CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-1116 | Inaccurate Comments | Vulnerabilities |
CWE-1115 | Source Code Element without Standard Prologue | Vulnerabilities |
CWE-1114 | Inappropriate Whitespace Style | Vulnerabilities |
CWE-1113 | Inappropriate Comment Style | Vulnerabilities |
CWE-1112 | Incomplete Documentation of Program Execution | Vulnerabilities |
CWE-1111 | Incomplete I/O Documentation | Vulnerabilities |
CWE-1110 | Incomplete Design Documentation | Vulnerabilities |
CWE-1109 | Use of Same Variable for Multiple Purposes | Vulnerabilities |
CWE-1108 | Excessive Reliance on Global Variables | Vulnerabilities |
CWE-1107 | Insufficient Isolation of Symbolic Constant Definitions | Vulnerabilities |
CWE-1106 | Insufficient Use of Symbolic Constants | Vulnerabilities |
CWE-1105 | Insufficient Encapsulation of Machine-Dependent Functionality | Vulnerabilities |
CWE-1104 | Use of Unmaintained Third Party Components | Vulnerabilities |
CWE-1103 | Use of Platform-Dependent Third Party Components | Vulnerabilities |
CWE-1102 | Reliance on Machine-Dependent Data Representation | Vulnerabilities |
CWE-1101 | Reliance on Runtime Component in Generated Code | Vulnerabilities |
CWE-1100 | Insufficient Isolation of System-Dependent Functions | Vulnerabilities |
CWE-1099 | Inconsistent Naming Conventions for Identifiers | Vulnerabilities |
CWE-1098 | Data Element containing Pointer Item without Proper Copy Control Element | Vulnerabilities |
CWE-1097 | Persistent Storable Data Element without Associated Comparison Control Element | Vulnerabilities |
CWE-1096 | Singleton Class Instance Creation without Proper Locking or Synchronization | Vulnerabilities |
CWE-1095 | Loop Condition Value Update within the Loop | Vulnerabilities |
CWE-1094 | Excessive Index Range Scan for a Data Resource | Vulnerabilities |
CWE-1093 | Excessively Complex Data Representation | Vulnerabilities |
CWE-1092 | Use of Same Invokable Control Element in Multiple Architectural Layers | Vulnerabilities |
CWE-1091 | Use of Object without Invoking Destructor Method | Vulnerabilities |
CWE-1090 | Method Containing Access of a Member Element from Another Class | Vulnerabilities |
CWE-1089 | Large Data Table with Excessive Number of Indices | Vulnerabilities |
CWE-1088 | Synchronous Access of Remote Resource without Timeout | Vulnerabilities |
CWE-1087 | Class with Virtual Method without a Virtual Destructor | Vulnerabilities |
CWE-1086 | Class with Excessive Number of Child Classes | Vulnerabilities |
CWE-1085 | Invokable Control Element with Excessive Volume of Commented-out Code | Vulnerabilities |
CWE-1084 | Invokable Control Element with Excessive File or Data Access Operations | Vulnerabilities |
CWE-1083 | Data Access from Outside Expected Data Manager Component | Vulnerabilities |
CWE-1082 | Class Instance Self Destruction Control Element | Vulnerabilities |
CWE-1080 | Source Code File with Excessive Number of Lines of Code | Vulnerabilities |
CWE-1079 | Parent Class without Virtual Destructor Method | Vulnerabilities |
CWE-1078 | Inappropriate Source Code Style or Formatting | Vulnerabilities |
CWE-1077 | Floating Point Comparison with Incorrect Operator | Vulnerabilities |
CWE-1076 | Insufficient Adherence to Expected Conventions | Vulnerabilities |
CWE-1075 | Unconditional Control Flow Transfer outside of Switch Block | Vulnerabilities |
CWE-1074 | Class with Excessively Deep Inheritance | Vulnerabilities |
CWE-1073 | Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses | Vulnerabilities |
CWE-1072 | Data Resource Access without Use of Connection Pooling | Vulnerabilities |
CWE-1071 | Empty Code Block | Vulnerabilities |
CWE-1070 | Serializable Data Element Containing non-Serializable Item Elements | Vulnerabilities |
CWE-1069 | Empty Exception Block | Vulnerabilities |
CWE-1068 | Inconsistency Between Implementation and Documented Design | Vulnerabilities |
CWE-1067 | Excessive Execution of Sequential Searches of Data Resource | Vulnerabilities |
CWE-1066 | Missing Serialization Control Element | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.