CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
| CWE Number | Name | |
|---|---|---|
| CWE-804 | Guessable CAPTCHA | Vulnerabilities |
| CWE-805 | Buffer Access with Incorrect Length Value | Vulnerabilities |
| CWE-806 | Buffer Access Using Size of Source Buffer | Vulnerabilities |
| CWE-807 | Reliance on Untrusted Inputs in a Security Decision | Vulnerabilities |
| CWE-820 | Missing Synchronization | Vulnerabilities |
| CWE-821 | Incorrect Synchronization | Vulnerabilities |
| CWE-822 | Untrusted Pointer Dereference | Vulnerabilities |
| CWE-823 | Use of Out-of-range Pointer Offset | Vulnerabilities |
| CWE-824 | Access of Uninitialized Pointer | Vulnerabilities |
| CWE-825 | Expired Pointer Dereference | Vulnerabilities |
| CWE-826 | Premature Release of Resource During Expected Lifetime | Vulnerabilities |
| CWE-827 | Improper Control of Document Type Definition | Vulnerabilities |
| CWE-828 | Signal Handler with Functionality that is not Asynchronous-Safe | Vulnerabilities |
| CWE-829 | Inclusion of Functionality from Untrusted Control Sphere | Vulnerabilities |
| CWE-830 | Inclusion of Web Functionality from an Untrusted Source | Vulnerabilities |
| CWE-831 | Signal Handler Function Associated with Multiple Signals | Vulnerabilities |
| CWE-832 | Unlock of a Resource that is not Locked | Vulnerabilities |
| CWE-833 | Deadlock | Vulnerabilities |
| CWE-834 | Excessive Iteration | Vulnerabilities |
| CWE-835 | Loop with Unreachable Exit Condition ('Infinite Loop') | Vulnerabilities |
| CWE-836 | Use of Password Hash Instead of Password for Authentication | Vulnerabilities |
| CWE-837 | Improper Enforcement of a Single, Unique Action | Vulnerabilities |
| CWE-838 | Inappropriate Encoding for Output Context | Vulnerabilities |
| CWE-839 | Numeric Range Comparison Without Minimum Check | Vulnerabilities |
| CWE-841 | Improper Enforcement of Behavioral Workflow | Vulnerabilities |
| CWE-842 | Placement of User into Incorrect Group | Vulnerabilities |
| CWE-843 | Access of Resource Using Incompatible Type ('Type Confusion') | Vulnerabilities |
| CWE-862 | Missing Authorization | Vulnerabilities |
| CWE-863 | Incorrect Authorization | Vulnerabilities |
| CWE-908 | Use of Uninitialized Resource | Vulnerabilities |
| CWE-909 | Missing Initialization of Resource | Vulnerabilities |
| CWE-910 | Use of Expired File Descriptor | Vulnerabilities |
| CWE-911 | Improper Update of Reference Count | Vulnerabilities |
| CWE-912 | Hidden Functionality | Vulnerabilities |
| CWE-913 | Improper Control of Dynamically-Managed Code Resources | Vulnerabilities |
| CWE-914 | Improper Control of Dynamically-Identified Variables | Vulnerabilities |
| CWE-915 | Improperly Controlled Modification of Dynamically-Determined Object Attributes | Vulnerabilities |
| CWE-916 | Use of Password Hash With Insufficient Computational Effort | Vulnerabilities |
| CWE-917 | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') | Vulnerabilities |
| CWE-918 | Server-Side Request Forgery (SSRF) | Vulnerabilities |
| CWE-920 | Improper Restriction of Power Consumption | Vulnerabilities |
| CWE-921 | Storage of Sensitive Data in a Mechanism without Access Control | Vulnerabilities |
| CWE-922 | Insecure Storage of Sensitive Information | Vulnerabilities |
| CWE-923 | Improper Restriction of Communication Channel to Intended Endpoints | Vulnerabilities |
| CWE-924 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel | Vulnerabilities |
| CWE-925 | Improper Verification of Intent by Broadcast Receiver | Vulnerabilities |
| CWE-926 | Improper Export of Android Application Components | Vulnerabilities |
| CWE-927 | Use of Implicit Intent for Sensitive Communication | Vulnerabilities |
| CWE-939 | Improper Authorization in Handler for Custom URL Scheme | Vulnerabilities |
| CWE-940 | Improper Verification of Source of a Communication Channel | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.