CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-512 | Spyware | Vulnerabilities |
CWE-511 | Logic/Time Bomb | Vulnerabilities |
CWE-510 | Trapdoor | Vulnerabilities |
CWE-509 | Replicating Malicious Code (Virus or Worm) | Vulnerabilities |
CWE-508 | Non-Replicating Malicious Code | Vulnerabilities |
CWE-507 | Trojan Horse | Vulnerabilities |
CWE-506 | Embedded Malicious Code | Vulnerabilities |
CWE-502 | Deserialization of Untrusted Data | Vulnerabilities |
CWE-501 | Trust Boundary Violation | Vulnerabilities |
CWE-500 | Public Static Field Not Marked Final | Vulnerabilities |
CWE-499 | Serializable Class Containing Sensitive Data | Vulnerabilities |
CWE-498 | Cloneable Class Containing Sensitive Information | Vulnerabilities |
CWE-497 | Exposure of Sensitive System Information to an Unauthorized Control Sphere | Vulnerabilities |
CWE-496 | Public Data Assigned to Private Array-Typed Field | Vulnerabilities |
CWE-495 | Private Data Structure Returned From A Public Method | Vulnerabilities |
CWE-494 | Download of Code Without Integrity Check | Vulnerabilities |
CWE-493 | Critical Public Variable Without Final Modifier | Vulnerabilities |
CWE-492 | Use of Inner Class Containing Sensitive Data | Vulnerabilities |
CWE-491 | Public cloneable() Method Without Final ('Object Hijack') | Vulnerabilities |
CWE-489 | Active Debug Code | Vulnerabilities |
CWE-488 | Exposure of Data Element to Wrong Session | Vulnerabilities |
CWE-487 | Reliance on Package-level Scope | Vulnerabilities |
CWE-486 | Comparison of Classes by Name | Vulnerabilities |
CWE-484 | Omitted Break Statement in Switch | Vulnerabilities |
CWE-483 | Incorrect Block Delimitation | Vulnerabilities |
CWE-482 | Comparing instead of Assigning | Vulnerabilities |
CWE-481 | Assigning instead of Comparing | Vulnerabilities |
CWE-480 | Use of Incorrect Operator | Vulnerabilities |
CWE-479 | Signal Handler Use of a Non-reentrant Function | Vulnerabilities |
CWE-478 | Missing Default Case in Multiple Condition Expression | Vulnerabilities |
CWE-477 | Use of Obsolete Function | Vulnerabilities |
CWE-476 | NULL Pointer Dereference | Vulnerabilities |
CWE-475 | Undefined Behavior for Input to API | Vulnerabilities |
CWE-474 | Use of Function with Inconsistent Implementations | Vulnerabilities |
CWE-473 | PHP External Variable Modification | Vulnerabilities |
CWE-472 | External Control of Assumed-Immutable Web Parameter | Vulnerabilities |
CWE-471 | Modification of Assumed-Immutable Data (MAID) | Vulnerabilities |
CWE-470 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | Vulnerabilities |
CWE-469 | Use of Pointer Subtraction to Determine Size | Vulnerabilities |
CWE-468 | Incorrect Pointer Scaling | Vulnerabilities |
CWE-467 | Use of sizeof() on a Pointer Type | Vulnerabilities |
CWE-466 | Return of Pointer Value Outside of Expected Range | Vulnerabilities |
CWE-464 | Addition of Data Structure Sentinel | Vulnerabilities |
CWE-463 | Deletion of Data Structure Sentinel | Vulnerabilities |
CWE-462 | Duplicate Key in Associative List (Alist) | Vulnerabilities |
CWE-460 | Improper Cleanup on Thrown Exception | Vulnerabilities |
CWE-459 | Incomplete Cleanup | Vulnerabilities |
CWE-457 | Use of Uninitialized Variable | Vulnerabilities |
CWE-456 | Missing Initialization of a Variable | Vulnerabilities |
CWE-455 | Non-exit on Failed Initialization | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.