CWE Definitions list and vulnerabilities for CWE entries

Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.

CWE Number	Name
CWE-392	Missing Report of Error Condition	Vulnerabilities
CWE-391	Unchecked Error Condition	Vulnerabilities
CWE-390	Detection of Error Condition Without Action	Vulnerabilities
CWE-386	Symbolic Name not Mapping to Correct Object	Vulnerabilities
CWE-385	Covert Timing Channel	Vulnerabilities
CWE-384	Session Fixation	Vulnerabilities
CWE-383	J2EE Bad Practices: Direct Use of Threads	Vulnerabilities
CWE-382	J2EE Bad Practices: Use of System.exit()	Vulnerabilities
CWE-379	Creation of Temporary File in Directory with Insecure Permissions	Vulnerabilities
CWE-378	Creation of Temporary File With Insecure Permissions	Vulnerabilities
CWE-377	Insecure Temporary File	Vulnerabilities
CWE-375	Returning a Mutable Object to an Untrusted Caller	Vulnerabilities
CWE-374	Passing Mutable Objects to an Untrusted Method	Vulnerabilities
CWE-372	Incomplete Internal State Distinction	Vulnerabilities
CWE-370	Missing Check for Certificate Revocation after Initial Check	Vulnerabilities
CWE-369	Divide By Zero	Vulnerabilities
CWE-368	Context Switching Race Condition	Vulnerabilities
CWE-367	Time-of-check Time-of-use (TOCTOU) Race Condition	Vulnerabilities
CWE-366	Race Condition within a Thread	Vulnerabilities
CWE-364	Signal Handler Race Condition	Vulnerabilities
CWE-363	Race Condition Enabling Link Following	Vulnerabilities
CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Vulnerabilities
CWE-360	Trust of System Event Data	Vulnerabilities
CWE-359	Exposure of Private Personal Information to an Unauthorized Actor	Vulnerabilities
CWE-358	Improperly Implemented Security Check for Standard	Vulnerabilities
CWE-357	Insufficient UI Warning of Dangerous Operations	Vulnerabilities
CWE-356	Product UI does not Warn User of Unsafe Actions	Vulnerabilities
CWE-354	Improper Validation of Integrity Check Value	Vulnerabilities
CWE-353	Missing Support for Integrity Check	Vulnerabilities
CWE-352	Cross-Site Request Forgery (CSRF)	Vulnerabilities
CWE-351	Insufficient Type Distinction	Vulnerabilities
CWE-350	Reliance on Reverse DNS Resolution for a Security-Critical Action	Vulnerabilities
CWE-349	Acceptance of Extraneous Untrusted Data With Trusted Data	Vulnerabilities
CWE-348	Use of Less Trusted Source	Vulnerabilities
CWE-347	Improper Verification of Cryptographic Signature	Vulnerabilities
CWE-346	Origin Validation Error	Vulnerabilities
CWE-345	Insufficient Verification of Data Authenticity	Vulnerabilities
CWE-344	Use of Invariant Value in Dynamically Changing Context	Vulnerabilities
CWE-343	Predictable Value Range from Previous Values	Vulnerabilities
CWE-342	Predictable Exact Value from Previous Values	Vulnerabilities
CWE-341	Predictable from Observable State	Vulnerabilities
CWE-340	Generation of Predictable Numbers or Identifiers	Vulnerabilities
CWE-339	Small Seed Space in PRNG	Vulnerabilities
CWE-338	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	Vulnerabilities
CWE-337	Predictable Seed in Pseudo-Random Number Generator (PRNG)	Vulnerabilities
CWE-336	Same Seed in Pseudo-Random Number Generator (PRNG)	Vulnerabilities
CWE-335	Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)	Vulnerabilities
CWE-334	Small Space of Random Values	Vulnerabilities
CWE-333	Improper Handling of Insufficient Entropy in TRNG	Vulnerabilities
CWE-332	Insufficient Entropy in PRNG	Vulnerabilities

Found 668 CWE definitions

1 2 3 4 5 6 7 8 9 10 11 12 13 14

Please note that CWE definitions are provided as a quick reference only. Visit http://cwe.mitre.org/ for a complete list of CWE entries and for more details.