the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew  

CWE Definitions

Select   Select&Copy
CWE Number Name Number Of Related Vulnerabilities
789 Uncontrolled Memory Allocation
788 Access of Memory Location After End of Buffer
787 Out-of-bounds Write
786 Access of Memory Location Before Start of Buffer
785 Use of Path Manipulation Function without Maximum-sized Buffer
784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
783 Operator Precedence Logic Error
782 Exposed IOCTL with Insufficient Access Control
781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
780 Use of RSA Algorithm without OAEP
779 Logging of Excessive Data
778 Insufficient Logging
777 Regular Expression without Anchors
776 Unrestricted Recursive Entity References in DTDs ('XML Bomb')
775 Missing Release of File Descriptor or Handle after Effective Lifetime
774 Allocation of File Descriptors or Handles Without Limits or Throttling
773 Missing Reference to Active File Descriptor or Handle
772 Missing Release of Resource after Effective Lifetime
771 Missing Reference to Active Allocated Resource
770 Allocation of Resources Without Limits or Throttling
768 Incorrect Short Circuit Evaluation
767 Access to Critical Private Variable via Public Method
766 Critical Variable Declared Public
765 Multiple Unlocks of a Critical Resource
764 Multiple Locks of a Critical Resource
763 Release of Invalid Pointer or Reference
762 Mismatched Memory Management Routines
761 Free of Pointer not at Start of Buffer
760 Use of a One-Way Hash with a Predictable Salt
76 Failure to Resolve Equivalent Special Elements into a Different Plane
759 Use of a One-Way Hash without a Salt
758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
756 Missing Custom Error Page
755 Improper Handling of Exceptional Conditions
754 Improper Check for Unusual or Exceptional Conditions
75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
749 Exposed Dangerous Method or Function
733 Compiler Optimization Removal or Modification of Security-critical Code
732 Incorrect Permission Assignment for Critical Resource
73 External Control of File Name or Path
72 Improper Handling of Apple HFS+ Alternate Data Stream Path
710 Coding Standards Violation
71 Apple '.DS_Store'
708 Incorrect Ownership Assignment
707 Improper Enforcement of Message or Data Structure
706 Use of Incorrectly-Resolved Name or Reference
705 Incorrect Control Flow Scoping
704 Incorrect Type Conversion or Cast
703 Failure to Handle Exceptional Conditions
Total number of cwe definitions : 668   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14
The CWE definitions are only provided as a quick reference.They are not complete and may not be up to date!
You must visit for a complete list of CWE entries and for more details.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.