the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew  

CWE Definitions

Select   Select&Copy
CWE Number Name Number Of Related Vulnerabilities
71 Apple '.DS_Store'
710 Coding Standards Violation
72 Improper Handling of Apple HFS+ Alternate Data Stream Path
73 External Control of File Name or Path
732 Incorrect Permission Assignment for Critical Resource
733 Compiler Optimization Removal or Modification of Security-critical Code
75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
755 Improper Handling of Exceptional Conditions
756 Missing Custom Error Page
757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
759 Use of a One-Way Hash without a Salt
76 Failure to Resolve Equivalent Special Elements into a Different Plane
760 Use of a One-Way Hash with a Predictable Salt
761 Free of Pointer not at Start of Buffer
762 Mismatched Memory Management Routines
763 Release of Invalid Pointer or Reference
764 Multiple Locks of a Critical Resource
765 Multiple Unlocks of a Critical Resource
766 Critical Variable Declared Public
767 Access to Critical Private Variable via Public Method
768 Incorrect Short Circuit Evaluation
770 Allocation of Resources Without Limits or Throttling
771 Missing Reference to Active Allocated Resource
772 Missing Release of Resource after Effective Lifetime
773 Missing Reference to Active File Descriptor or Handle
774 Allocation of File Descriptors or Handles Without Limits or Throttling
776 Unrestricted Recursive Entity References in DTDs ('XML Bomb')
777 Regular Expression without Anchors
778 Insufficient Logging
779 Logging of Excessive Data
780 Use of RSA Algorithm without OAEP
781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
782 Exposed IOCTL with Insufficient Access Control
783 Operator Precedence Logic Error
784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
785 Use of Path Manipulation Function without Maximum-sized Buffer
786 Access of Memory Location Before Start of Buffer
788 Access of Memory Location After End of Buffer
789 Uncontrolled Memory Allocation
790 Improper Filtering of Special Elements
791 Incomplete Filtering of Special Elements
792 Incomplete Filtering of One or More Instances of Special Elements
793 Only Filtering One Instance of a Special Element
794 Incomplete Filtering of Multiple Instances of Special Elements
795 Only Filtering Special Elements at a Specified Location
796 Only Filtering Special Elements Relative to a Marker
797 Only Filtering Special Elements at an Absolute Position
799 Improper Control of Interaction Frequency
8 J2EE Misconfiguration: Entity Bean Declared Remote
Total number of cwe definitions : 668   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14
The CWE definitions are only provided as a quick reference.They are not complete and may not be up to date!
You must visit for a complete list of CWE entries and for more details.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.