CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-392 | Missing Report of Error Condition | Vulnerabilities |
CWE-391 | Unchecked Error Condition | Vulnerabilities |
CWE-390 | Detection of Error Condition Without Action | Vulnerabilities |
CWE-386 | Symbolic Name not Mapping to Correct Object | Vulnerabilities |
CWE-385 | Covert Timing Channel | Vulnerabilities |
CWE-384 | Session Fixation | Vulnerabilities |
CWE-383 | J2EE Bad Practices: Direct Use of Threads | Vulnerabilities |
CWE-382 | J2EE Bad Practices: Use of System.exit() | Vulnerabilities |
CWE-379 | Creation of Temporary File in Directory with Insecure Permissions | Vulnerabilities |
CWE-378 | Creation of Temporary File With Insecure Permissions | Vulnerabilities |
CWE-377 | Insecure Temporary File | Vulnerabilities |
CWE-375 | Returning a Mutable Object to an Untrusted Caller | Vulnerabilities |
CWE-374 | Passing Mutable Objects to an Untrusted Method | Vulnerabilities |
CWE-372 | Incomplete Internal State Distinction | Vulnerabilities |
CWE-370 | Missing Check for Certificate Revocation after Initial Check | Vulnerabilities |
CWE-369 | Divide By Zero | Vulnerabilities |
CWE-368 | Context Switching Race Condition | Vulnerabilities |
CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition | Vulnerabilities |
CWE-366 | Race Condition within a Thread | Vulnerabilities |
CWE-364 | Signal Handler Race Condition | Vulnerabilities |
CWE-363 | Race Condition Enabling Link Following | Vulnerabilities |
CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | Vulnerabilities |
CWE-360 | Trust of System Event Data | Vulnerabilities |
CWE-359 | Exposure of Private Personal Information to an Unauthorized Actor | Vulnerabilities |
CWE-358 | Improperly Implemented Security Check for Standard | Vulnerabilities |
CWE-357 | Insufficient UI Warning of Dangerous Operations | Vulnerabilities |
CWE-356 | Product UI does not Warn User of Unsafe Actions | Vulnerabilities |
CWE-354 | Improper Validation of Integrity Check Value | Vulnerabilities |
CWE-353 | Missing Support for Integrity Check | Vulnerabilities |
CWE-352 | Cross-Site Request Forgery (CSRF) | Vulnerabilities |
CWE-351 | Insufficient Type Distinction | Vulnerabilities |
CWE-350 | Reliance on Reverse DNS Resolution for a Security-Critical Action | Vulnerabilities |
CWE-349 | Acceptance of Extraneous Untrusted Data With Trusted Data | Vulnerabilities |
CWE-348 | Use of Less Trusted Source | Vulnerabilities |
CWE-347 | Improper Verification of Cryptographic Signature | Vulnerabilities |
CWE-346 | Origin Validation Error | Vulnerabilities |
CWE-345 | Insufficient Verification of Data Authenticity | Vulnerabilities |
CWE-344 | Use of Invariant Value in Dynamically Changing Context | Vulnerabilities |
CWE-343 | Predictable Value Range from Previous Values | Vulnerabilities |
CWE-342 | Predictable Exact Value from Previous Values | Vulnerabilities |
CWE-341 | Predictable from Observable State | Vulnerabilities |
CWE-340 | Generation of Predictable Numbers or Identifiers | Vulnerabilities |
CWE-339 | Small Seed Space in PRNG | Vulnerabilities |
CWE-338 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | Vulnerabilities |
CWE-337 | Predictable Seed in Pseudo-Random Number Generator (PRNG) | Vulnerabilities |
CWE-336 | Same Seed in Pseudo-Random Number Generator (PRNG) | Vulnerabilities |
CWE-335 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) | Vulnerabilities |
CWE-334 | Small Space of Random Values | Vulnerabilities |
CWE-333 | Improper Handling of Insufficient Entropy in TRNG | Vulnerabilities |
CWE-332 | Insufficient Entropy in PRNG | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.