CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-1065 | Runtime Resource Management Control Element in a Component Built to Run on Application Servers | Vulnerabilities |
CWE-1064 | Invokable Control Element with Signature Containing an Excessive Number of Parameters | Vulnerabilities |
CWE-1063 | Creation of Class Instance within a Static Code Block | Vulnerabilities |
CWE-1062 | Parent Class with References to Child Class | Vulnerabilities |
CWE-1061 | Insufficient Encapsulation | Vulnerabilities |
CWE-1060 | Excessive Number of Inefficient Server-Side Data Accesses | Vulnerabilities |
CWE-1059 | Insufficient Technical Documentation | Vulnerabilities |
CWE-1058 | Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | Vulnerabilities |
CWE-1057 | Data Access Operations Outside of Expected Data Manager Component | Vulnerabilities |
CWE-1056 | Invokable Control Element with Variadic Parameters | Vulnerabilities |
CWE-1055 | Multiple Inheritance from Concrete Classes | Vulnerabilities |
CWE-1054 | Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer | Vulnerabilities |
CWE-1053 | Missing Documentation for Design | Vulnerabilities |
CWE-1052 | Excessive Use of Hard-Coded Literals in Initialization | Vulnerabilities |
CWE-1051 | Initialization with Hard-Coded Network Resource Configuration Data | Vulnerabilities |
CWE-1050 | Excessive Platform Resource Consumption within a Loop | Vulnerabilities |
CWE-1049 | Excessive Data Query Operations in a Large Data Table | Vulnerabilities |
CWE-1048 | Invokable Control Element with Large Number of Outward Calls | Vulnerabilities |
CWE-1047 | Modules with Circular Dependencies | Vulnerabilities |
CWE-1046 | Creation of Immutable Text Using String Concatenation | Vulnerabilities |
CWE-1045 | Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor | Vulnerabilities |
CWE-1044 | Architecture with Number of Horizontal Layers Outside of Expected Range | Vulnerabilities |
CWE-1043 | Data Element Aggregating an Excessively Large Number of Non-Primitive Elements | Vulnerabilities |
CWE-1042 | Static Member Data Element outside of a Singleton Class Element | Vulnerabilities |
CWE-1041 | Use of Redundant Code | Vulnerabilities |
CWE-1039 | Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations | Vulnerabilities |
CWE-1038 | Insecure Automated Optimizations | Vulnerabilities |
CWE-1037 | Processor Optimization Removal or Modification of Security-critical Code | Vulnerabilities |
CWE-1025 | Comparison Using Wrong Factors | Vulnerabilities |
CWE-1024 | Comparison of Incompatible Types | Vulnerabilities |
CWE-1023 | Incomplete Comparison with Missing Factors | Vulnerabilities |
CWE-1022 | Use of Web Link to Untrusted Target with window.opener Access | Vulnerabilities |
CWE-1021 | Improper Restriction of Rendered UI Layers or Frames | Vulnerabilities |
CWE-1007 | Insufficient Visual Distinction of Homoglyphs Presented to User | Vulnerabilities |
CWE-1004 | Sensitive Cookie Without 'HttpOnly' Flag | Vulnerabilities |
CWE-943 | Improper Neutralization of Special Elements in Data Query Logic | Vulnerabilities |
CWE-942 | Permissive Cross-domain Policy with Untrusted Domains | Vulnerabilities |
CWE-941 | Incorrectly Specified Destination in a Communication Channel | Vulnerabilities |
CWE-940 | Improper Verification of Source of a Communication Channel | Vulnerabilities |
CWE-939 | Improper Authorization in Handler for Custom URL Scheme | Vulnerabilities |
CWE-927 | Use of Implicit Intent for Sensitive Communication | Vulnerabilities |
CWE-926 | Improper Export of Android Application Components | Vulnerabilities |
CWE-925 | Improper Verification of Intent by Broadcast Receiver | Vulnerabilities |
CWE-924 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel | Vulnerabilities |
CWE-923 | Improper Restriction of Communication Channel to Intended Endpoints | Vulnerabilities |
CWE-922 | Insecure Storage of Sensitive Information | Vulnerabilities |
CWE-921 | Storage of Sensitive Data in a Mechanism without Access Control | Vulnerabilities |
CWE-920 | Improper Restriction of Power Consumption | Vulnerabilities |
CWE-918 | Server-Side Request Forgery (SSRF) | Vulnerabilities |
CWE-917 | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.