Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number Name
CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerabilities
CWE-471 Modification of Assumed-Immutable Data (MAID) Vulnerabilities
CWE-472 External Control of Assumed-Immutable Web Parameter Vulnerabilities
CWE-473 PHP External Variable Modification Vulnerabilities
CWE-474 Use of Function with Inconsistent Implementations Vulnerabilities
CWE-475 Undefined Behavior for Input to API Vulnerabilities
CWE-476 NULL Pointer Dereference Vulnerabilities
CWE-477 Use of Obsolete Function Vulnerabilities
CWE-478 Missing Default Case in Multiple Condition Expression Vulnerabilities
CWE-479 Signal Handler Use of a Non-reentrant Function Vulnerabilities
CWE-480 Use of Incorrect Operator Vulnerabilities
CWE-481 Assigning instead of Comparing Vulnerabilities
CWE-482 Comparing instead of Assigning Vulnerabilities
CWE-483 Incorrect Block Delimitation Vulnerabilities
CWE-484 Omitted Break Statement in Switch Vulnerabilities
CWE-486 Comparison of Classes by Name Vulnerabilities
CWE-487 Reliance on Package-level Scope Vulnerabilities
CWE-488 Exposure of Data Element to Wrong Session Vulnerabilities
CWE-489 Active Debug Code Vulnerabilities
CWE-491 Public cloneable() Method Without Final ('Object Hijack') Vulnerabilities
CWE-492 Use of Inner Class Containing Sensitive Data Vulnerabilities
CWE-493 Critical Public Variable Without Final Modifier Vulnerabilities
CWE-494 Download of Code Without Integrity Check Vulnerabilities
CWE-495 Private Data Structure Returned From A Public Method Vulnerabilities
CWE-496 Public Data Assigned to Private Array-Typed Field Vulnerabilities
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere Vulnerabilities
CWE-498 Cloneable Class Containing Sensitive Information Vulnerabilities
CWE-499 Serializable Class Containing Sensitive Data Vulnerabilities
CWE-500 Public Static Field Not Marked Final Vulnerabilities
CWE-501 Trust Boundary Violation Vulnerabilities
CWE-502 Deserialization of Untrusted Data Vulnerabilities
CWE-506 Embedded Malicious Code Vulnerabilities
CWE-507 Trojan Horse Vulnerabilities
CWE-508 Non-Replicating Malicious Code Vulnerabilities
CWE-509 Replicating Malicious Code (Virus or Worm) Vulnerabilities
CWE-510 Trapdoor Vulnerabilities
CWE-511 Logic/Time Bomb Vulnerabilities
CWE-512 Spyware Vulnerabilities
CWE-514 Covert Channel Vulnerabilities
CWE-515 Covert Storage Channel Vulnerabilities
CWE-520 .NET Misconfiguration: Use of Impersonation Vulnerabilities
CWE-521 Weak Password Requirements Vulnerabilities
CWE-522 Insufficiently Protected Credentials Vulnerabilities
CWE-523 Unprotected Transport of Credentials Vulnerabilities
CWE-524 Use of Cache Containing Sensitive Information Vulnerabilities
CWE-525 Use of Web Browser Cache Containing Sensitive Information Vulnerabilities
CWE-526 Cleartext Storage of Sensitive Information in an Environment Variable Vulnerabilities
CWE-527 Exposure of Version-Control Repository to an Unauthorized Control Sphere Vulnerabilities
CWE-528 Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerabilities
CWE-529 Exposure of Access Control List Files to an Unauthorized Control Sphere Vulnerabilities
Found 668 CWE definitions
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Please note that CWE definitions are provided as a quick reference only. Visit http://cwe.mitre.org/ for a complete list of CWE entries and for more details.
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!