Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number Name
CWE-587 Assignment of a Fixed Address to a Pointer Vulnerabilities
CWE-588 Attempt to Access Child of a Non-structure Pointer Vulnerabilities
CWE-589 Call to Non-ubiquitous API Vulnerabilities
CWE-590 Free of Memory not on the Heap Vulnerabilities
CWE-591 Sensitive Data Storage in Improperly Locked Memory Vulnerabilities
CWE-593 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created Vulnerabilities
CWE-594 J2EE Framework: Saving Unserializable Objects to Disk Vulnerabilities
CWE-595 Comparison of Object References Instead of Object Contents Vulnerabilities
CWE-597 Use of Wrong Operator in String Comparison Vulnerabilities
CWE-598 Use of GET Request Method With Sensitive Query Strings Vulnerabilities
CWE-599 Missing Validation of OpenSSL Certificate Vulnerabilities
CWE-600 Uncaught Exception in Servlet Vulnerabilities
CWE-601 URL Redirection to Untrusted Site ('Open Redirect') Vulnerabilities
CWE-602 Client-Side Enforcement of Server-Side Security Vulnerabilities
CWE-603 Use of Client-Side Authentication Vulnerabilities
CWE-605 Multiple Binds to the Same Port Vulnerabilities
CWE-606 Unchecked Input for Loop Condition Vulnerabilities
CWE-607 Public Static Final Field References Mutable Object Vulnerabilities
CWE-608 Struts: Non-private Field in ActionForm Class Vulnerabilities
CWE-609 Double-Checked Locking Vulnerabilities
CWE-610 Externally Controlled Reference to a Resource in Another Sphere Vulnerabilities
CWE-611 Improper Restriction of XML External Entity Reference Vulnerabilities
CWE-612 Improper Authorization of Index Containing Sensitive Information Vulnerabilities
CWE-613 Insufficient Session Expiration Vulnerabilities
CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Vulnerabilities
CWE-615 Inclusion of Sensitive Information in Source Code Comments Vulnerabilities
CWE-616 Incomplete Identification of Uploaded File Variables (PHP) Vulnerabilities
CWE-617 Reachable Assertion Vulnerabilities
CWE-618 Exposed Unsafe ActiveX Method Vulnerabilities
CWE-619 Dangling Database Cursor ('Cursor Injection') Vulnerabilities
CWE-620 Unverified Password Change Vulnerabilities
CWE-621 Variable Extraction Error Vulnerabilities
CWE-622 Improper Validation of Function Hook Arguments Vulnerabilities
CWE-623 Unsafe ActiveX Control Marked Safe For Scripting Vulnerabilities
CWE-624 Executable Regular Expression Error Vulnerabilities
CWE-625 Permissive Regular Expression Vulnerabilities
CWE-626 Null Byte Interaction Error (Poison Null Byte) Vulnerabilities
CWE-627 Dynamic Variable Evaluation Vulnerabilities
CWE-628 Function Call with Incorrectly Specified Arguments Vulnerabilities
CWE-636 Not Failing Securely ('Failing Open') Vulnerabilities
CWE-637 Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') Vulnerabilities
CWE-638 Not Using Complete Mediation Vulnerabilities
CWE-639 Authorization Bypass Through User-Controlled Key Vulnerabilities
CWE-640 Weak Password Recovery Mechanism for Forgotten Password Vulnerabilities
CWE-641 Improper Restriction of Names for Files and Other Resources Vulnerabilities
CWE-642 External Control of Critical State Data Vulnerabilities
CWE-643 Improper Neutralization of Data within XPath Expressions ('XPath Injection') Vulnerabilities
CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax Vulnerabilities
CWE-645 Overly Restrictive Account Lockout Mechanism Vulnerabilities
CWE-646 Reliance on File Name or Extension of Externally-Supplied File Vulnerabilities
Found 668 CWE definitions
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Please note that CWE definitions are provided as a quick reference only. Visit http://cwe.mitre.org/ for a complete list of CWE entries and for more details.
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!