CWE Number
|
Name
|
Number Of Related Vulnerabilities
|
565 |
Reliance on Cookies without Validation and Integrity Checking |
30
|
212 |
Improper Cross-boundary Removal of Sensitive Data |
28
|
436 |
Interpretation Conflict |
28
|
662 |
Insufficient Synchronization |
28
|
113 |
Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
22
|
358 |
Improperly Implemented Security Check for Standard |
21
|
335 |
PRNG Seed Error |
20
|
672 |
Operation on a Resource after Expiration or Release |
19
|
256 |
Plaintext Storage of a Password |
18
|
273 |
Improper Check for Dropped Privileges |
18
|
123 |
Write-what-where Condition |
14
|
178 |
Failure to Resolve Case Sensitivity |
14
|
377 |
Insecure Temporary File |
14
|
118 |
Improper Access of Indexable Resource ('Range Error') |
13
|
250 |
Execution with Unnecessary Privileges |
13
|
266 |
Incorrect Privilege Assignment |
13
|
126 |
Buffer Over-read |
12
|
184 |
Incomplete Blacklist |
12
|
23 |
Relative Path Traversal |
12
|
288 |
Authentication Bypass Using an Alternate Path or Channel |
12
|
321 |
Use of Hard-coded Cryptographic Key |
12
|
80 |
Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS) |
12
|
185 |
Incorrect Regular Expression |
11
|
470 |
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') |
11
|
90 |
Failure to Sanitize Data into LDAP Queries ('LDAP Injection') |
11
|
332 |
Insufficient Entropy in PRNG |
10
|
538 |
File and Directory Information Exposure |
10
|
749 |
Exposed Dangerous Method or Function |
10
|
172 |
Encoding Error |
9
|
297 |
Improper Validation of Host-specific Certificate Data |
9
|
73 |
External Control of File Name or Path |
9
|
359 |
Privacy Violation |
8
|
379 |
Creation of Temporary File in Directory with Incorrect Permissions |
7
|
407 |
Algorithmic Complexity |
7
|
472 |
External Control of Assumed-Immutable Web Parameter |
7
|
789 |
Uncontrolled Memory Allocation |
7
|
170 |
Improper Null Termination |
6
|
201 |
Information Leak Through Sent Data |
6
|
248 |
Uncaught Exception |
6
|
305 |
Authentication Bypass by Primary Weakness |
6
|
457 |
Use of Uninitialized Variable |
6
|
489 |
Leftover Debug Code |
6
|
799 |
Improper Control of Interaction Frequency |
6
|
99 |
Improper Control of Resource Identifiers ('Resource Injection') |
6
|
259 |
Use of Hard-coded Password |
5
|
441 |
Unintended Proxy/Intermediary |
5
|
471 |
Modification of Assumed-Immutable Data (MAID) |
5
|
208 |
Timing Discrepancy Information Leak |
4
|
378 |
Creation of Temporary File With Insecure Permissions |
4
|
406 |
Insufficient Control of Network Message Volume (Network Amplification) |
4
|