Page History

CWE-617

Reachable Assertion

• CWE.617.ATA

CWE-427

Uncontrolled Search Path Element

• CWE.427.CA5393

CWE-611

Improper Restriction of XML External Entity Reference

• CWE.611.PDTDP
• CWE.611.USXRS
• CWE.611.CA3061
• CWE.611.CA3075
• CWE.611.CA3077
• CWE.611.CA5366
• CWE.611.CA5369
• CWE.611.CA5370
• CWE.611.CA5371
• CWE.611.CA5372

CWE-770

Allocation of Resources Without Limits or Throttling

• CWE.770.UHCF
• CWE.770.CA2014
• CWE.770.TDALLOC

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

• CWE.200.SELSPLAT
• CWE.200.SDE
• CWE.200.SENS
• CWE.200.PEO
• CWE.200.ACPST
• CWE.200.ALSI
• CWE.200.SENSLOG
• CWE.200.CSG
• CWE.200.CA3004

CWE-732

Incorrect Permission Assignment for Critical Resource

• CWE.732.ADSVSP
• CWE.732.CA5396

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

• CWE.601.TDNET
• CWE.601.TDRESP

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

• N/A

CWE-295

Improper Certificate Validation

• CWE.295.DNICV
• CWE.295.CA5359
• CWE.295.CA5403
• CWE.295.CA5399
• CWE.295.CA5400

CWE-522

Insufficiently Protected Credentials

• CWE.522.TDPASSWD

CWE-401

Missing Release of Memory after Effective Lifetime

• N/A

CWE-400

Uncontrolled Resource Consumption

• CWE.400.CA5362
• CWE.400.UHCF
• CWE.400.CA2014
• CWE.400.TDALLOC
• CWE.400.LEAKS
• CWE.400.TDLOG

CWE-639

Authorization Bypass Through User-Controlled Key

• N/A

CWE-59

Improper Link Resolution Before File Access ('Link Following')

• CWE.59.VLT

CWE-668

Exposure of Resource to Wrong Sphere

• CWE.668.TDINPUT
• CWE.668.TDFNAMES
• CWE.668.PBRTE
• CWE.668.CA5393
• CWE.668.CSG
• CWE.668.CA3004
• CWE.668.SELSPLAT
• CWE.668.SDE
• CWE.668.SENS
• CWE.668.PEO
• CWE.668.ACPST
• CWE.668.ALSI
• CWE.668.SENSLOG
• CWE.668.TDPASSWD
• CWE.668.ADSVSP
• CWE.668.CA5396

CWE-20

Improper Input Validation

• CWE.20.VPPD
• CWE.20.TDNET
• CWE.20.TDFNAMES
• CWE.20.TDCMD
• CWE.20.TDRESP
• CWE.20.TDXSS
• CWE.20.TDSQL
• CWE.20.TDSQLC

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

• CWE.22.SCS0018
• CWE.22.TDFNAMES

CWE-64

Windows Shortcut Following (.LNK)

• CWE.64.VLT

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

• CWE.78.TDCMD

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

• CWE.79.SCS0029
• CWE.79.TDXSS
• CWE.79.AXSSE
• CWE.79.CSP

CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

• CWE.80.VPPD
• CWE.80.TDRESP

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

• CWE.88.TDCMD
• CWE.88.VPPD

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

• CWE.89.TDSQL
• CWE.89.TDSQLC

CWE-90

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

• CWE.90.SCS0031
• CWE.90.SCS0026
• CWE.90.TDLDAP

CWE-95

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

• CWE.95.TDCODE

CWE-99

Improper Control of Resource Identifiers ('Resource Injection')

• CWE.99.TDFNAMES
• CWE.99.TDNET

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

• CWE.120.AUK

CWE-125

Out-of-bounds Read

• CWE.125.ARRAY

CWE-129

Improper Validation of Array Index

• CWE.129.ARRAY

CWE-131

Incorrect Calculation of Buffer Size

• CWE.131.AUK

CWE-134

Use of Externally-Controlled Format String

• CWE.134.TDINPUT

CWE-190

Integer Overflow or Wraparound

• CWE.190.AIWIL
• CWE.190.AIOAC
• CWE.190.INTWRAP

CWE-191

Integer Underflow (Wrap or Wraparound)

• CWE.191.AIWIL
• CWE.191.AIOAC
• CWE.191.INTWRAP

CWE-197

Numeric Truncation Error

• CWE.197.ECLSII
• CWE.197.INTDL

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

• CWE.200.CSG
• CWE.200.CA3004

CWE-201

Insertion of Sensitive Information Into Sent Data

• CWE.201.SELSPLAT

CWE-209

Generation of Error Message Containing Sensitive Information

• CWE.209.SDE
• CWE.209.SENS
• CWE.209.PEO
• CWE.209.ACPST

CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer

• CWE.212.CSG

CWE-250

Execution with Unnecessary Privileges

• CWE.250.AUEP
• CWE.250.CA5375
• CWE.250.CA5377

CWE-252

Unchecked Return Value

• CWE.252.RETVAL
• CWE.252.CHECKRET

CWE-256

Plaintext Storage of a Password

• CWE.256.TDPASSWD

CWE-259

Use of Hard-coded Password

• CWE.259.HPW
• CWE.259.SCS0015

CWE-260

Password in Configuration File

• CWE.260.HPWCS

CWE-269

Improper Privilege Management

• CWE.269.IDENTITY

CWE-287

Improper Authentication

• CWE.287.AAM
• CWE.287.UAAMC

CWE-294

Authentication Bypass by Capture-replay

• CWE.294.CA5376

CWE-295

Improper Certificate Validation

• CWE.295.DNICV
• CWE.295.CA5359
• CWE.295.CA5403

CWE-299

Improper Check for Certificate Revocation

• CWE.299.CA5399
• CWE.299.CA5400

CWE-307

Improper Restriction of Excessive Authentication Attempts

• CWE.307.LUAFLA

CWE-311

Missing Encryption of Sensitive Data

• CWE.311.SCS0023

CWE-316

Cleartext Storage of Sensitive Information in Memory

• CWE.316.RSFSS
• CWE.316.SSFP

CWE-319

Cleartext Transmission of Sensitive Information

• CWE.319.RHTTPS

CWE-321

Use of Hard-coded Cryptographic Key

• CWE.321.CA5390

CWE-326

Inadequate Encryption Strength

• CWE.326.RSAKS

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

• CWE.327.SCS0010
• CWE.327.SCS0013
• CWE.327.DNCCKS
• CWE.327.ACCA

CWE-328

Use of Weak Hash

• CWE.328.SCS0006

CWE-329

Generation of Predictable IV with CBC Mode

• CWE.329.ACCA

CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

• CWE.338.USSCR

CWE-350

Reliance on Reverse DNS Resolution for a Security-Critical Action

• CWE.350.IIPHEU

CWE-352

Cross-Site Request Forgery (CSRF)

• CWE.352.VPPD
• CWE.352.TDRESP
• CWE.352.CA3147
• CWE.352.CA5391
• CWE.352.SCS0016

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

• CWE.362.LOCKSETGET
• CWE.362.DIFCS

CWE-369

Divide By Zero

• CWE.369.ZERO

CWE-391

Unchecked Error Condition

• CWE.391.LGE

CWE-395

Use of NullPointerException Catch to Detect NULL Pointer Dereference

• CWE.395.NCNRE

CWE-396

Declaration of Catch for Generic Exception

• CWE.396.NCSAE

CWE-397

Declaration of Throws for Generic Exception

• CWE.397.NTSAE

CWE-400

Uncontrolled Resource Consumption

• CWE.400.CA5362

CWE-402

Transmission of Private Resources into a New Sphere ('Resource Leak')

• CWE.402.CSG

CWE-412

Unrestricted Externally Accessible Lock

• CWE.412.NLT

CWE-416

Use After Free

• CWE.416.DISP
• CWE.416.FIN

CWE-426

Untrusted Search Path

• CWE.426.PBRTE

CWE-427

Uncontrolled Search Path Element

• CWE.427.CA5393

CWE-434

Unrestricted Upload of File with Dangerous Type

• CWE.434.TDFNAMES

CWE-456

Missing Initialization of a Variable

• CWE.456.NOTEXPLINIT

CWE-457

Use of Uninitialized Variable

• CWE.457.NOTEXPLINIT

CWE-470

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

• CWE.470.TDRFL

CWE-472

External Control of Assumed-Immutable Web Parameter

• CWE.472.SCS0024

CWE-476

NULL Pointer Dereference

• CWE.476.NR
• CWE.476.CNFA

CWE-480

Use of Incorrect Operator

• CWE.480.PUO

CWE-481

Assigning instead of Comparing

• CWE.481.AWC

CWE-494

Download of Code Without Integrity Check

• CWE.494.IREC

CWE-499

Serializable Class Containing Sensitive Data

• CWE.499.CSG

CWE-502

Deserialization of Untrusted Data

• CWE.502.IIDC
• CWE.502.UIS
• CWE.502.IDC
• CWE.502.MGODWSPA
• CWE.502.CA2300
• CWE.502.CA2350
• CWE.502.CA2351
• CWE.502.CA2352
• CWE.502.CA2353
• CWE.502.CA2354
• CWE.502.CA2355
• CWE.502.CA2356
• CWE.502.CA2361
• CWE.502.CA2362
• CWE.502.SCS0028

CWE-521

Weak Password Requirements

• CWE.521.SCS0032
• CWE.521.SCS0033
• CWE.521.SCS0034

CWE-532

Insertion of Sensitive Information into Log File

• CWE.532.ALSI
• CWE.532.SENSLOG

CWE-546

Suspicious Comment

• CWE.546.TODO

CWE-554

ASP.NET Misconfiguration: Not Using Input Validation Framework

• CWE.554.SCS0017
• CWE.554.SCS0021
• CWE.554.SCS0030
• CWE.554.SCS0022

CWE-561

Dead Code

• CWE.561.UC

CWE-563

Assignment to Variable without Use

• CWE.563.VOVR

CWE-570

Expression is Always False

• CWE.570.CC

CWE-571

Expression is Always True

• CWE.571.CC

CWE-595

Comparison of Object References Instead of Object Contents

• CWE.595.REVT

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

• CWE.601.TDNET
• CWE.601.TDRESP

CWE-611

Improper Restriction of XML External Entity Reference

• CWE.611.PDTDP
• CWE.611.USXRS
• CWE.611.CA3061
• CWE.611.CA3075
• CWE.611.CA3077
• CWE.611.CA5366
• CWE.611.CA5369
• CWE.611.CA5370
• CWE.611.CA5371
• CWE.611.CA5372

CWE-613

Insufficient Session Expiration

• CWE.613.ISE

CWE-614

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

• CWE.614.SCS0008

CWE-617

Reachable Assertion

• CWE.617.ATA

CWE-624

Executable Regular Expression Error

• CWE.624.CA3012

CWE-638

Not Using Complete Mediation

• CWE.638.SCS0019

CWE-643

Improper Neutralization of Data within XPath Expressions ('XPath Injection')

• CWE.643.SCS0003

CWE-662

Improper Synchronization

• CWE.662.DIFCS

CWE-676

Use of Potentially Dangerous Function

• CWE.676.APDM

CWE-681

Incorrect Conversion between Numeric Types

• CWE.681.ECLTS
• CWE.681.INTDL
• CWE.681.INTVC

CWE-732

Incorrect Permission Assignment for Critical Resource

• CWE.732.ADSVSP

CWE-759

Use of a One-Way Hash without a Salt

• CWE.759.SALT

CWE-760

Use of a One-Way Hash with a Predictable Salt

• CWE.760.SALT

CWE-770

Allocation of Resources Without Limits or Throttling

• CWE.770.UHCF
• CWE.770.CA2014

CWE-771

Missing Reference to Active Allocated Resource

• CWE.771.LEAKS

CWE-772

Missing Release of Resource after Effective Lifetime

• CWE.772.LEAKS

CWE-778

Insufficient Logging

• CWE.778.GEL

CWE-779

Logging of Excessive Data

• CWE.779.TDLOG

CWE-780

Use of RSA Algorithm without OAEP

• CWE.780.UOWR

CWE-787

Out-of-bounds Write

• CWE.787.ARRAY

CWE-789

Memory Allocation with Excessive Size Value

• CWE.789.TDALLOC

CWE-798

Use of Hard-coded Credentials

• CWE.798.HARDCONN
• CWE.798.CA5403
• CWE.798.HPWCS

CWE-807

Reliance on Untrusted Inputs in a Security Decision

• CWE.807.AUTH

CWE-827

Improper Control of Document Type Definition

• CWE.827.PDTDP

CWE-829

Inclusion of Functionality from Untrusted Control Sphere

• CWE.829.DMSC
• CWE.829.ADLL

CWE-833

Deadlock

• CWE.833.ORDER

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

• CWE.835.IVFLC
• CWE.835.IVFLI
• CWE.835.NSIVFLN

CWE-838

Inappropriate Encoding for Output Context

• CWE.838.AIHUE
• CWE.838.CA1054
• CWE.838.CA1055
• CWE.838.CA1056
• CWE.838.CA5365

CWE-862

Missing Authorization

• CWE.862.UAA

CWE-863

Incorrect Authorization

• CWE.863.AAM
• CWE.863.UAAMC
• CWE.863.AUTH

CWE-918

Server-Side Request Forgery (SSRF)

• CWE.918.TDNET
• CWE.918.CA3147
• CWE.918.CA5368
• CWE.918.CA5391
• CWE.918.CA5395

CWE-1004

Sensitive Cookie Without 'HttpOnly' Flag

• CWE.1004.CA5396

CWE-1386

Insecure Operation on Windows Junction / Mount Point

• CWE.1386.VLT