|
CWE-79
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
24638 |
|
CWE-89
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
9516 |
|
CWE-862
|
Missing Authorization |
5989 |
|
CWE-352
|
Cross-Site Request Forgery (CSRF) |
5304 |
|
CWE-20
|
Improper Input Validation |
4909 |
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
4026 |
|
CWE-125
|
Out-of-bounds Read |
3944 |
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
3872 |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor |
3673 |
|
CWE-416
|
Use After Free |
3604 |
|
CWE-284
|
Improper Access Control |
3418 |
|
CWE-78
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
3276 |
|
CWE-121
|
Stack-based Buffer Overflow |
3204 |
|
CWE-787
|
Out-of-bounds Write |
3076 |
|
CWE-119
|
Improper Restriction of Operations within the Bounds of a Memory Buffer |
2915 |
|
CWE-94
|
Improper Control of Generation of Code ('Code Injection') |
2725 |
|
CWE-122
|
Heap-based Buffer Overflow |
2689 |
|
CWE-434
|
Unrestricted Upload of File with Dangerous Type |
2475 |
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
2088 |
|
CWE-502
|
Deserialization of Untrusted Data |
2032 |
|
CWE-400
|
Uncontrolled Resource Consumption |
1958 |
|
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection') |
1749 |
|
CWE-287
|
Improper Authentication |
1705 |
|
CWE-476
|
NULL Pointer Dereference |
1523 |
|
CWE-918
|
Server-Side Request Forgery (SSRF) |
1503 |
|
CWE-863
|
Incorrect Authorization |
1377 |
|
CWE-269
|
Improper Privilege Management |
1344 |
|
CWE-285
|
Improper Authorization |
1307 |
|
CWE-306
|
Missing Authentication for Critical Function |
1279 |
|
CWE-639
|
Authorization Bypass Through User-Controlled Key |
1107 |
|
CWE-190
|
Integer Overflow or Wraparound |
1091 |
|
CWE-98
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') |
926 |
|
CWE-427
|
Uncontrolled Search Path Element |
901 |
|
CWE-770
|
Allocation of Resources Without Limits or Throttling |
898 |
|
CWE-601
|
URL Redirection to Untrusted Site ('Open Redirect') |
871 |
|
CWE-266
|
Incorrect Privilege Assignment |
836 |
|
CWE-532
|
Insertion of Sensitive Information into Log File |
768 |
|
CWE-798
|
Use of Hard-coded Credentials |
727 |
|
CWE-276
|
Incorrect Default Permissions |
700 |
|
CWE-59
|
Improper Link Resolution Before File Access ('Link Following') |
624 |
|
CWE-362
|
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
612 |
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource |
595 |
|
CWE-295
|
Improper Certificate Validation |
588 |
|
CWE-80
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
572 |
|
CWE-288
|
Authentication Bypass Using an Alternate Path or Channel |
560 |
|
CWE-611
|
Improper Restriction of XML External Entity Reference |
542 |
|
CWE-126
|
Buffer Over-read |
524 |
|
CWE-404
|
Improper Resource Shutdown or Release |
508 |
|
CWE-843
|
Access of Resource Using Incompatible Type ('Type Confusion') |
492 |
|
CWE-522
|
Insufficiently Protected Credentials |
486 |
|
CWE-347
|
Improper Verification of Cryptographic Signature |
467 |
|
CWE-23
|
Relative Path Traversal |
454 |
|
CWE-73
|
External Control of File Name or Path |
451 |
|
CWE-311
|
Missing Encryption of Sensitive Data |
450 |
|
CWE-319
|
Cleartext Transmission of Sensitive Information |
432 |
|
CWE-367
|
Time-of-check Time-of-use (TOCTOU) Race Condition |
416 |
|
CWE-754
|
Improper Check for Unusual or Exceptional Conditions |
379 |
|
CWE-209
|
Generation of Error Message Containing Sensitive Information |
366 |
|
CWE-693
|
Protection Mechanism Failure |
363 |
|
CWE-307
|
Improper Restriction of Excessive Authentication Attempts |
358 |
|
CWE-250
|
Execution with Unnecessary Privileges |
341 |
|
CWE-428
|
Unquoted Search Path or Element |
334 |
|
CWE-613
|
Insufficient Session Expiration |
332 |
|
CWE-401
|
Missing Release of Memory after Effective Lifetime |
327 |
|
CWE-312
|
Cleartext Storage of Sensitive Information |
319 |
|
CWE-327
|
Use of a Broken or Risky Cryptographic Algorithm |
316 |
|
CWE-345
|
Insufficient Verification of Data Authenticity |
304 |
|
CWE-497
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere |
303 |
|
CWE-822
|
Untrusted Pointer Dereference |
300 |
|
CWE-617
|
Reachable Assertion |
295 |
|
CWE-201
|
Insertion of Sensitive Information Into Sent Data |
293 |
|
CWE-426
|
Untrusted Search Path |
292 |
|
CWE-321
|
Use of Hard-coded Cryptographic Key |
286 |
|
CWE-552
|
Files or Directories Accessible to External Parties |
277 |
|
CWE-191
|
Integer Underflow (Wrap or Wraparound) |
277 |
|
CWE-1333
|
Inefficient Regular Expression Complexity |
277 |
|
CWE-290
|
Authentication Bypass by Spoofing |
271 |
|
CWE-415
|
Double Free |
267 |
|
CWE-707
|
Improper Neutralization |
264 |
|
CWE-835
|
Loop with Unreachable Exit Condition ('Infinite Loop') |
255 |
|
CWE-824
|
Access of Uninitialized Pointer |
252 |
|
CWE-755
|
Improper Handling of Exceptional Conditions |
234 |
|
CWE-444
|
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
211 |
|
CWE-369
|
Divide By Zero |
211 |
|
CWE-129
|
Improper Validation of Array Index |
211 |
|
CWE-908
|
Use of Uninitialized Resource |
192 |
|
CWE-256
|
Plaintext Storage of a Password |
190 |
|
CWE-384
|
Session Fixation |
188 |
|
CWE-248
|
Uncaught Exception |
188 |
|
CWE-749
|
Exposed Dangerous Method or Function |
187 |
|
CWE-788
|
Access of Memory Location After End of Buffer |
185 |
|
CWE-668
|
Exposure of Resource to Wrong Sphere |
185 |
|
CWE-346
|
Origin Validation Error |
182 |
|
CWE-259
|
Use of Hard-coded Password |
181 |
|
CWE-203
|
Observable Discrepancy |
179 |
|
CWE-116
|
Improper Encoding or Escaping of Output |
176 |
|
CWE-88
|
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
164 |
|
CWE-665
|
Improper Initialization |
162 |
|
CWE-359
|
Exposure of Private Personal Information to an Unauthorized Actor |
162 |
|
CWE-457
|
Use of Uninitialized Variable |
161 |
|
CWE-326
|
Inadequate Encryption Strength |
159 |
|
CWE-680
|
Integer Overflow to Buffer Overflow |
156 |
|
CWE-35
|
Path Traversal: '.../...//' |
153 |
|
CWE-1236
|
Improper Neutralization of Formula Elements in a CSV File |
151 |
|
CWE-674
|
Uncontrolled Recursion |
150 |
|
CWE-494
|
Download of Code Without Integrity Check |
147 |
|
CWE-305
|
Authentication Bypass by Primary Weakness |
145 |
|
CWE-1284
|
Improper Validation of Specified Quantity in Input |
145 |
|
CWE-330
|
Use of Insufficiently Random Values |
143 |
|
CWE-36
|
Absolute Path Traversal |
142 |
|
CWE-640
|
Weak Password Recovery Mechanism for Forgotten Password |
139 |
|
CWE-521
|
Weak Password Requirements |
139 |
|
CWE-61
|
UNIX Symbolic Link (Symlink) Following |
137 |
|
CWE-280
|
Improper Handling of Insufficient Permissions or Privileges |
137 |
|
CWE-134
|
Use of Externally-Controlled Format String |
136 |
|
CWE-703
|
Improper Check or Handling of Exceptional Conditions |
134 |
|
CWE-1021
|
Improper Restriction of Rendered UI Layers or Frames |
134 |
|
CWE-1321
|
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') |
130 |
|
CWE-506
|
Embedded Malicious Code |
129 |
|
CWE-204
|
Observable Response Discrepancy |
129 |
|
CWE-1336
|
Improper Neutralization of Special Elements Used in a Template Engine |
129 |
|
CWE-922
|
Insecure Storage of Sensitive Information |
127 |
|
CWE-1287
|
Improper Validation of Specified Type of Input |
127 |
|
CWE-829
|
Inclusion of Functionality from Untrusted Control Sphere |
121 |
|
CWE-281
|
Improper Preservation of Permissions |
119 |
|
CWE-95
|
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
118 |
|
CWE-789
|
Memory Allocation with Excessive Size Value |
118 |
|
CWE-294
|
Authentication Bypass by Capture-replay |
117 |
|
CWE-131
|
Incorrect Calculation of Buffer Size |
116 |
|
CWE-208
|
Observable Timing Discrepancy |
115 |
|
CWE-117
|
Improper Output Neutralization for Logs |
110 |
|
CWE-823
|
Use of Out-of-range Pointer Offset |
109 |
|
CWE-377
|
Insecure Temporary File |
109 |
|
CWE-602
|
Client-Side Enforcement of Server-Side Security |
107 |
|
CWE-451
|
User Interface (UI) Misrepresentation of Critical Information |
107 |
|
CWE-358
|
Improperly Implemented Security Check for Standard |
104 |
|
CWE-1188
|
Initialization of a Resource with an Insecure Default |
103 |
|
CWE-24
|
Path Traversal: '../filedir' |
99 |
|
CWE-591
|
Sensitive Data Storage in Improperly Locked Memory |
98 |
|
CWE-425
|
Direct Request ('Forced Browsing') |
96 |
|
CWE-303
|
Incorrect Implementation of Authentication Algorithm |
96 |
|
CWE-338
|
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
94 |
|
CWE-620
|
Unverified Password Change |
91 |
|
CWE-252
|
Unchecked Return Value |
89 |
|
CWE-130
|
Improper Handling of Length Parameter Inconsistency |
87 |
|
CWE-1220
|
Insufficient Granularity of Access Control |
86 |
|
CWE-1392
|
Use of Default Credentials |
85 |
|
CWE-704
|
Incorrect Type Conversion or Cast |
82 |
|
CWE-93
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') |
80 |
|
CWE-926
|
Improper Export of Android Application Components |
80 |
|
CWE-257
|
Storing Passwords in a Recoverable Format |
80 |
|
CWE-489
|
Active Debug Code |
79 |
|
CWE-331
|
Insufficient Entropy |
79 |
|
CWE-538
|
Insertion of Sensitive Information into Externally-Accessible File or Directory |
78 |
|
CWE-184
|
Incomplete List of Disallowed Inputs |
78 |
|
CWE-300
|
Channel Accessible by Non-Endpoint |
77 |
|
CWE-610
|
Externally Controlled Reference to a Resource in Another Sphere |
76 |
|
CWE-354
|
Improper Validation of Integrity Check Value |
75 |
|
CWE-913
|
Improper Control of Dynamically-Managed Code Resources |
74 |
|
CWE-912
|
Hidden Functionality |
74 |
|
CWE-1390
|
Weak Authentication |
74 |
|
CWE-807
|
Reliance on Untrusted Inputs in a Security Decision |
73 |
|
CWE-648
|
Incorrect Use of Privileged APIs |
73 |
|
CWE-772
|
Missing Release of Resource after Effective Lifetime |
71 |
|
CWE-916
|
Use of Password Hash With Insufficient Computational Effort |
69 |
|
CWE-379
|
Creation of Temporary File in Directory with Insecure Permissions |
69 |
|
CWE-1286
|
Improper Validation of Syntactic Correctness of Input |
68 |
|
CWE-548
|
Exposure of Information Through Directory Listing |
67 |
|
CWE-459
|
Incomplete Cleanup |
67 |
|
CWE-697
|
Incorrect Comparison |
66 |
|
CWE-681
|
Incorrect Conversion between Numeric Types |
66 |
|
CWE-598
|
Use of GET Request Method With Sensitive Query Strings |
66 |
|
CWE-193
|
Off-by-one Error |
66 |
|
CWE-670
|
Always-Incorrect Control Flow Implementation |
65 |
|
CWE-472
|
External Control of Assumed-Immutable Web Parameter |
65 |
|
CWE-799
|
Improper Control of Interaction Frequency |
64 |
|
CWE-682
|
Incorrect Calculation |
64 |
|
CWE-113
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') |
64 |
|
CWE-378
|
Creation of Temporary File With Insecure Permissions |
62 |
|
CWE-212
|
Improper Removal of Sensitive Information Before Storage or Transfer |
60 |
|
CWE-91
|
XML Injection (aka Blind XPath Injection) |
59 |
|
CWE-29
|
Path Traversal: '\..\filename' |
59 |
|
CWE-277
|
Insecure Inherited Permissions |
59 |
|
CWE-274
|
Improper Handling of Insufficient Privileges |
59 |
|
CWE-170
|
Improper Null Termination |
59 |
|
CWE-99
|
Improper Control of Resource Identifiers ('Resource Injection') |
58 |
|
CWE-267
|
Privilege Defined With Unsafe Actions |
58 |
|
CWE-942
|
Permissive Cross-domain Security Policy with Untrusted Domains |
57 |
|
CWE-614
|
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute |
57 |
|
CWE-325
|
Missing Cryptographic Step |
54 |
|
CWE-407
|
Inefficient Algorithmic Complexity |
53 |
|
CWE-923
|
Improper Restriction of Communication Channel to Intended Endpoints |
52 |
|
CWE-915
|
Improperly Controlled Modification of Dynamically-Determined Object Attributes |
52 |
|
CWE-805
|
Buffer Access with Incorrect Length Value |
52 |
|
CWE-385
|
Covert Timing Channel |
52 |
|
CWE-328
|
Use of Weak Hash |
52 |
|
CWE-297
|
Improper Validation of Certificate with Host Mismatch |
50 |
|
CWE-15
|
External Control of System or Configuration Setting |
50 |
|
CWE-667
|
Improper Locking |
49 |
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID) |
48 |
|
CWE-353
|
Missing Support for Integrity Check |
48 |
|
CWE-644
|
Improper Neutralization of HTTP Headers for Scripting Syntax |
46 |
|
CWE-1004
|
Sensitive Cookie Without 'HttpOnly' Flag |
46 |
|
CWE-664
|
Improper Control of a Resource Through its Lifetime |
45 |
|
CWE-348
|
Use of Less Trusted Source |
45 |
|
CWE-150
|
Improper Neutralization of Escape, Meta, or Control Sequences |
45 |
|
CWE-1285
|
Improper Validation of Specified Index, Position, or Offset in Input |
45 |
|
CWE-441
|
Unintended Proxy or Intermediary ('Confused Deputy') |
44 |
|
CWE-123
|
Write-what-where Condition |
44 |
|
CWE-440
|
Expected Behavior Violation |
43 |
|
CWE-653
|
Improper Isolation or Compartmentalization |
42 |
|
CWE-213
|
Exposure of Sensitive Information Due to Incompatible Policies |
42 |
|
CWE-197
|
Numeric Truncation Error |
42 |
|
CWE-592
|
DEPRECATED: Authentication Bypass Issues |
41 |
|
CWE-436
|
Interpretation Conflict |
41 |
|
CWE-391
|
Unchecked Error Condition |
41 |
|
CWE-356
|
Product UI does not Warn User of Unsafe Actions |
41 |
|
CWE-241
|
Improper Handling of Unexpected Data Type |
40 |
|
CWE-87
|
Improper Neutralization of Alternate XSS Syntax |
39 |
|
CWE-669
|
Incorrect Resource Transfer Between Spheres |
39 |
|
CWE-323
|
Reusing a Nonce, Key Pair in Encryption |
39 |
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data |
39 |
|
CWE-261
|
Weak Encoding for Password |
38 |
|
CWE-115
|
Misinterpretation of Input |
38 |
|
CWE-90
|
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
37 |
|
CWE-706
|
Use of Incorrectly-Resolved Name or Reference |
37 |
|
CWE-405
|
Asymmetric Resource Consumption (Amplification) |
37 |
|
CWE-825
|
Expired Pointer Dereference |
36 |
|
CWE-524
|
Use of Cache Containing Sensitive Information |
36 |
|
CWE-409
|
Improper Handling of Highly Compressed Data (Data Amplification) |
36 |
|
CWE-841
|
Improper Enforcement of Behavioral Workflow |
35 |
|
CWE-672
|
Operation on a Resource after Expiration or Release |
35 |
|
CWE-420
|
Unprotected Alternate Channel |
35 |
|
CWE-1393
|
Use of Default Password |
35 |
|
CWE-92
|
DEPRECATED: Improper Sanitization of Custom Special Characters |
34 |
|
CWE-690
|
Unchecked Return Value to NULL Pointer Dereference |
34 |
|
CWE-349
|
Acceptance of Extraneous Untrusted Data With Trusted Data |
34 |
|
CWE-316
|
Cleartext Storage of Sensitive Information in Memory |
34 |
|
CWE-940
|
Improper Verification of Source of a Communication Channel |
33 |
|
CWE-834
|
Excessive Iteration |
33 |
|
CWE-565
|
Reliance on Cookies without Validation and Integrity Checking |
33 |
|
CWE-424
|
Improper Protection of Alternate Path |
33 |
|
CWE-304
|
Missing Critical Step in Authentication |
33 |
|
CWE-1391
|
Use of Weak Credentials |
33 |
|
CWE-114
|
Process Control |
33 |
|
CWE-691
|
Insufficient Control Flow Management |
32 |
|
CWE-470
|
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') |
32 |
|
CWE-270
|
Privilege Context Switching Error |
32 |
|
CWE-202
|
Exposure of Sensitive Information Through Data Queries |
32 |
|
CWE-540
|
Inclusion of Sensitive Information in Source Code |
31 |
|
CWE-402
|
Transmission of Private Resources into a New Sphere ('Resource Leak') |
31 |
|
CWE-124
|
Buffer Underwrite ('Buffer Underflow') |
31 |
|
CWE-943
|
Improper Neutralization of Special Elements in Data Query Logic |
30 |
|
CWE-776
|
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') |
30 |
|
CWE-501
|
Trust Boundary Violation |
30 |
|
CWE-340
|
Generation of Predictable Numbers or Identifiers |
30 |
|
CWE-260
|
Password in Configuration File |
30 |
|
CWE-1395
|
Dependency on Vulnerable Third-Party Component |
30 |
|
CWE-782
|
Exposed IOCTL with Insufficient Access Control |
28 |
|
CWE-763
|
Release of Invalid Pointer or Reference |
28 |
|
CWE-757
|
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') |
28 |
|
CWE-313
|
Cleartext Storage in a File or on Disk |
28 |
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
27 |
|
CWE-917
|
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') |
27 |
|
CWE-590
|
Free of Memory not on the Heap |
27 |
|
CWE-282
|
Improper Ownership Management |
27 |
|
CWE-233
|
Improper Handling of Parameters |
27 |
|
CWE-158
|
Improper Neutralization of Null Byte or NUL Character |
27 |
|
CWE-1327
|
Binding to an Unrestricted IP Address |
27 |
|
CWE-525
|
Use of Web Browser Cache Containing Sensitive Information |
26 |
|
CWE-410
|
Insufficient Resource Pool |
26 |
|
CWE-289
|
Authentication Bypass by Alternate Name |
26 |
|
CWE-279
|
Incorrect Execution-Assigned Permissions |
26 |
|
CWE-272
|
Least Privilege Violation |
26 |
|
CWE-214
|
Invocation of Process Using Visible Sensitive Information |
26 |
|
CWE-185
|
Incorrect Regular Expression |
26 |
|
CWE-778
|
Insufficient Logging |
25 |
|
CWE-488
|
Exposure of Data Element to Wrong Session |
25 |
|
CWE-477
|
Use of Obsolete Function |
25 |
|
CWE-27
|
Path Traversal: 'dir/../../filename' |
25 |
|
CWE-791
|
Incomplete Filtering of Special Elements |
24 |
|
CWE-657
|
Violation of Secure Design Principles |
24 |
|
CWE-523
|
Unprotected Transport of Credentials |
24 |
|
CWE-322
|
Key Exchange without Entity Authentication |
24 |
|
CWE-286
|
Incorrect User Management |
24 |
|
CWE-283
|
Unverified Ownership |
24 |
|
CWE-1385
|
Missing Origin Validation in WebSockets |
24 |
|
CWE-924
|
Improper Enforcement of Message Integrity During Transmission in a Communication Channel |
23 |
|
CWE-708
|
Incorrect Ownership Assignment |
23 |
|
CWE-603
|
Use of Client-Side Authentication |
23 |
|
CWE-41
|
Improper Resolution of Path Equivalence |
23 |
|
CWE-1295
|
Debug Messages Revealing Unnecessary Information |
23 |
|
CWE-833
|
Deadlock |
22 |
|
CWE-779
|
Logging of Excessive Data |
22 |
|
CWE-75
|
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
22 |
|
CWE-684
|
Incorrect Provision of Specified Functionality |
22 |
|
CWE-460
|
Improper Cleanup on Thrown Exception |
22 |
|
CWE-390
|
Detection of Error Condition Without Action |
22 |
|
CWE-324
|
Use of a Key Past its Expiration Date |
22 |
|
CWE-268
|
Privilege Chaining |
22 |
|
CWE-226
|
Sensitive Information in Resource Not Removed Before Reuse |
22 |
|
CWE-178
|
Improper Handling of Case Sensitivity |
22 |
|
CWE-183
|
Permissive List of Allowed Inputs |
21 |
|
CWE-927
|
Use of Implicit Intent for Sensitive Communication |
20 |
|
CWE-642
|
External Control of Critical State Data |
20 |
|
CWE-526
|
Cleartext Storage of Sensitive Information in an Environment Variable |
20 |
|
CWE-366
|
Race Condition within a Thread |
20 |
|
CWE-357
|
Insufficient UI Warning of Dangerous Operations |
20 |
|
CWE-296
|
Improper Following of a Certificate's Chain of Trust |
20 |
|
CWE-25
|
Path Traversal: '/../filedir' |
20 |
|
CWE-215
|
Insertion of Sensitive Information Into Debugging Code |
20 |
|
CWE-1288
|
Improper Validation of Consistency within Input |
20 |
|
CWE-1230
|
Exposure of Sensitive Information Through Metadata |
20 |
|
CWE-641
|
Improper Restriction of Names for Files and Other Resources |
19 |
|
CWE-253
|
Incorrect Check of Function Return Value |
19 |
|
CWE-159
|
Improper Handling of Invalid Use of Special Elements |
19 |
|
CWE-1240
|
Use of a Cryptographic Primitive with a Risky Implementation |
19 |
|
CWE-909
|
Missing Initialization of Resource |
18 |
|
CWE-696
|
Incorrect Behavior Order |
18 |
|
CWE-413
|
Improper Resource Locking |
18 |
|
CWE-394
|
Unexpected Status Code or Return Value |
18 |
|
CWE-350
|
Reliance on Reverse DNS Resolution for a Security-Critical Action |
18 |
|
CWE-334
|
Small Space of Random Values |
18 |
|
CWE-83
|
Improper Neutralization of Script in Attributes in a Web Page |
17 |
|
CWE-335
|
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) |
17 |
|
CWE-195
|
Signed to Unsigned Conversion Error |
17 |
|
CWE-155
|
Improper Neutralization of Wildcards or Matching Symbols |
17 |
|
CWE-1191
|
On-Chip Debug and Test Interface With Improper Access Control |
17 |
|
CWE-1022
|
Use of Web Link to Untrusted Target with window.opener Access |
17 |
|
CWE-911
|
Improper Update of Reference Count |
16 |
|
CWE-606
|
Unchecked Input for Loop Condition |
16 |
|
CWE-551
|
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization |
16 |
|
CWE-406
|
Insufficient Control of Network Message Volume (Network Amplification) |
16 |
|
CWE-273
|
Improper Check for Dropped Privileges |
16 |
|
CWE-837
|
Improper Enforcement of a Single, Unique Action |
15 |
|
CWE-698
|
Execution After Redirect (EAR) |
15 |
|
CWE-636
|
Not Failing Securely ('Failing Open') |
15 |
|
CWE-549
|
Missing Password Field Masking |
15 |
|
CWE-419
|
Unprotected Primary Channel |
15 |
|
CWE-232
|
Improper Handling of Undefined Values |
15 |
|
CWE-229
|
Improper Handling of Values |
15 |
|
CWE-140
|
Improper Neutralization of Delimiters |
15 |
|
CWE-1394
|
Use of Default Cryptographic Key |
15 |
|
CWE-1244
|
Internal Asset Exposed to Unsafe Debug Access Level or State |
15 |
|
CWE-112
|
Missing XML Validation |
15 |
|
CWE-1104
|
Use of Unmaintained Third Party Components |
15 |
|
CWE-836
|
Use of Password Hash Instead of Password for Authentication |
14 |
|
CWE-758
|
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior |
14 |
|
CWE-561
|
Dead Code |
14 |
|
CWE-475
|
Undefined Behavior for Input to API |
14 |
|
CWE-337
|
Predictable Seed in Pseudo-Random Number Generator (PRNG) |
14 |
|
CWE-244
|
Improper Clearing of Heap Memory Before Release ('Heap Inspection') |
14 |
|
CWE-242
|
Use of Inherently Dangerous Function |
14 |
|
CWE-176
|
Improper Handling of Unicode Encoding |
14 |
|
CWE-146
|
Improper Neutralization of Expression/Command Delimiters |
14 |
|
CWE-118
|
Incorrect Access of Indexable Resource ('Range Error') |
14 |
|
CWE-939
|
Improper Authorization in Handler for Custom URL Scheme |
13 |
|
CWE-84
|
Improper Neutralization of Encoded URI Schemes in a Web Page |
13 |
|
CWE-821
|
Incorrect Synchronization |
13 |
|
CWE-759
|
Use of a One-Way Hash without a Salt |
13 |
|
CWE-694
|
Use of Multiple Resources with Duplicate Identifier |
13 |
|
CWE-64
|
Windows Shortcut Following (.LNK) |
13 |
|
CWE-453
|
Insecure Default Variable Initialization |
13 |
|
CWE-364
|
Signal Handler Race Condition |
13 |
|
CWE-341
|
Predictable from Observable State |
13 |
|
CWE-228
|
Improper Handling of Syntactically Invalid Structure |
13 |
|
CWE-1386
|
Insecure Operation on Windows Junction / Mount Point |
13 |
|
CWE-1299
|
Missing Protection Mechanism for Alternate Hardware Interface |
13 |
|
CWE-656
|
Reliance on Security Through Obscurity |
12 |
|
CWE-65
|
Windows Hard Link |
12 |
|
CWE-643
|
Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
12 |
|
CWE-530
|
Exposure of Backup File to an Unauthorized Control Sphere |
12 |
|
CWE-449
|
The UI Performs the Wrong Action |
12 |
|
CWE-395
|
Use of NullPointerException Catch to Detect NULL Pointer Dereference |
12 |
|
CWE-392
|
Missing Report of Error Condition |
12 |
|
CWE-363
|
Race Condition Enabling Link Following |
12 |
|
CWE-351
|
Insufficient Type Distinction |
12 |
|
CWE-26
|
Path Traversal: '/dir/../filename' |
12 |
|
CWE-258
|
Empty Password in Configuration File |
12 |
|
CWE-230
|
Improper Handling of Missing Values |
12 |
|
CWE-1050
|
Excessive Platform Resource Consumption within a Loop |
12 |
|
CWE-830
|
Inclusion of Web Functionality from an Untrusted Source |
11 |
|
CWE-650
|
Trusting HTTP Permission Methods on the Server Side |
11 |
|
CWE-612
|
Improper Authorization of Index Containing Sensitive Information |
11 |
|
CWE-547
|
Use of Hard-coded, Security-relevant Constants |
11 |
|
CWE-456
|
Missing Initialization of a Variable |
11 |
|
CWE-342
|
Predictable Exact Value from Previous Values |
11 |
|
CWE-329
|
Generation of Predictable IV with CBC Mode |
11 |
|
CWE-271
|
Privilege Dropping / Lowering Errors |
11 |
|
CWE-166
|
Improper Handling of Missing Special Element |
11 |
|
CWE-141
|
Improper Neutralization of Parameter/Argument Delimiters |
11 |
|
CWE-138
|
Improper Neutralization of Special Elements |
11 |
|
CWE-1325
|
Improperly Controlled Sequential Memory Allocation |
11 |
|
CWE-1275
|
Sensitive Cookie with Improper SameSite Attribute |
11 |
|
CWE-1242
|
Inclusion of Undocumented Features or Chicken Bits |
11 |
|
CWE-921
|
Storage of Sensitive Data in a Mechanism without Access Control |
10 |
|
CWE-842
|
Placement of User into Incorrect Group |
10 |
|
CWE-804
|
Guessable CAPTCHA |
10 |
|
CWE-646
|
Reliance on File Name or Extension of Externally-Supplied File |
10 |
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize |
10 |
|
CWE-177
|
Improper Handling of URL Encoding (Hex Encoding) |
10 |
|
CWE-172
|
Encoding Error |
10 |
|
CWE-1326
|
Missing Immutable Root of Trust in Hardware |
10 |
|
CWE-820
|
Missing Synchronization |
9 |
|
CWE-81
|
Improper Neutralization of Script in an Error Message Web Page |
9 |
|
CWE-794
|
Incomplete Filtering of Multiple Instances of Special Elements |
9 |
|
CWE-790
|
Improper Filtering of Special Elements |
9 |
|
CWE-760
|
Use of a One-Way Hash with a Predictable Salt |
9 |
|
CWE-76
|
Improper Neutralization of Equivalent Special Elements |
9 |
|
CWE-710
|
Improper Adherence to Coding Standards |
9 |
|
CWE-393
|
Return of Wrong Status Code |
9 |
|
CWE-37
|
Path Traversal: '/absolute/pathname/here' |
9 |
|
CWE-317
|
Cleartext Storage of Sensitive Information in GUI |
9 |
|
CWE-299
|
Improper Check for Certificate Revocation |
9 |
|
CWE-1419
|
Incorrect Initialization of Resource |
9 |
|
CWE-127
|
Buffer Under-read |
9 |
|
CWE-86
|
Improper Neutralization of Invalid Characters in Identifiers in Web Pages |
8 |
|
CWE-762
|
Mismatched Memory Management Routines |
8 |
|
CWE-627
|
Dynamic Variable Evaluation |
8 |
|
CWE-421
|
Race Condition During Access to Alternate Channel |
8 |
|
CWE-332
|
Insufficient Entropy in PRNG |
8 |
|
CWE-315
|
Cleartext Storage of Sensitive Information in a Cookie |
8 |
|
CWE-291
|
Reliance on IP Address for Authentication |
8 |
|
CWE-223
|
Omission of Security-relevant Information |
8 |
|
CWE-216
|
DEPRECATED: Containment Errors (Container Errors) |
8 |
|
CWE-194
|
Unexpected Sign Extension |
8 |
|
CWE-14
|
Compiler Removal of Code to Clear Buffers |
8 |
|
CWE-1241
|
Use of Predictable Algorithm in Random Number Generator |
8 |
|
CWE-1038
|
Insecure Automated Optimizations |
8 |
|
CWE-662
|
Improper Synchronization |
7 |
|
CWE-649
|
Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking |
7 |
|
CWE-647
|
Use of Non-Canonical URL Paths for Authorization Decisions |
7 |
|
CWE-628
|
Function Call with Incorrectly Specified Arguments |
7 |
|
CWE-412
|
Unrestricted Externally Accessible Lock |
7 |
|
CWE-372
|
Incomplete Internal State Distinction |
7 |
|
CWE-368
|
Context Switching Race Condition |
7 |
|
CWE-308
|
Use of Single-factor Authentication |
7 |
|
CWE-249
|
DEPRECATED: Often Misused: Path Manipulation |
7 |
|
CWE-219
|
Storage of File with Sensitive Data Under Web Root |
7 |
|
CWE-1320
|
Improper Protection for Outbound Error Messages and Alert Signals |
7 |
|
CWE-1289
|
Improper Validation of Unsafe Equivalence in Input |
7 |
|
CWE-1274
|
Improper Access Control for Volatile Memory Containing Boot Code |
7 |
|
CWE-1263
|
Improper Physical Access Control |
7 |
|
CWE-1262
|
Improper Access Control for Register Interface |
7 |
|
CWE-1025
|
Comparison Using Wrong Factors |
7 |
|
CWE-1023
|
Incomplete Comparison with Missing Factors |
7 |
|
CWE-941
|
Incorrectly Specified Destination in a Communication Channel |
6 |
|
CWE-784
|
Reliance on Cookies without Validation and Integrity Checking in a Security Decision |
6 |
|
CWE-767
|
Access to Critical Private Variable via Public Method |
6 |
|
CWE-676
|
Use of Potentially Dangerous Function |
6 |
|
CWE-67
|
Improper Handling of Windows Device Names |
6 |
|
CWE-645
|
Overly Restrictive Account Lockout Mechanism |
6 |
|
CWE-626
|
Null Byte Interaction Error (Poison Null Byte) |
6 |
|
CWE-625
|
Permissive Regular Expression |
6 |
|
CWE-573
|
Improper Following of Specification by Caller |
6 |
|
CWE-566
|
Authorization Bypass Through User-Controlled SQL Primary Key |
6 |
|
CWE-564
|
SQL Injection: Hibernate |
6 |
|
CWE-544
|
Missing Standardized Error Handling Mechanism |
6 |
|
CWE-343
|
Predictable Value Range from Previous Values |
6 |
|
CWE-262
|
Not Using Password Aging |
6 |
|
CWE-196
|
Unsigned to Signed Conversion Error |
6 |
|
CWE-1427
|
Improper Neutralization of Input Used for LLM Prompting |
6 |
|
CWE-1329
|
Reliance on Component That is Not Updateable |
6 |
|
CWE-1260
|
Improper Handling of Overlap Between Protected Memory Ranges |
6 |
|
CWE-1258
|
Exposure of Sensitive System Information Due to Uncleared Debug Information |
6 |
|
CWE-1173
|
Improper Use of Validation Framework |
6 |
|
CWE-1125
|
Excessive Attack Surface |
6 |
|
CWE-1088
|
Synchronous Access of Remote Resource without Timeout |
6 |
|
CWE-1077
|
Floating Point Comparison with Incorrect Operator |
6 |
|
CWE-97
|
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page |
5 |
|
CWE-914
|
Improper Control of Dynamically-Identified Variables |
5 |
|
CWE-826
|
Premature Release of Resource During Expected Lifetime |
5 |
|
CWE-792
|
Incomplete Filtering of One or More Instances of Special Elements |
5 |
|
CWE-771
|
Missing Reference to Active Allocated Resource |
5 |
|
CWE-756
|
Missing Custom Error Page |
5 |
|
CWE-733
|
Compiler Optimization Removal or Modification of Security-critical Code |
5 |
|
CWE-705
|
Incorrect Control Flow Scoping |
5 |
|
CWE-692
|
Incomplete Denylist to Cross-Site Scripting |
5 |
|
CWE-671
|
Lack of Administrator Control over Security |
5 |
|
CWE-623
|
Unsafe ActiveX Control Marked Safe For Scripting |
5 |
|
CWE-599
|
Missing Validation of OpenSSL Certificate |
5 |
|
CWE-597
|
Use of Wrong Operator in String Comparison |
5 |
|
CWE-588
|
Attempt to Access Child of a Non-structure Pointer |
5 |
|
CWE-567
|
Unsynchronized Access to Shared Data in a Multithreaded Context |
5 |
|
CWE-562
|
Return of Stack Variable Address |
5 |
|
CWE-550
|
Server-generated Error Message Containing Sensitive Information |
5 |
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information |
5 |
|
CWE-534
|
DEPRECATED: Information Exposure Through Debug Log Files |
5 |
|
CWE-435
|
Improper Interaction Between Multiple Correctly-Behaving Entities |
5 |
|
CWE-40
|
Path Traversal: '\\UNC\share\name\' (Windows UNC Share) |
5 |
|
CWE-240
|
Improper Handling of Inconsistent Structural Elements |
5 |
|
CWE-231
|
Improper Handling of Extra Values |
5 |
|
CWE-210
|
Self-generated Error Message Containing Sensitive Information |
5 |
|
CWE-192
|
Integer Coercion Error |
5 |
|
CWE-187
|
Partial String Comparison |
5 |
|
CWE-167
|
Improper Handling of Additional Special Element |
5 |
|
CWE-156
|
Improper Neutralization of Whitespace |
5 |
|
CWE-149
|
Improper Neutralization of Quoting Syntax |
5 |
|
CWE-147
|
Improper Neutralization of Input Terminators |
5 |
|
CWE-1423
|
Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution |
5 |
|
CWE-1328
|
Security Version Number Mutable to Older Versions |
5 |
|
CWE-1281
|
Sequence of Processor Instructions Leads to Unexpected Behavior |
5 |
|
CWE-1259
|
Improper Restriction of Security Token Assignment |
5 |
|
CWE-1256
|
Improper Restriction of Software Interfaces to Hardware Features |
5 |
|
CWE-1250
|
Improper Preservation of Consistency Between Independent Representations of Shared State |
5 |
|
CWE-1245
|
Improper Finite State Machines (FSMs) in Hardware Logic |
5 |
|
CWE-1204
|
Generation of Weak Initialization Vector (IV) |
5 |
|
CWE-1189
|
Improper Isolation of Shared Resources on System-on-a-Chip (SoC) |
5 |
|
CWE-838
|
Inappropriate Encoding for Output Context |
4 |
|
CWE-786
|
Access of Memory Location Before Start of Buffer |
4 |
|
CWE-783
|
Operator Precedence Logic Error |
4 |
|
CWE-775
|
Missing Release of File Descriptor or Handle after Effective Lifetime |
4 |
|
CWE-774
|
Allocation of File Descriptors or Handles Without Limits or Throttling |
4 |
|
CWE-686
|
Function Call With Incorrect Argument Type |
4 |
|
CWE-528
|
Exposure of Core Dump File to an Unauthorized Control Sphere |
4 |
|
CWE-480
|
Use of Incorrect Operator |
4 |
|
CWE-473
|
PHP External Variable Modification |
4 |
|
CWE-450
|
Multiple Interpretations of UI Input |
4 |
|
CWE-446
|
UI Discrepancy for Security Feature |
4 |
|
CWE-437
|
Incomplete Model of Endpoint Features |
4 |
|
CWE-408
|
Incorrect Behavior Order: Early Amplification |
4 |
|
CWE-403
|
Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') |
4 |
|
CWE-298
|
Improper Validation of Certificate Expiration |
4 |
|
CWE-278
|
Insecure Preserved Inherited Permissions |
4 |
|
CWE-239
|
Failure to Handle Incomplete Element |
4 |
|
CWE-237
|
Improper Handling of Structural Elements |
4 |
|
CWE-173
|
Improper Handling of Alternate Encoding |
4 |
|
CWE-153
|
Improper Neutralization of Substitution Characters |
4 |
|
CWE-1421
|
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution |
4 |
|
CWE-1357
|
Reliance on Insufficiently Trustworthy Component |
4 |
|
CWE-1319
|
Improper Protection against Electromagnetic Fault Injection (EM-FI) |
4 |
|
CWE-1283
|
Mutable Attestation or Measurement Reporting Data |
4 |
|
CWE-1270
|
Generation of Incorrect Security Tokens |
4 |
|
CWE-1254
|
Incorrect Comparison Logic Granularity |
4 |
|
CWE-1247
|
Improper Protection Against Voltage and Clock Glitches |
4 |
|
CWE-1231
|
Improper Prevention of Lock Bit Modification |
4 |
|
CWE-1221
|
Incorrect Register Defaults or Module Parameters |
4 |
|
CWE-111
|
Direct Use of Unsafe JNI |
4 |
|
CWE-1049
|
Excessive Data Query Operations in a Large Data Table |
4 |
|
CWE-1037
|
Processor Optimization Removal or Modification of Security-critical Code |
4 |
|
CWE-85
|
Doubled Character XSS Manipulations |
3 |
|
CWE-839
|
Numeric Range Comparison Without Minimum Check |
3 |
|
CWE-780
|
Use of RSA Algorithm without OAEP |
3 |
|
CWE-769
|
DEPRECATED: Uncontrolled File Descriptor Consumption |
3 |
|
CWE-687
|
Function Call With Incorrectly Specified Argument Value |
3 |
|
CWE-683
|
Function Call With Incorrect Order of Arguments |
3 |
|
CWE-675
|
Multiple Operations on Resource in Single-Operation Context |
3 |
|
CWE-563
|
Assignment to Variable without Use |
3 |
|
CWE-527
|
Exposure of Version-Control Repository to an Unauthorized Control Sphere |
3 |
|
CWE-474
|
Use of Function with Inconsistent Implementations |
3 |
|
CWE-467
|
Use of sizeof() on a Pointer Type |
3 |
|
CWE-448
|
Obsolete Feature in UI |
3 |
|
CWE-447
|
Unimplemented or Unsupported Feature in UI |
3 |
|
CWE-360
|
Trust of System Event Data |
3 |
|
CWE-336
|
Same Seed in Pseudo-Random Number Generator (PRNG) |
3 |
|
CWE-205
|
Observable Behavioral Discrepancy |
3 |
|
CWE-182
|
Collapse of Data into Unsafe Value |
3 |
|
CWE-148
|
Improper Neutralization of Input Leaders |
3 |
|
CWE-1426
|
Improper Validation of Generative AI Output |
3 |
|
CWE-1420
|
Exposure of Sensitive Information during Transient Execution |
3 |
|
CWE-135
|
Incorrect Calculation of Multi-Byte String Length |
3 |
|
CWE-1303
|
Non-Transparent Sharing of Microarchitectural Resources |
3 |
|
CWE-1282
|
Assumed-Immutable Data is Stored in Writable Memory |
3 |
|
CWE-128
|
Wrap-around Error |
3 |
|
CWE-1279
|
Cryptographic Operations are run Before Supporting Units are Ready |
3 |
|
CWE-1257
|
Improper Access Control Applied to Mirrored or Aliased Memory Regions |
3 |
|
CWE-1234
|
Hardware Internal or Debug Modes Allow Override of Locks |
3 |
|
CWE-1112
|
Incomplete Documentation of Program Execution |
3 |
|
CWE-1103
|
Use of Platform-Dependent Third Party Components |
3 |
|
CWE-11
|
ASP.NET Misconfiguration: Creating Debug Binary |
3 |
|
CWE-1076
|
Insufficient Adherence to Expected Conventions |
3 |
|
CWE-1039
|
Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism |
3 |
|
CWE-925
|
Improper Verification of Intent by Broadcast Receiver |
2 |
|
CWE-920
|
Improper Restriction of Power Consumption |
2 |
|
CWE-910
|
Use of Expired File Descriptor |
2 |
|
CWE-827
|
Improper Control of Document Type Definition |
2 |
|
CWE-689
|
Permission Race Condition During Resource Copy |
2 |
|
CWE-688
|
Function Call With Incorrect Variable or Reference as Argument |
2 |
|
CWE-663
|
Use of a Non-reentrant Function in a Concurrent Context |
2 |
|
CWE-624
|
Executable Regular Expression Error |
2 |
|
CWE-622
|
Improper Validation of Function Hook Arguments |
2 |
|
CWE-62
|
UNIX Hard Link |
2 |
|
CWE-616
|
Incomplete Identification of Uploaded File Variables (PHP) |
2 |
|
CWE-605
|
Multiple Binds to the Same Port |
2 |
|
CWE-6
|
J2EE Misconfiguration: Insufficient Session-ID Length |
2 |
|
CWE-555
|
J2EE Misconfiguration: Plaintext Password in Configuration File |
2 |
|
CWE-531
|
Inclusion of Sensitive Information in Test Code |
2 |
|
CWE-529
|
Exposure of Access Control List Files to an Unauthorized Control Sphere |
2 |
|
CWE-509
|
Replicating Malicious Code (Virus or Worm) |
2 |
|
CWE-507
|
Trojan Horse |
2 |
|
CWE-499
|
Serializable Class Containing Sensitive Data |
2 |
|
CWE-479
|
Signal Handler Use of a Non-reentrant Function |
2 |
|
CWE-468
|
Incorrect Pointer Scaling |
2 |
|
CWE-466
|
Return of Pointer Value Outside of Expected Range |
2 |
|
CWE-463
|
Deletion of Data Structure Sentinel |
2 |
|
CWE-454
|
External Initialization of Trusted Variables or Data Stores |
2 |
|
CWE-44
|
Path Equivalence: 'file.name' (Internal Dot) |
2 |
|
CWE-431
|
Missing Handler |
2 |
|
CWE-422
|
Unprotected Windows Messaging Channel ('Shatter') |
2 |
|
CWE-414
|
Missing Lock Check |
2 |
|
CWE-396
|
Declaration of Catch for Generic Exception |
2 |
|
CWE-39
|
Path Traversal: 'C:dirname' |
2 |
|
CWE-344
|
Use of Invariant Value in Dynamically Changing Context |
2 |
|
CWE-333
|
Improper Handling of Insufficient Entropy in TRNG |
2 |
|
CWE-32
|
Path Traversal: '...' (Triple Dot) |
2 |
|
CWE-309
|
Use of Password System for Primary Authentication |
2 |
|
CWE-301
|
Reflection Attack in an Authentication Protocol |
2 |
|
CWE-236
|
Improper Handling of Undefined Parameters |
2 |
|
CWE-235
|
Improper Handling of Extra Parameters |
2 |
|
CWE-234
|
Failure to Handle Missing Parameter |
2 |
|
CWE-179
|
Incorrect Behavior Order: Early Validation |
2 |
|
CWE-168
|
Improper Handling of Inconsistent Special Elements |
2 |
|
CWE-164
|
Improper Neutralization of Internal Special Elements |
2 |
|
CWE-157
|
Failure to Sanitize Paired Delimiters |
2 |
|
CWE-144
|
Improper Neutralization of Line Delimiters |
2 |
|
CWE-142
|
Improper Neutralization of Value Delimiters |
2 |
|
CWE-1389
|
Incorrect Parsing of Numbers with Different Radices |
2 |
|
CWE-1384
|
Improper Handling of Physical or Environmental Conditions |
2 |
|
CWE-1342
|
Information Exposure through Microarchitectural State after Transient Execution |
2 |
|
CWE-1335
|
Incorrect Bitwise Shift of Integer |
2 |
|
CWE-1332
|
Improper Handling of Faults that Lead to Instruction Skips |
2 |
|
CWE-1323
|
Improper Management of Sensitive Trace Data |
2 |
|
CWE-1301
|
Insufficient or Incomplete Data Removal within Hardware Component |
2 |
|
CWE-1300
|
Improper Protection of Physical Side Channels |
2 |
|
CWE-1291
|
Public Key Re-Use for Signing both Debug and Production Code |
2 |
|
CWE-1278
|
Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques |
2 |
|
CWE-1269
|
Product Released in Non-Release Configuration |
2 |
|
CWE-1251
|
Mirrored Regions with Different Values |
2 |
|
CWE-1222
|
Insufficient Granularity of Address Regions Protected by Register Locks |
2 |
|
CWE-12
|
ASP.NET Misconfiguration: Missing Custom Error Page |
2 |
|
CWE-1190
|
DMA Device Enabled Too Early in Boot Phase |
2 |
|
CWE-1118
|
Insufficient Documentation of Error Handling Techniques |
2 |
|
CWE-1108
|
Excessive Reliance on Global Variables |
2 |
|
CWE-1107
|
Insufficient Isolation of Symbolic Constant Definitions |
2 |
|
CWE-1100
|
Insufficient Isolation of System-Dependent Functions |
2 |
|
CWE-1083
|
Data Access from Outside Expected Data Manager Component |
2 |
|
CWE-1068
|
Inconsistency Between Implementation and Documented Design |
2 |
|
CWE-1024
|
Comparison of Incompatible Types |
2 |
|
CWE-828
|
Signal Handler with Functionality that is not Asynchronous-Safe |
1 |
|
CWE-82
|
Improper Neutralization of Script in Attributes of IMG Tags in a Web Page |
1 |
|
CWE-765
|
Multiple Unlocks of a Critical Resource |
1 |
|
CWE-761
|
Free of Pointer not at Start of Buffer |
1 |
|
CWE-69
|
Improper Handling of Windows ::DATA Alternate Data Stream |
1 |
|
CWE-673
|
External Influence of Sphere Definition |
1 |
|
CWE-66
|
Improper Handling of File Names that Identify Virtual Resources |
1 |
|
CWE-654
|
Reliance on a Single Factor in a Security Decision |
1 |
|
CWE-638
|
Not Using Complete Mediation |
1 |
|
CWE-621
|
Variable Extraction Error |
1 |
|
CWE-618
|
Exposed Unsafe ActiveX Method |
1 |
|
CWE-615
|
Inclusion of Sensitive Information in Source Code Comments |
1 |
|
CWE-600
|
Uncaught Exception in Servlet |
1 |
|
CWE-587
|
Assignment of a Fixed Address to a Pointer |
1 |
|
CWE-571
|
Expression is Always True |
1 |
|
CWE-570
|
Expression is Always False |
1 |
|
CWE-553
|
Command Shell in Externally Accessible Directory |
1 |
|
CWE-541
|
Inclusion of Sensitive Information in an Include File |
1 |
|
CWE-50
|
Path Equivalence: '//multiple/leading/slash' |
1 |
|
CWE-495
|
Private Data Structure Returned From A Public Method |
1 |
|
CWE-462
|
Duplicate Key in Associative List (Alist) |
1 |
|
CWE-455
|
Non-exit on Failed Initialization |
1 |
|
CWE-430
|
Deployment of Wrong Handler |
1 |
|
CWE-43
|
Path Equivalence: 'filename....' (Multiple Trailing Dot) |
1 |
|
CWE-339
|
Small Seed Space in PRNG |
1 |
|
CWE-318
|
Cleartext Storage of Sensitive Information in Executable |
1 |
|
CWE-314
|
Cleartext Storage in the Registry |
1 |
|
CWE-30
|
Path Traversal: '\dir\..\filename' |
1 |
|
CWE-293
|
Using Referer Field for Authentication |
1 |
|
CWE-28
|
Path Traversal: '..\filedir' |
1 |
|
CWE-263
|
Password Aging with Long Expiration |
1 |
|
CWE-207
|
Observable Behavioral Discrepancy With Equivalent Products |
1 |
|
CWE-198
|
Use of Incorrect Byte Ordering |
1 |
|
CWE-188
|
Reliance on Data/Memory Layout |
1 |
|
CWE-186
|
Overly Restrictive Regular Expression |
1 |
|
CWE-154
|
Improper Neutralization of Variable Name Delimiters |
1 |
|
CWE-143
|
Improper Neutralization of Record Delimiters |
1 |
|
CWE-1422
|
Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution |
1 |
|
CWE-1341
|
Multiple Releases of Same Resource or Handle |
1 |
|
CWE-1334
|
Unauthorized Error Injection Can Degrade Hardware Redundancy |
1 |
|
CWE-1313
|
Hardware Allows Activation of Test or Debug Logic at Runtime |
1 |
|
CWE-1310
|
Missing Ability to Patch ROM Code |
1 |
|
CWE-1304
|
Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation |
1 |
|
CWE-1298
|
Hardware Logic Contains Race Conditions |
1 |
|
CWE-1272
|
Sensitive Information Uncleared Before Debug/Power State Transition |
1 |
|
CWE-1264
|
Hardware Logic with Insecure De-Synchronization between Control and Data Channels |
1 |
|
CWE-1255
|
Comparison Logic is Vulnerable to Power Side-Channel Attacks |
1 |
|
CWE-1253
|
Incorrect Selection of Fuse Values |
1 |
|
CWE-1233
|
Security-Sensitive Hardware Controls with Missing Lock Bit Protection |
1 |
|
CWE-1224
|
Improper Restriction of Write-Once Bit Fields |
1 |
|
CWE-1176
|
Inefficient CPU Computation |
1 |
|
CWE-1164
|
Irrelevant Code |
1 |
|
CWE-1119
|
Excessive Use of Unconditional Branching |
1 |
|
CWE-1116
|
Inaccurate Source Code Comments |
1 |
|
CWE-1102
|
Reliance on Machine-Dependent Data Representation |
1 |
|
CWE-1059
|
Insufficient Technical Documentation |
1 |
|
CWE-1057
|
Data Access Operations Outside of Expected Data Manager Component |
1 |
|
CWE-1051
|
Initialization with Hard-Coded Network Resource Configuration Data |
1 |
|
CWE-1046
|
Creation of Immutable Text Using String Concatenation |
1 |
|
CWE-1007
|
Insufficient Visual Distinction of Homoglyphs Presented to User |
1 |