View: Weaknesses for Simplified Mapping of Published Vulnerabilities

Incomplete

Type: Graph

Objective

CWE entries in this view (graph) may be used to categorize potential weaknesses within sources that handle public, third-party vulnerability information, such as the National Vulnerability Database (NVD). By design, this view is incomplete. It is limited to a small number of the most commonly-seen weaknesses, so that it is easier for humans to use. This view uses a shallow hierarchy of two levels in order to simplify the complex navigation of the entire CWE corpus.

Relationships

Weaknesses for Simplified Mapping of Published Vulnerabilities- (CWE-1003)

Improper Input Validation- (CWE-20)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')- (CWE-74)

Improper Encoding or Escaping of Output- (CWE-116)

Improper Restriction of Operations within the Bounds of a Memory Buffer- (CWE-119)

Exposure of Sensitive Information to an Unauthorized Actor- (CWE-200)

Improper Privilege Management- (CWE-269)

Improper Authentication- (CWE-287)

Missing Encryption of Sensitive Data- (CWE-311)

Inadequate Encryption Strength- (CWE-326)

Use of a Broken or Risky Cryptographic Algorithm- (CWE-327)

Use of Insufficiently Random Values- (CWE-330)

Insufficient Verification of Data Authenticity- (CWE-345)

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')- (CWE-362)

Uncontrolled Resource Consumption- (CWE-400)

Improper Resource Shutdown or Release- (CWE-404)

Inefficient Algorithmic Complexity- (CWE-407)

Interpretation Conflict- (CWE-436)

Externally Controlled Reference to a Resource in Another Sphere- (CWE-610)

Improper Synchronization- (CWE-662)

Improper Initialization- (CWE-665)

Exposure of Resource to Wrong Sphere- (CWE-668)

Incorrect Resource Transfer Between Spheres- (CWE-669)

Always-Incorrect Control Flow Implementation- (CWE-670)

Operation on a Resource after Expiration or Release- (CWE-672)

Uncontrolled Recursion- (CWE-674)

Incorrect Calculation- (CWE-682)

Incorrect Comparison- (CWE-697)

Incorrect Type Conversion or Cast- (CWE-704)

Use of Incorrectly-Resolved Name or Reference- (CWE-706)

Incorrect Permission Assignment for Critical Resource- (CWE-732)

Improper Check for Unusual or Exceptional Conditions- (CWE-754)

Improper Handling of Exceptional Conditions- (CWE-755)

Excessive Iteration- (CWE-834)

Missing Authorization- (CWE-862)

Incorrect Authorization- (CWE-863)

Improper Control of Dynamically-Managed Code Resources- (CWE-913)

Insecure Storage of Sensitive Information- (CWE-922)

Mapping Notes

Usage: Prohibited

Reasons: View

Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comment:

Use this View or other Views to search and navigate for the appropriate weakness.