CWE Definitions list and vulnerabilities for CWE entries

Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.

CWE Number	Name
CWE-454	External Initialization of Trusted Variables or Data Stores	Vulnerabilities
CWE-453	Insecure Default Variable Initialization	Vulnerabilities
CWE-451	User Interface (UI) Misrepresentation of Critical Information	Vulnerabilities
CWE-450	Multiple Interpretations of UI Input	Vulnerabilities
CWE-449	The UI Performs the Wrong Action	Vulnerabilities
CWE-448	Obsolete Feature in UI	Vulnerabilities
CWE-447	Unimplemented or Unsupported Feature in UI	Vulnerabilities
CWE-446	UI Discrepancy for Security Feature	Vulnerabilities
CWE-444	Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')	Vulnerabilities
CWE-441	Unintended Proxy or Intermediary ('Confused Deputy')	Vulnerabilities
CWE-440	Expected Behavior Violation	Vulnerabilities
CWE-439	Behavioral Change in New Version or Environment	Vulnerabilities
CWE-437	Incomplete Model of Endpoint Features	Vulnerabilities
CWE-436	Interpretation Conflict	Vulnerabilities
CWE-435	Improper Interaction Between Multiple Correctly-Behaving Entities	Vulnerabilities
CWE-434	Unrestricted Upload of File with Dangerous Type	Vulnerabilities
CWE-433	Unparsed Raw Web Content Delivery	Vulnerabilities
CWE-432	Dangerous Signal Handler not Disabled During Sensitive Operations	Vulnerabilities
CWE-431	Missing Handler	Vulnerabilities
CWE-430	Deployment of Wrong Handler	Vulnerabilities
CWE-428	Unquoted Search Path or Element	Vulnerabilities
CWE-427	Uncontrolled Search Path Element	Vulnerabilities
CWE-426	Untrusted Search Path	Vulnerabilities
CWE-425	Direct Request ('Forced Browsing')	Vulnerabilities
CWE-424	Improper Protection of Alternate Path	Vulnerabilities
CWE-422	Unprotected Windows Messaging Channel ('Shatter')	Vulnerabilities
CWE-421	Race Condition During Access to Alternate Channel	Vulnerabilities
CWE-420	Unprotected Alternate Channel	Vulnerabilities
CWE-419	Unprotected Primary Channel	Vulnerabilities
CWE-416	Use After Free	Vulnerabilities
CWE-415	Double Free	Vulnerabilities
CWE-414	Missing Lock Check	Vulnerabilities
CWE-413	Improper Resource Locking	Vulnerabilities
CWE-412	Unrestricted Externally Accessible Lock	Vulnerabilities
CWE-410	Insufficient Resource Pool	Vulnerabilities
CWE-409	Improper Handling of Highly Compressed Data (Data Amplification)	Vulnerabilities
CWE-408	Incorrect Behavior Order: Early Amplification	Vulnerabilities
CWE-407	Inefficient Algorithmic Complexity	Vulnerabilities
CWE-406	Insufficient Control of Network Message Volume (Network Amplification)	Vulnerabilities
CWE-405	Asymmetric Resource Consumption (Amplification)	Vulnerabilities
CWE-404	Improper Resource Shutdown or Release	Vulnerabilities
CWE-403	Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')	Vulnerabilities
CWE-402	Transmission of Private Resources into a New Sphere ('Resource Leak')	Vulnerabilities
CWE-401	Missing Release of Memory after Effective Lifetime	Vulnerabilities
CWE-400	Uncontrolled Resource Consumption	Vulnerabilities
CWE-397	Declaration of Throws for Generic Exception	Vulnerabilities
CWE-396	Declaration of Catch for Generic Exception	Vulnerabilities
CWE-395	Use of NullPointerException Catch to Detect NULL Pointer Dereference	Vulnerabilities
CWE-394	Unexpected Status Code or Return Value	Vulnerabilities
CWE-393	Return of Wrong Status Code	Vulnerabilities

Found 668 CWE definitions

1 2 3 4 5 6 7 8 9 10 11 12 13 14

Please note that CWE definitions are provided as a quick reference only. Visit http://cwe.mitre.org/ for a complete list of CWE entries and for more details.