CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-691 | Insufficient Control Flow Management | Vulnerabilities |
CWE-690 | Unchecked Return Value to NULL Pointer Dereference | Vulnerabilities |
CWE-689 | Permission Race Condition During Resource Copy | Vulnerabilities |
CWE-688 | Function Call With Incorrect Variable or Reference as Argument | Vulnerabilities |
CWE-687 | Function Call With Incorrectly Specified Argument Value | Vulnerabilities |
CWE-686 | Function Call With Incorrect Argument Type | Vulnerabilities |
CWE-685 | Function Call With Incorrect Number of Arguments | Vulnerabilities |
CWE-684 | Incorrect Provision of Specified Functionality | Vulnerabilities |
CWE-683 | Function Call With Incorrect Order of Arguments | Vulnerabilities |
CWE-682 | Incorrect Calculation | Vulnerabilities |
CWE-681 | Incorrect Conversion between Numeric Types | Vulnerabilities |
CWE-680 | Integer Overflow to Buffer Overflow | Vulnerabilities |
CWE-676 | Use of Potentially Dangerous Function | Vulnerabilities |
CWE-675 | Multiple Operations on Resource in Single-Operation Context | Vulnerabilities |
CWE-674 | Uncontrolled Recursion | Vulnerabilities |
CWE-673 | External Influence of Sphere Definition | Vulnerabilities |
CWE-672 | Operation on a Resource after Expiration or Release | Vulnerabilities |
CWE-671 | Lack of Administrator Control over Security | Vulnerabilities |
CWE-670 | Always-Incorrect Control Flow Implementation | Vulnerabilities |
CWE-669 | Incorrect Resource Transfer Between Spheres | Vulnerabilities |
CWE-668 | Exposure of Resource to Wrong Sphere | Vulnerabilities |
CWE-667 | Improper Locking | Vulnerabilities |
CWE-666 | Operation on Resource in Wrong Phase of Lifetime | Vulnerabilities |
CWE-665 | Improper Initialization | Vulnerabilities |
CWE-664 | Improper Control of a Resource Through its Lifetime | Vulnerabilities |
CWE-663 | Use of a Non-reentrant Function in a Concurrent Context | Vulnerabilities |
CWE-662 | Improper Synchronization | Vulnerabilities |
CWE-657 | Violation of Secure Design Principles | Vulnerabilities |
CWE-656 | Reliance on Security Through Obscurity | Vulnerabilities |
CWE-655 | Insufficient Psychological Acceptability | Vulnerabilities |
CWE-654 | Reliance on a Single Factor in a Security Decision | Vulnerabilities |
CWE-653 | Improper Isolation or Compartmentalization | Vulnerabilities |
CWE-652 | Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') | Vulnerabilities |
CWE-651 | Exposure of WSDL File Containing Sensitive Information | Vulnerabilities |
CWE-650 | Trusting HTTP Permission Methods on the Server Side | Vulnerabilities |
CWE-649 | Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking | Vulnerabilities |
CWE-648 | Incorrect Use of Privileged APIs | Vulnerabilities |
CWE-647 | Use of Non-Canonical URL Paths for Authorization Decisions | Vulnerabilities |
CWE-646 | Reliance on File Name or Extension of Externally-Supplied File | Vulnerabilities |
CWE-645 | Overly Restrictive Account Lockout Mechanism | Vulnerabilities |
CWE-644 | Improper Neutralization of HTTP Headers for Scripting Syntax | Vulnerabilities |
CWE-643 | Improper Neutralization of Data within XPath Expressions ('XPath Injection') | Vulnerabilities |
CWE-642 | External Control of Critical State Data | Vulnerabilities |
CWE-641 | Improper Restriction of Names for Files and Other Resources | Vulnerabilities |
CWE-640 | Weak Password Recovery Mechanism for Forgotten Password | Vulnerabilities |
CWE-639 | Authorization Bypass Through User-Controlled Key | Vulnerabilities |
CWE-638 | Not Using Complete Mediation | Vulnerabilities |
CWE-637 | Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') | Vulnerabilities |
CWE-636 | Not Failing Securely ('Failing Open') | Vulnerabilities |
CWE-628 | Function Call with Incorrectly Specified Arguments | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.