
Minor None
1419 Incorrect Initialization of Resource
Major Demonstrative_Examples, References
Minor None
1420 Exposure of Sensitive Information during Transient Execution
Major Mapping_Notes
Minor None
Page Last Updated: July 16, 2024