CWE Definitions list and vulnerabilities for CWE entries

Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.

CWE Number	Name
CWE-291	Reliance on IP Address for Authentication	Vulnerabilities
CWE-293	Using Referer Field for Authentication	Vulnerabilities
CWE-294	Authentication Bypass by Capture-replay	Vulnerabilities
CWE-295	Improper Certificate Validation	Vulnerabilities
CWE-296	Improper Following of a Certificate's Chain of Trust	Vulnerabilities
CWE-297	Improper Validation of Certificate with Host Mismatch	Vulnerabilities
CWE-298	Improper Validation of Certificate Expiration	Vulnerabilities
CWE-299	Improper Check for Certificate Revocation	Vulnerabilities
CWE-300	Channel Accessible by Non-Endpoint	Vulnerabilities
CWE-301	Reflection Attack in an Authentication Protocol	Vulnerabilities
CWE-302	Authentication Bypass by Assumed-Immutable Data	Vulnerabilities
CWE-303	Incorrect Implementation of Authentication Algorithm	Vulnerabilities
CWE-304	Missing Critical Step in Authentication	Vulnerabilities
CWE-305	Authentication Bypass by Primary Weakness	Vulnerabilities
CWE-306	Missing Authentication for Critical Function	Vulnerabilities
CWE-307	Improper Restriction of Excessive Authentication Attempts	Vulnerabilities
CWE-308	Use of Single-factor Authentication	Vulnerabilities
CWE-309	Use of Password System for Primary Authentication	Vulnerabilities
CWE-311	Missing Encryption of Sensitive Data	Vulnerabilities
CWE-312	Cleartext Storage of Sensitive Information	Vulnerabilities
CWE-313	Cleartext Storage in a File or on Disk	Vulnerabilities
CWE-314	Cleartext Storage in the Registry	Vulnerabilities
CWE-315	Cleartext Storage of Sensitive Information in a Cookie	Vulnerabilities
CWE-316	Cleartext Storage of Sensitive Information in Memory	Vulnerabilities
CWE-317	Cleartext Storage of Sensitive Information in GUI	Vulnerabilities
CWE-318	Cleartext Storage of Sensitive Information in Executable	Vulnerabilities
CWE-319	Cleartext Transmission of Sensitive Information	Vulnerabilities
CWE-321	Use of Hard-coded Cryptographic Key	Vulnerabilities
CWE-322	Key Exchange without Entity Authentication	Vulnerabilities
CWE-323	Reusing a Nonce, Key Pair in Encryption	Vulnerabilities
CWE-324	Use of a Key Past its Expiration Date	Vulnerabilities
CWE-325	Missing Cryptographic Step	Vulnerabilities
CWE-326	Inadequate Encryption Strength	Vulnerabilities
CWE-327	Use of a Broken or Risky Cryptographic Algorithm	Vulnerabilities
CWE-328	Use of Weak Hash	Vulnerabilities
CWE-329	Generation of Predictable IV with CBC Mode	Vulnerabilities
CWE-330	Use of Insufficiently Random Values	Vulnerabilities
CWE-331	Insufficient Entropy	Vulnerabilities
CWE-332	Insufficient Entropy in PRNG	Vulnerabilities
CWE-333	Improper Handling of Insufficient Entropy in TRNG	Vulnerabilities
CWE-334	Small Space of Random Values	Vulnerabilities
CWE-335	Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)	Vulnerabilities
CWE-336	Same Seed in Pseudo-Random Number Generator (PRNG)	Vulnerabilities
CWE-337	Predictable Seed in Pseudo-Random Number Generator (PRNG)	Vulnerabilities
CWE-338	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	Vulnerabilities
CWE-339	Small Seed Space in PRNG	Vulnerabilities
CWE-340	Generation of Predictable Numbers or Identifiers	Vulnerabilities
CWE-341	Predictable from Observable State	Vulnerabilities
CWE-342	Predictable Exact Value from Previous Values	Vulnerabilities
CWE-343	Predictable Value Range from Previous Values	Vulnerabilities

Found 668 CWE definitions

1 2 3 4 5 6 7 8 9 10 11 12 13 14

Please note that CWE definitions are provided as a quick reference only. Visit http://cwe.mitre.org/ for a complete list of CWE entries and for more details.