the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   

CWE Definitions

Select   Select&Copy
CWE Number Name Number Of Related Vulnerabilities
366 Race Condition within a Thread 1
390 Detection of Error Condition Without Action 1
391 Unchecked Error Condition 1
395 Use of NullPointerException Catch to Detect NULL Pointer Dereference 1
398 Indicator of Poor Code Quality 1
409 Improper Handling of Highly Compressed Data (Data Amplification) 1
410 Insufficient Resource Pool 1
42 Path Equivalence: 'filename.' (Trailing Dot) 1
424 Failure to Protect Alternate Path 1
435 Interaction Error 1
451 UI Misrepresentation of Critical Information 1
455 Non-exit on Failed Initialization 1
456 Missing Initialization 1
475 Undefined Behavior for Input to API 1
485 Insufficient Encapsulation 1
506 Embedded Malicious Code 1
507 Trojan Horse 1
524 Information Leak Through Caching 1
525 Information Leak Through Browser Caching 1
527 Exposure of CVS Repository to an Unauthorized Control Sphere 1
539 Information Leak Through Persistent Cookies 1
540 Information Leak Through Source Code 1
551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization 1
562 Return of Stack Variable Address 1
567 Unsynchronized Access to Shared Data 1
571 Expression is Always True 1
573 Failure to Follow Specification 1
595 Comparison of Object References Instead of Object Contents 1
597 Use of Wrong Operator in String Comparison 1
598 Information Leak Through Query Strings in GET Request 1
602 Client-Side Enforcement of Server-Side Security 1
612 Information Leak Through Indexing of Private Data 1
614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute 1
628 Function Call with Incorrectly Specified Arguments 1
64 Windows Shortcut Following (.LNK) 1
641 Insufficient Filtering of File and Other Resource Names for Executable Content 1
643 Improper Neutralization of Data within XPath Expressions ('XPath injection') 1
644 Improper Neutralization of HTTP Headers for Scripting Syntax 1
646 Reliance on File Name or Extension of Externally-Supplied File 1
649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking 1
653 Insufficient Compartmentalization 1
671 Lack of Administrator Control over Security 1
684 Failure to Provide Specified Functionality 1
688 Function Call With Incorrect Variable or Reference as Argument 1
703 Failure to Handle Exceptional Conditions 1
710 Coding Standards Violation 1
756 Missing Custom Error Page 1
759 Use of a One-Way Hash without a Salt 1
774 Allocation of File Descriptors or Handles Without Limits or Throttling 1
775 Missing Release of File Descriptor or Handle after Effective Lifetime 1
Total number of cwe definitions : 668   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14
The CWE definitions are only provided as a quick reference.They are not complete and may not be up to date!
You must visit for a complete list of CWE entries and for more details.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.