Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number Name
CWE-62 UNIX Hard Link Vulnerabilities
CWE-64 Windows Shortcut Following (.LNK) Vulnerabilities
CWE-65 Windows Hard Link Vulnerabilities
CWE-66 Improper Handling of File Names that Identify Virtual Resources Vulnerabilities
CWE-67 Improper Handling of Windows Device Names Vulnerabilities
CWE-69 Improper Handling of Windows ::DATA Alternate Data Stream Vulnerabilities
CWE-72 Improper Handling of Apple HFS+ Alternate Data Stream Path Vulnerabilities
CWE-73 External Control of File Name or Path Vulnerabilities
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerabilities
CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) Vulnerabilities
CWE-76 Improper Neutralization of Equivalent Special Elements Vulnerabilities
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerabilities
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerabilities
CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerabilities
CWE-81 Improper Neutralization of Script in an Error Message Web Page Vulnerabilities
CWE-82 Improper Neutralization of Script in Attributes of IMG Tags in a Web Page Vulnerabilities
CWE-83 Improper Neutralization of Script in Attributes in a Web Page Vulnerabilities
CWE-84 Improper Neutralization of Encoded URI Schemes in a Web Page Vulnerabilities
CWE-85 Doubled Character XSS Manipulations Vulnerabilities
CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages Vulnerabilities
CWE-87 Improper Neutralization of Alternate XSS Syntax Vulnerabilities
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerabilities
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerabilities
CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') Vulnerabilities
CWE-91 XML Injection (aka Blind XPath Injection) Vulnerabilities
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerabilities
CWE-94 Improper Control of Generation of Code ('Code Injection') Vulnerabilities
CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerabilities
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') Vulnerabilities
CWE-97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page Vulnerabilities
CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') Vulnerabilities
CWE-99 Improper Control of Resource Identifiers ('Resource Injection') Vulnerabilities
CWE-102 Struts: Duplicate Validation Forms Vulnerabilities
CWE-103 Struts: Incomplete validate() Method Definition Vulnerabilities
CWE-104 Struts: Form Bean Does Not Extend Validation Class Vulnerabilities
CWE-105 Struts: Form Field Without Validator Vulnerabilities
CWE-106 Struts: Plug-in Framework not in Use Vulnerabilities
CWE-107 Struts: Unused Validation Form Vulnerabilities
CWE-108 Struts: Unvalidated Action Form Vulnerabilities
CWE-109 Struts: Validator Turned Off Vulnerabilities
CWE-110 Struts: Validator Without Form Field Vulnerabilities
CWE-111 Direct Use of Unsafe JNI Vulnerabilities
CWE-112 Missing XML Validation Vulnerabilities
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') Vulnerabilities
CWE-114 Process Control Vulnerabilities
CWE-115 Misinterpretation of Input Vulnerabilities
CWE-116 Improper Encoding or Escaping of Output Vulnerabilities
CWE-117 Improper Output Neutralization for Logs Vulnerabilities
CWE-118 Incorrect Access of Indexable Resource ('Range Error') Vulnerabilities
Found 668 CWE definitions
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Please note that CWE definitions are provided as a quick reference only. Visit http://cwe.mitre.org/ for a complete list of CWE entries and for more details.
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!