Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number Name
CWE-627 Dynamic Variable Evaluation Vulnerabilities
CWE-626 Null Byte Interaction Error (Poison Null Byte) Vulnerabilities
CWE-625 Permissive Regular Expression Vulnerabilities
CWE-624 Executable Regular Expression Error Vulnerabilities
CWE-623 Unsafe ActiveX Control Marked Safe For Scripting Vulnerabilities
CWE-622 Improper Validation of Function Hook Arguments Vulnerabilities
CWE-621 Variable Extraction Error Vulnerabilities
CWE-620 Unverified Password Change Vulnerabilities
CWE-619 Dangling Database Cursor ('Cursor Injection') Vulnerabilities
CWE-618 Exposed Unsafe ActiveX Method Vulnerabilities
CWE-617 Reachable Assertion Vulnerabilities
CWE-616 Incomplete Identification of Uploaded File Variables (PHP) Vulnerabilities
CWE-615 Inclusion of Sensitive Information in Source Code Comments Vulnerabilities
CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Vulnerabilities
CWE-613 Insufficient Session Expiration Vulnerabilities
CWE-612 Improper Authorization of Index Containing Sensitive Information Vulnerabilities
CWE-611 Improper Restriction of XML External Entity Reference Vulnerabilities
CWE-610 Externally Controlled Reference to a Resource in Another Sphere Vulnerabilities
CWE-609 Double-Checked Locking Vulnerabilities
CWE-608 Struts: Non-private Field in ActionForm Class Vulnerabilities
CWE-607 Public Static Final Field References Mutable Object Vulnerabilities
CWE-606 Unchecked Input for Loop Condition Vulnerabilities
CWE-605 Multiple Binds to the Same Port Vulnerabilities
CWE-603 Use of Client-Side Authentication Vulnerabilities
CWE-602 Client-Side Enforcement of Server-Side Security Vulnerabilities
CWE-601 URL Redirection to Untrusted Site ('Open Redirect') Vulnerabilities
CWE-600 Uncaught Exception in Servlet Vulnerabilities
CWE-599 Missing Validation of OpenSSL Certificate Vulnerabilities
CWE-598 Use of GET Request Method With Sensitive Query Strings Vulnerabilities
CWE-597 Use of Wrong Operator in String Comparison Vulnerabilities
CWE-595 Comparison of Object References Instead of Object Contents Vulnerabilities
CWE-594 J2EE Framework: Saving Unserializable Objects to Disk Vulnerabilities
CWE-593 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created Vulnerabilities
CWE-591 Sensitive Data Storage in Improperly Locked Memory Vulnerabilities
CWE-590 Free of Memory not on the Heap Vulnerabilities
CWE-589 Call to Non-ubiquitous API Vulnerabilities
CWE-588 Attempt to Access Child of a Non-structure Pointer Vulnerabilities
CWE-587 Assignment of a Fixed Address to a Pointer Vulnerabilities
CWE-586 Explicit Call to Finalize() Vulnerabilities
CWE-585 Empty Synchronized Block Vulnerabilities
CWE-584 Return Inside Finally Block Vulnerabilities
CWE-583 finalize() Method Declared Public Vulnerabilities
CWE-582 Array Declared Public, Final, and Static Vulnerabilities
CWE-581 Object Model Violation: Just One of Equals and Hashcode Defined Vulnerabilities
CWE-580 clone() Method Without super.clone() Vulnerabilities
CWE-579 J2EE Bad Practices: Non-serializable Object Stored in Session Vulnerabilities
CWE-578 EJB Bad Practices: Use of Class Loader Vulnerabilities
CWE-577 EJB Bad Practices: Use of Sockets Vulnerabilities
CWE-576 EJB Bad Practices: Use of Java I/O Vulnerabilities
CWE-575 EJB Bad Practices: Use of AWT Swing Vulnerabilities
Found 668 CWE definitions
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Please note that CWE definitions are provided as a quick reference only. Visit http://cwe.mitre.org/ for a complete list of CWE entries and for more details.
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!