View: Comprehensive Categorization for Software Assurance Trends
Draft
Type: Graph
Objective
Audience
| Type | Description |
|---|---|
| Academic Researchers | Researchers can use this view to evaluate the breadth and depth of software assurance with respect to mitigating and managing weaknesses before they become vulnerabilities. |
Relationships
Comprehensive Categorization: Access Control- (CWE-1396)
Plaintext Storage of a Password- (CWE-256)
Storing Passwords in a Recoverable Format- (CWE-257)
Empty Password in Configuration File- (CWE-258)
Use of Hard-coded Password- (CWE-259)
Password in Configuration File- (CWE-260)
Weak Encoding for Password- (CWE-261)
Not Using Password Aging- (CWE-262)
Password Aging with Long Expiration- (CWE-263)
Incorrect Privilege Assignment- (CWE-266)
Privilege Defined With Unsafe Actions- (CWE-267)
Privilege Chaining- (CWE-268)
Improper Privilege Management- (CWE-269)
Privilege Context Switching Error- (CWE-270)
Privilege Dropping / Lowering Errors- (CWE-271)
Least Privilege Violation- (CWE-272)
Improper Check for Dropped Privileges- (CWE-273)
Improper Handling of Insufficient Privileges- (CWE-274)
Incorrect Default Permissions- (CWE-276)
Insecure Inherited Permissions- (CWE-277)
Insecure Preserved Inherited Permissions- (CWE-278)
Incorrect Execution-Assigned Permissions- (CWE-279)
Improper Preservation of Permissions- (CWE-281)
Improper Ownership Management- (CWE-282)
Unverified Ownership- (CWE-283)
Improper Access Control- (CWE-284)
Improper Authorization- (CWE-285)
Incorrect User Management- (CWE-286)
Improper Authentication- (CWE-287)
Authentication Bypass by Alternate Name- (CWE-289)
Authentication Bypass by Spoofing- (CWE-290)
Reliance on IP Address for Authentication- (CWE-291)
Using Referer Field for Authentication- (CWE-293)
Authentication Bypass by Capture-replay- (CWE-294)
Improper Certificate Validation- (CWE-295)
Improper Check for Certificate Revocation- (CWE-299)
Channel Accessible by Non-Endpoint- (CWE-300)
Missing Critical Step in Authentication- (CWE-304)
Authentication Bypass by Primary Weakness- (CWE-305)
Missing Authentication for Critical Function- (CWE-306)
Use of Single-factor Authentication- (CWE-308)
Use of Hard-coded Cryptographic Key- (CWE-321)
Key Exchange without Entity Authentication- (CWE-322)
Session Fixation- (CWE-384)
Unprotected Primary Channel- (CWE-419)
Unprotected Alternate Channel- (CWE-420)
Direct Request ('Forced Browsing')- (CWE-425)
.NET Misconfiguration: Use of Impersonation- (CWE-520)
Weak Password Requirements- (CWE-521)
Insufficiently Protected Credentials- (CWE-522)
Unprotected Transport of Credentials- (CWE-523)
Missing Password Field Masking- (CWE-549)
Missing Validation of OpenSSL Certificate- (CWE-599)
Use of Client-Side Authentication- (CWE-603)
Insufficient Session Expiration- (CWE-613)
Unverified Password Change- (CWE-620)
Overly Restrictive Account Lockout Mechanism- (CWE-645)
Incorrect Use of Privileged APIs- (CWE-648)
Incorrect Ownership Assignment- (CWE-708)
Use of Hard-coded Credentials- (CWE-798)
Guessable CAPTCHA- (CWE-804)
Placement of User into Incorrect Group- (CWE-842)
Missing Authorization- (CWE-862)
Incorrect Authorization- (CWE-863)
Server-Side Request Forgery (SSRF)- (CWE-918)
Sensitive Cookie Without 'HttpOnly' Flag- (CWE-1004)
Insufficient Granularity of Access Control- (CWE-1220)
Improper Restriction of Write-Once Bit Fields- (CWE-1224)
Improper Prevention of Lock Bit Modification- (CWE-1231)
Improper Access Control for Register Interface- (CWE-1262)
Improper Physical Access Control- (CWE-1263)
Policy Uses Obsolete Encoding- (CWE-1267)
Generation of Incorrect Security Tokens- (CWE-1270)
Incorrect Decoding of Security Identifiers - (CWE-1290)
Incorrect Conversion of Security Identifiers- (CWE-1292)
Insecure Security Identifier Mechanism- (CWE-1294)
Improper Access Control in Fabric Bridge- (CWE-1317)
Improper Management of Sensitive Trace Data- (CWE-1323)
Weak Authentication- (CWE-1390)
Use of Weak Credentials- (CWE-1391)
Use of Default Credentials- (CWE-1392)
Use of Default Password- (CWE-1393)
Use of Default Cryptographic Key- (CWE-1394)
Comprehensive Categorization: Comparison- (CWE-1397)
Permissive List of Allowed Inputs- (CWE-183)
Incorrect Regular Expression- (CWE-185)
Overly Restrictive Regular Expression- (CWE-186)
Partial String Comparison- (CWE-187)
Comparison of Classes by Name- (CWE-486)
Use of Wrong Operator in String Comparison- (CWE-597)
Permissive Regular Expression- (CWE-625)
Incorrect Comparison- (CWE-697)
Regular Expression without Anchors- (CWE-777)
Incomplete Comparison with Missing Factors- (CWE-1023)
Comparison of Incompatible Types- (CWE-1024)
Comparison Using Wrong Factors- (CWE-1025)
Misinterpretation of Input- (CWE-115)
Interpretation Conflict- (CWE-436)
Incomplete Model of Endpoint Features- (CWE-437)
Insecure Automated Optimizations- (CWE-1038)
Comprehensive Categorization: Concurrency- (CWE-1401)
Race Condition Enabling Link Following- (CWE-363)
Signal Handler Race Condition- (CWE-364)
Race Condition within a Thread- (CWE-366)
Context Switching Race Condition- (CWE-368)
Unrestricted Externally Accessible Lock- (CWE-412)
Improper Resource Locking- (CWE-413)
Missing Lock Check- (CWE-414)
Call to Thread run() instead of start()- (CWE-572)
Double-Checked Locking- (CWE-609)
Improper Locking- (CWE-667)
Multiple Locks of a Critical Resource- (CWE-764)
Multiple Unlocks of a Critical Resource- (CWE-765)
Missing Synchronization- (CWE-820)
Incorrect Synchronization- (CWE-821)
Unlock of a Resource that is not Locked- (CWE-832)
Deadlock- (CWE-833)
Race Condition for Write-Once Attributes- (CWE-1223)
Hardware Logic Contains Race Conditions- (CWE-1298)
Comprehensive Categorization: Encryption- (CWE-1402)
Missing Encryption of Sensitive Data- (CWE-311)
Cleartext Storage of Sensitive Information- (CWE-312)
Cleartext Storage in a File or on Disk- (CWE-313)
Cleartext Storage in the Registry- (CWE-314)
Use of a Key Past its Expiration Date- (CWE-324)
Missing Cryptographic Step- (CWE-325)
Inadequate Encryption Strength- (CWE-326)
Use of Weak Hash- (CWE-328)
Use of a One-Way Hash without a Salt- (CWE-759)
Use of RSA Algorithm without OAEP- (CWE-780)
Reliance on HTTP instead of HTTPS- (CWE-1428)
Comprehensive Categorization: Exposed Resource- (CWE-1403)
External Control of File Name or Path- (CWE-73)
Process Control- (CWE-114)
Insecure Temporary File- (CWE-377)
Untrusted Search Path- (CWE-426)
Uncontrolled Search Path Element- (CWE-427)
Unquoted Search Path or Element- (CWE-428)
Unparsed Raw Web Content Delivery- (CWE-433)
Exposure of Data Element to Wrong Session- (CWE-488)
Use of Inner Class Containing Sensitive Data- (CWE-492)
Serializable Class Containing Sensitive Data- (CWE-499)
Public Static Field Not Marked Final- (CWE-500)
Array Declared Public, Final, and Static- (CWE-582)
finalize() Method Declared Public- (CWE-583)
External Control of Critical State Data- (CWE-642)
Exposure of Resource to Wrong Sphere- (CWE-668)
Binding to an Unrestricted IP Address- (CWE-1327)
Comprehensive Categorization: File Handling- (CWE-1404)
Relative Path Traversal- (CWE-23)
Path Traversal: '../filedir'- (CWE-24)
Path Traversal: '/../filedir'- (CWE-25)
Path Traversal: '/dir/../filename'- (CWE-26)
Path Traversal: 'dir/../../filename'- (CWE-27)
Path Traversal: '..\filedir'- (CWE-28)
Path Traversal: '\..\filename'- (CWE-29)
Path Traversal: '\dir\..\filename'- (CWE-30)
Path Traversal: 'dir\..\..\filename'- (CWE-31)
Path Traversal: '...' (Triple Dot)- (CWE-32)
Path Traversal: '....' (Multiple Dot)- (CWE-33)
Path Traversal: '....//'- (CWE-34)
Path Traversal: '.../...//'- (CWE-35)
Absolute Path Traversal- (CWE-36)
Path Traversal: 'C:dirname'- (CWE-39)
Improper Resolution of Path Equivalence- (CWE-41)
Path Equivalence: 'filedir*' (Wildcard)- (CWE-56)
Path Equivalence: Windows 8.3 Filename- (CWE-58)
UNIX Symbolic Link (Symlink) Following- (CWE-61)
UNIX Hard Link- (CWE-62)
Windows Shortcut Following (.LNK)- (CWE-64)
Windows Hard Link- (CWE-65)
Unchecked Return Value- (CWE-252)
Detection of Error Condition Without Action- (CWE-390)
Unchecked Error Condition- (CWE-391)
Unexpected Status Code or Return Value- (CWE-394)
Improper Handling of Exceptional Conditions- (CWE-755)
Missing Custom Error Page- (CWE-756)
Improper Handling of Single Event Upsets- (CWE-1261)
Improper Input Validation- (CWE-20)
Struts: Form Field Without Validator- (CWE-105)
Struts: Plug-in Framework not in Use- (CWE-106)
Struts: Unvalidated Action Form- (CWE-108)
Struts: Validator Turned Off- (CWE-109)
Missing XML Validation- (CWE-112)
Unchecked Input for Loop Condition- (CWE-606)
Improper Use of Validation Framework- (CWE-1173)
Improper Validation of Specified Type of Input- (CWE-1287)
Improper Validation of Consistency within Input- (CWE-1288)
Improper Encoding or Escaping of Output- (CWE-116)
Improper Output Neutralization for Logs- (CWE-117)
Improper Neutralization of Special Elements- (CWE-138)
Improper Neutralization of Delimiters- (CWE-140)
Improper Neutralization of Value Delimiters- (CWE-142)
Improper Neutralization of Record Delimiters- (CWE-143)
Improper Neutralization of Line Delimiters- (CWE-144)
Improper Neutralization of Input Terminators- (CWE-147)
Improper Neutralization of Input Leaders- (CWE-148)
Improper Neutralization of Quoting Syntax- (CWE-149)
Improper Neutralization of Macro Symbols- (CWE-152)
Improper Neutralization of Whitespace- (CWE-156)
Failure to Sanitize Paired Delimiters- (CWE-157)
Improper Handling of Missing Special Element- (CWE-166)
Improper Null Termination- (CWE-170)
Encoding Error- (CWE-172)
Improper Handling of Alternate Encoding- (CWE-173)
Double Decoding of the Same Data- (CWE-174)
Improper Handling of Mixed Encoding- (CWE-175)
Improper Handling of Unicode Encoding- (CWE-176)
Improper Handling of Values- (CWE-229)
Improper Handling of Missing Values- (CWE-230)
Improper Handling of Extra Values- (CWE-231)
Improper Handling of Undefined Values- (CWE-232)
Improper Handling of Parameters- (CWE-233)
Failure to Handle Missing Parameter- (CWE-234)
Improper Handling of Extra Parameters- (CWE-235)
Improper Handling of Undefined Parameters- (CWE-236)
Improper Handling of Structural Elements- (CWE-237)
Failure to Handle Incomplete Element- (CWE-239)
Improper Handling of Unexpected Data Type- (CWE-241)
Deletion of Data Structure Sentinel- (CWE-463)
Addition of Data Structure Sentinel- (CWE-464)
Improper Neutralization- (CWE-707)
Improper Filtering of Special Elements- (CWE-790)
Incomplete Filtering of Special Elements- (CWE-791)
Inappropriate Encoding for Output Context- (CWE-838)
Wrap-around Error- (CWE-128)
Integer Overflow or Wraparound- (CWE-190)
Integer Underflow (Wrap or Wraparound)- (CWE-191)
Off-by-one Error- (CWE-193)
Divide By Zero- (CWE-369)
Use of sizeof() on a Pointer Type- (CWE-467)
Incorrect Pointer Scaling- (CWE-468)
Use of Pointer Subtraction to Determine Size- (CWE-469)
Incorrect Calculation- (CWE-682)
Incorrect Bitwise Shift of Integer- (CWE-1335)
Comprehensive Categorization: Injection- (CWE-1409)
Doubled Character XSS Manipulations- (CWE-85)
Struts: Duplicate Validation Forms- (CWE-102)
SQL Injection: Hibernate- (CWE-564)
Variable Extraction Error- (CWE-621)
Executable Regular Expression Error- (CWE-624)
Dynamic Variable Evaluation- (CWE-627)
Incomplete Denylist to Cross-Site Scripting- (CWE-692)
Improper Validation of Generative AI Output- (CWE-1426)
Incorrect Behavior Order: Early Validation- (CWE-179)
Uncaught Exception- (CWE-248)
J2EE Bad Practices: Use of System.exit()- (CWE-382)
Declaration of Catch for Generic Exception- (CWE-396)
Declaration of Throws for Generic Exception- (CWE-397)
Deployment of Wrong Handler- (CWE-430)
Missing Handler- (CWE-431)
Non-exit on Failed Initialization- (CWE-455)
Use of Incorrect Operator- (CWE-480)
Assigning instead of Comparing- (CWE-481)
Comparing instead of Assigning- (CWE-482)
Incorrect Block Delimitation- (CWE-483)
Return Inside Finally Block- (CWE-584)
Uncaught Exception in Servlet - (CWE-600)
Reachable Assertion- (CWE-617)
Always-Incorrect Control Flow Implementation- (CWE-670)
Uncontrolled Recursion- (CWE-674)
Insufficient Control Flow Management- (CWE-691)
Incorrect Behavior Order- (CWE-696)
Execution After Redirect (EAR)- (CWE-698)
Incorrect Control Flow Scoping- (CWE-705)
Incorrect Short Circuit Evaluation- (CWE-768)
Operator Precedence Logic Error- (CWE-783)
Improper Control of Interaction Frequency- (CWE-799)
Excessive Iteration- (CWE-834)
Improper Enforcement of Behavioral Workflow- (CWE-841)
DMA Device Enabled Too Early in Boot Phase- (CWE-1190)
Origin Validation Error- (CWE-346)
Use of Less Trusted Source- (CWE-348)
Insufficient Type Distinction- (CWE-351)
Cross-Site Request Forgery (CSRF)- (CWE-352)
Missing Support for Integrity Check- (CWE-353)
Improper Validation of Integrity Check Value- (CWE-354)
Trust of System Event Data- (CWE-360)
Download of Code Without Integrity Check- (CWE-494)
Missing Origin Validation in WebSockets- (CWE-1385)
Comprehensive Categorization: Memory Safety- (CWE-1399)
Stack-based Buffer Overflow- (CWE-121)
Heap-based Buffer Overflow- (CWE-122)
Write-what-where Condition- (CWE-123)
Buffer Underwrite ('Buffer Underflow')- (CWE-124)
Out-of-bounds Read- (CWE-125)
Buffer Over-read- (CWE-126)
Buffer Under-read- (CWE-127)
Improper Validation of Array Index- (CWE-129)
Incorrect Calculation of Buffer Size- (CWE-131)
Use of Externally-Controlled Format String- (CWE-134)
Reliance on Data/Memory Layout- (CWE-188)
Use of Incorrect Byte Ordering- (CWE-198)
Double Free- (CWE-415)
Use After Free- (CWE-416)
Return of Stack Variable Address- (CWE-562)
Assignment of a Fixed Address to a Pointer- (CWE-587)
Free of Memory not on the Heap- (CWE-590)
Integer Overflow to Buffer Overflow- (CWE-680)
Free of Pointer not at Start of Buffer- (CWE-761)
Mismatched Memory Management Routines- (CWE-762)
Release of Invalid Pointer or Reference- (CWE-763)
Out-of-bounds Write- (CWE-787)
Memory Allocation with Excessive Size Value- (CWE-789)
Buffer Access with Incorrect Length Value- (CWE-805)
Buffer Access Using Size of Source Buffer- (CWE-806)
Untrusted Pointer Dereference- (CWE-822)
Use of Out-of-range Pointer Offset- (CWE-823)
Access of Uninitialized Pointer- (CWE-824)
Expired Pointer Dereference- (CWE-825)
Struts: Unused Validation Form- (CWE-107)
Struts: Validator Without Form Field- (CWE-110)
Direct Use of Unsafe JNI- (CWE-111)
Use of Inherently Dangerous Function- (CWE-242)
J2EE Bad Practices: Direct Use of Sockets- (CWE-246)
Incorrect Check of Function Return Value- (CWE-253)
J2EE Bad Practices: Direct Use of Threads- (CWE-383)
Missing Report of Error Condition- (CWE-392)
Return of Wrong Status Code- (CWE-393)
Expected Behavior Violation- (CWE-440)
UI Discrepancy for Security Feature- (CWE-446)
Obsolete Feature in UI- (CWE-448)
The UI Performs the Wrong Action- (CWE-449)
Duplicate Key in Associative List (Alist)- (CWE-462)
Undefined Behavior for Input to API- (CWE-475)
NULL Pointer Dereference- (CWE-476)
Use of Obsolete Function- (CWE-477)
Omitted Break Statement in Switch- (CWE-484)
Active Debug Code- (CWE-489)
Embedded Malicious Code- (CWE-506)
Trojan Horse- (CWE-507)
Non-Replicating Malicious Code- (CWE-508)
Replicating Malicious Code (Virus or Worm)- (CWE-509)
Trapdoor- (CWE-510)
Logic/Time Bomb- (CWE-511)
Spyware- (CWE-512)
Suspicious Comment- (CWE-546)
Use of umask() with chmod-style Argument- (CWE-560)
Dead Code- (CWE-561)
Assignment to Variable without Use- (CWE-563)
Expression is Always False- (CWE-570)
Expression is Always True- (CWE-571)
EJB Bad Practices: Use of AWT Swing- (CWE-575)
EJB Bad Practices: Use of Java I/O- (CWE-576)
EJB Bad Practices: Use of Sockets- (CWE-577)
EJB Bad Practices: Use of Class Loader- (CWE-578)
Empty Synchronized Block- (CWE-585)
Explicit Call to Finalize()- (CWE-586)
Call to Non-ubiquitous API- (CWE-589)
Multiple Binds to the Same Port- (CWE-605)
Use of Potentially Dangerous Function- (CWE-676)
Function Call With Incorrect Argument Type- (CWE-686)
Use of Low-Level Functionality- (CWE-695)
Improper Adherence to Coding Standards- (CWE-710)
Critical Data Element Declared Public- (CWE-766)
Hidden Functionality- (CWE-912)
Use of Redundant Code- (CWE-1041)
Modules with Circular Dependencies- (CWE-1047)
Missing Documentation for Design- (CWE-1053)
Multiple Inheritance from Concrete Classes- (CWE-1055)
Insufficient Technical Documentation- (CWE-1059)
Insufficient Encapsulation- (CWE-1061)
Parent Class with References to Child Class- (CWE-1062)
Missing Serialization Control Element- (CWE-1066)
Empty Exception Block- (CWE-1069)
Empty Code Block- (CWE-1071)
Class with Excessively Deep Inheritance- (CWE-1074)
Insufficient Adherence to Expected Conventions- (CWE-1076)
Inappropriate Source Code Style or Formatting- (CWE-1078)
Parent Class without Virtual Destructor Method- (CWE-1079)
Class Instance Self Destruction Control Element- (CWE-1082)
Class with Excessive Number of Child Classes- (CWE-1086)
Excessively Complex Data Representation- (CWE-1093)
Loop Condition Value Update within the Loop- (CWE-1095)
Inconsistent Naming Conventions for Identifiers- (CWE-1099)
Reliance on Runtime Component in Generated Code- (CWE-1101)
Use of Platform-Dependent Third Party Components- (CWE-1103)
Insufficient Use of Symbolic Constants- (CWE-1106)
Excessive Reliance on Global Variables- (CWE-1108)
Use of Same Variable for Multiple Purposes- (CWE-1109)
Incomplete Design Documentation- (CWE-1110)
Incomplete I/O Documentation- (CWE-1111)
Incomplete Documentation of Program Execution- (CWE-1112)
Inappropriate Comment Style- (CWE-1113)
Inappropriate Whitespace Style- (CWE-1114)
Source Code Element without Standard Prologue- (CWE-1115)
Inaccurate Comments- (CWE-1116)
Callable with Insufficient Behavioral Summary- (CWE-1117)
Excessive Use of Unconditional Branching- (CWE-1119)
Excessive Code Complexity- (CWE-1120)
Excessive McCabe Cyclomatic Complexity- (CWE-1121)
Excessive Halstead Complexity- (CWE-1122)
Excessive Use of Self-Modifying Code- (CWE-1123)
Excessively Deep Nesting- (CWE-1124)
Excessive Attack Surface- (CWE-1125)
Compilation with Insufficient Warnings or Errors- (CWE-1127)
Irrelevant Code- (CWE-1164)
Use of Prohibited Code- (CWE-1177)
Failure to Disable Reserved Bits- (CWE-1209)
Multiple Releases of Same Resource or Handle- (CWE-1341)
Reliance on Insufficiently Trustworthy Component- (CWE-1357)
Collapse of Data into Unsafe Value- (CWE-182)
Incomplete List of Disallowed Inputs- (CWE-184)
Truncation of Security-relevant Information- (CWE-222)
Omission of Security-relevant Information- (CWE-223)
Multiple Interpretations of UI Input- (CWE-450)
Protection Mechanism Failure- (CWE-693)
Insufficient Logging- (CWE-778)
Incorrect Selection of Fuse Values- (CWE-1253)
Product Released in Non-Release Configuration- (CWE-1269)
Missing Immutable Root of Trust in Hardware- (CWE-1326)
Comprehensive Categorization: Randomness- (CWE-1414)
Reusing a Nonce, Key Pair in Encryption- (CWE-323)
Generation of Predictable IV with CBC Mode- (CWE-329)
Use of Insufficiently Random Values- (CWE-330)
Insufficient Entropy- (CWE-331)
Insufficient Entropy in PRNG- (CWE-332)
Small Space of Random Values- (CWE-334)
Small Seed Space in PRNG- (CWE-339)
Predictable from Observable State- (CWE-341)
Predictable Exact Value from Previous Values- (CWE-342)
Predictable Value Range from Previous Values- (CWE-343)
Generation of Weak Initialization Vector (IV)- (CWE-1204)
Comprehensive Categorization: Resource Control- (CWE-1415)
Covert Timing Channel- (CWE-385)
PHP External Variable Modification- (CWE-473)
Deserialization of Untrusted Data- (CWE-502)
Covert Channel- (CWE-514)
Covert Storage Channel- (CWE-515)
Use of Expired File Descriptor- (CWE-910)
Use of Unmaintained Third Party Components- (CWE-1104)
Mirrored Regions with Different Values- (CWE-1251)
Firmware Not Updateable- (CWE-1277)
Missing Ability to Patch ROM Code- (CWE-1310)
Reliance on Component That is Not Updateable- (CWE-1329)
Improper Handling of Case Sensitivity- (CWE-178)
Integer Coercion Error- (CWE-192)
Unexpected Sign Extension- (CWE-194)
Signed to Unsigned Conversion Error- (CWE-195)
Unsigned to Signed Conversion Error- (CWE-196)
Numeric Truncation Error- (CWE-197)
Information Loss or Omission- (CWE-221)
Incomplete Internal State Distinction- (CWE-372)
Symbolic Name not Mapping to Correct Object- (CWE-386)
Uncontrolled Resource Consumption- (CWE-400)
Improper Resource Shutdown or Release- (CWE-404)
Inefficient Algorithmic Complexity- (CWE-407)
Insufficient Resource Pool- (CWE-410)
Insecure Default Variable Initialization- (CWE-453)
Missing Initialization of a Variable- (CWE-456)
Use of Uninitialized Variable- (CWE-457)
Incomplete Cleanup- (CWE-459)
Improper Cleanup on Thrown Exception- (CWE-460)
Reliance on Package-level Scope- (CWE-487)
Trust Boundary Violation- (CWE-501)
finalize() Method Without super.finalize()- (CWE-568)
clone() Method Without super.clone()- (CWE-580)
Exposed Unsafe ActiveX Method- (CWE-618)
Improper Synchronization- (CWE-662)
Improper Initialization- (CWE-665)
Incorrect Resource Transfer Between Spheres- (CWE-669)
External Influence of Sphere Definition- (CWE-673)
Incorrect Conversion between Numeric Types- (CWE-681)
Incorrect Type Conversion or Cast- (CWE-704)
Exposed Dangerous Method or Function- (CWE-749)
Logging of Excessive Data- (CWE-779)
Improper Control of Document Type Definition- (CWE-827)
Use of Uninitialized Resource- (CWE-908)
Missing Initialization of Resource- (CWE-909)
Improper Update of Reference Count- (CWE-911)
Improper Restriction of Power Consumption- (CWE-920)
Insecure Storage of Sensitive Information- (CWE-922)
Use of Object without Invoking Destructor Method- (CWE-1091)
Excessive Index Range Scan for a Data Resource- (CWE-1094)
Inefficient CPU Computation- (CWE-1176)
Incorrect Register Defaults or Module Parameters- (CWE-1221)
Creation of Emergent Resource- (CWE-1229)
Improper Zeroization of Hardware Register- (CWE-1239)
Remanent Data Readable after Memory Erase- (CWE-1330)
Inefficient Regular Expression Complexity- (CWE-1333)
Incorrect Initialization of Resource- (CWE-1419)
Observable Discrepancy- (CWE-203)
Observable Response Discrepancy- (CWE-204)
Observable Behavioral Discrepancy- (CWE-205)
Observable Internal Behavioral Discrepancy- (CWE-206)
Observable Timing Discrepancy- (CWE-208)
Incorrect Comparison Logic Granularity- (CWE-1254)
Device Unlock Credential Sharing- (CWE-1273)
Debug Messages Revealing Unnecessary Information- (CWE-1295)
Improper Protection of Physical Side Channels- (CWE-1300)
Execution with Unnecessary Privileges- (CWE-250)
Improper Protection of Alternate Path- (CWE-424)
Unimplemented or Unsupported Feature in UI- (CWE-447)
Not Failing Securely ('Failing Open')- (CWE-636)
Not Using Complete Mediation- (CWE-638)
Improper Isolation or Compartmentalization- (CWE-653)
Insufficient Psychological Acceptability- (CWE-655)
Reliance on Security Through Obscurity- (CWE-656)
Violation of Secure Design Principles- (CWE-657)
Lack of Administrator Control over Security- (CWE-671)
Dependency on Vulnerable Third-Party Component- (CWE-1395)
Mapping Notes
Usage: Prohibited
Reasons: View
Rationale:
This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.
Comment:
Use this View or other Views to search and navigate for the appropriate weakness.