View: Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors

Stable

Type: Graph

Objective

CWE entries in this view are listed in the 2019 CWE Top 25 Most Dangerous Software Errors.

Audience

Type	Description
Software Developers	By following the Top 25, developers will be able to significantly reduce the number of weaknesses that occur in their software.
Product Customers	If a software developer claims to be following the Top 25, then customers can use the weaknesses in this view in order to formulate independent evidence of that claim.
Educators	Educators can use this view in multiple ways. For example, if there is a focus on teaching weaknesses, the educator could focus on the Top 25.

Relationships

Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors- (CWE-1200)

Improper Restriction of Operations within the Bounds of a Memory Buffer- (CWE-119)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')- (CWE-79)

Improper Input Validation- (CWE-20)

Exposure of Sensitive Information to an Unauthorized Actor- (CWE-200)

Out-of-bounds Read- (CWE-125)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')- (CWE-89)

Use After Free- (CWE-416)

Integer Overflow or Wraparound- (CWE-190)

Cross-Site Request Forgery (CSRF)- (CWE-352)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')- (CWE-22)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')- (CWE-78)

Out-of-bounds Write- (CWE-787)

Improper Authentication- (CWE-287)

NULL Pointer Dereference- (CWE-476)

Incorrect Permission Assignment for Critical Resource- (CWE-732)

Unrestricted Upload of File with Dangerous Type- (CWE-434)

Improper Restriction of XML External Entity Reference- (CWE-611)

Improper Control of Generation of Code ('Code Injection')- (CWE-94)

Use of Hard-coded Credentials- (CWE-798)

Uncontrolled Resource Consumption- (CWE-400)

Missing Release of Resource after Effective Lifetime- (CWE-772)

Untrusted Search Path- (CWE-426)

Deserialization of Untrusted Data- (CWE-502)

Improper Privilege Management- (CWE-269)

Improper Certificate Validation- (CWE-295)

Mapping Notes

Usage: Prohibited

Reasons: View

Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comment:

Use this View or other Views to search and navigate for the appropriate weakness.