the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew  

CWE Definitions

Select   Select&Copy
CWE Number Name Number Of Related Vulnerabilities
453 Insecure Default Variable Initialization 4
548 Information Leak Through Directory Listing 4
117 Improper Output Sanitization for Logs 3
130 Improper Handling of Length Parameter Inconsistency 3
204 Response Discrepancy Information Leak 3
353 Failure to Add Integrity Check Value 3
405 Asymmetric Resource Consumption (Amplification) 3
440 Expected Behavior Violation 3
497 Exposure of System Data to an Unauthorized Control Sphere 3
648 Incorrect Use of Privileged APIs 3
707 Improper Enforcement of Message or Data Structure 3
805 Buffer Access with Incorrect Length Value 3
95 Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection') 3
112 Missing XML Validation 2
115 Misinterpretation of Input 2
124 Buffer Underwrite ('Buffer Underflow') 2
194 Unexpected Sign Extension 2
202 Privacy Leak through Data Queries 2
228 Improper Handling of Syntactically Invalid Structure 2
240 Improper Handling of Inconsistent Structural Elements 2
241 Improper Handling of Unexpected Data Type 2
280 Improper Handling of Insufficient Permissions or Privileges 2
29 Path Traversal: '\..\filename' 2
300 Channel Accessible by Non-Endpoint ('Man-in-the-Middle') 2
302 Authentication Bypass by Assumed-Immutable Data 2
304 Missing Critical Step in Authentication 2
313 Plaintext Storage in a File or on Disk 2
318 Plaintext Storage in Executable 2
342 Predictable Exact Value from Previous Values 2
350 Improperly Trusted Reverse DNS 2
385 Covert Timing Channel 2
534 Information Leak Through Debug Log Files 2
549 Missing Password Field Masking 2
551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization 2
603 Use of Client-Side Authentication 2
620 Unverified Password Change 2
642 External Control of Critical State Data 2
657 Violation of Secure Design Principles 2
664 Improper Control of a Resource Through its Lifetime 2
708 Incorrect Ownership Assignment 2
75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) 2
757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') 2
760 Use of a One-Way Hash with a Predictable Salt 2
778 Insufficient Logging 2
807 Reliance on Untrusted Inputs in a Security Decision 2
114 Process Control 1
138 Improper Neutralization of Special Elements 1
141 Improper Neutralization of Parameter/Argument Delimiters 1
146 Improper Neutralization of Expression/Command Delimiters 1
15 External Control of System or Configuration Setting 1
Total number of cwe definitions : 668   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11 12 13 14
The CWE definitions are only provided as a quick reference.They are not complete and may not be up to date!
You must visit for a complete list of CWE entries and for more details.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.