the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew  

CWE Definitions

Select   Select&Copy
CWE Number Name Number Of Related Vulnerabilities
645 Overly Restrictive Account Lockout Mechanism
646 Reliance on File Name or Extension of Externally-Supplied File
647 Use of Non-Canonical URL Paths for Authorization Decisions
65 Windows Hard Link
650 Trusting HTTP Permission Methods on the Server Side
651 Information Leak through WSDL File
652 Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
654 Reliance on a Single Factor in a Security Decision
655 Insufficient Psychological Acceptability
656 Reliance on Security through Obscurity
66 Improper Handling of File Names that Identify Virtual Resources
663 Use of a Non-reentrant Function in an Unsynchronized Context
666 Operation on Resource in Wrong Phase of Lifetime
67 Improper Handling of Windows Device Names
673 External Influence of Sphere Definition
675 Duplicate Operations on Resource
676 Use of Potentially Dangerous Function
683 Function Call With Incorrect Order of Arguments
685 Function Call With Incorrect Number of Arguments
686 Function Call With Incorrect Argument Type
687 Function Call With Incorrectly Specified Argument Value
69 Failure to Handle Windows ::DATA Alternate Data Stream
691 Insufficient Control Flow Management
694 Use of Multiple Resources with Duplicate Identifier
695 Use of Low-Level Functionality
696 Incorrect Behavior Order
698 Redirect Without Exit
7 J2EE Misconfiguration: Missing Custom Error Page
705 Incorrect Control Flow Scoping
71 Apple '.DS_Store'
72 Improper Handling of Apple HFS+ Alternate Data Stream Path
733 Compiler Optimization Removal or Modification of Security-critical Code
758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
761 Free of Pointer not at Start of Buffer
762 Mismatched Memory Management Routines
764 Multiple Locks of a Critical Resource
765 Multiple Unlocks of a Critical Resource
766 Critical Variable Declared Public
767 Access to Critical Private Variable via Public Method
768 Incorrect Short Circuit Evaluation
771 Missing Reference to Active Allocated Resource
773 Missing Reference to Active File Descriptor or Handle
777 Regular Expression without Anchors
780 Use of RSA Algorithm without OAEP
781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
782 Exposed IOCTL with Insufficient Access Control
783 Operator Precedence Logic Error
784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
785 Use of Path Manipulation Function without Maximum-sized Buffer
791 Incomplete Filtering of Special Elements
Total number of cwe definitions : 668   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14
The CWE definitions are only provided as a quick reference.They are not complete and may not be up to date!
You must visit for a complete list of CWE entries and for more details.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.