MITRE's CWE (Common Weakness Enumeration)

Overview

CodeSonar's advanced static analysis engine automatically detects over 100 types of security vulnerabilities in your code, allowing you to accurately and efficiently eliminate risks of security breaches.

CodeSonar's warning classes also support several coding initiatives, including the CWE, in order to make compliance with industry standards efficient and effective during software development.

Common Weakness Enumeration (CWE)

CodeSecure's CodeSonar is certified as CWE-Compatible, recognizing that it supports the CWE to the highest level currently recognized by the organization.

The CWE is a list of software weaknesses and security vulnerabilities. This international list allows clear communication between different parties with interests in computer security, including researchers, tool designers, and users. More information can be found using the following link.

Relevant Warning Classes

The following accordion shows the CodeSonar warning classes that are associated with CWE rules and which uses CWE 4.12, published June 29, 2023.

Mapping Tables

Mapping Summary

  Supported All Percent Coverage
All 797 1426 55.9%

Mapping Detail

Rule Rule Name Supported
CWE:1 DEPRECATED: Location No
CWE:2 7PK - Environment Yes
CWE:3 DEPRECATED: Technology-specific Environment Issues No
CWE:4 DEPRECATED: J2EE Environment Issues No
CWE:5 J2EE Misconfiguration: Data Transmission Without Encryption Yes
CWE:6 J2EE Misconfiguration: Insufficient Session-ID Length No
CWE:7 J2EE Misconfiguration: Missing Custom Error Page Yes
CWE:8 J2EE Misconfiguration: Entity Bean Declared Remote No
CWE:9 J2EE Misconfiguration: Weak Access Permissions for EJB Methods No
CWE:10 DEPRECATED: ASP.NET Environment Issues No
CWE:11 ASP.NET Misconfiguration: Creating Debug Binary No
CWE:12 ASP.NET Misconfiguration: Missing Custom Error Page No
CWE:13 ASP.NET Misconfiguration: Password in Configuration File No
CWE:14 Compiler Removal of Code to Clear Buffers Yes
CWE:15 External Control of System or Configuration Setting Yes
CWE:16 Configuration No
CWE:17 DEPRECATED: Code No
CWE:18 DEPRECATED: Source Code No
CWE:19 Data Processing Errors Yes
CWE:20 Improper Input Validation Yes
CWE:21 DEPRECATED: Pathname Traversal and Equivalence Errors No
CWE:22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Yes
CWE:23 Relative Path Traversal Yes
CWE:24 Path Traversal: '../filedir' Yes
CWE:25 Path Traversal: '/../filedir' Yes
CWE:26 Path Traversal: '/dir/../filename' Yes
CWE:27 Path Traversal: 'dir/../../filename' Yes
CWE:28 Path Traversal: '..\filedir' Yes
CWE:29 Path Traversal: '\..\filename' Yes
CWE:30 Path Traversal: '\dir\..\filename' Yes
CWE:31 Path Traversal: 'dir\..\..\filename' Yes
CWE:32 Path Traversal: '...' (Triple Dot) Yes
CWE:33 Path Traversal: '....' (Multiple Dot) Yes
CWE:34 Path Traversal: '....//' Yes
CWE:35 Path Traversal: '.../...//' Yes
CWE:36 Absolute Path Traversal Yes
CWE:37 Path Traversal: '/absolute/pathname/here' Yes
CWE:38 Path Traversal: '\absolute\pathname\here' Yes
CWE:39 Path Traversal: 'C:dirname' Yes
CWE:40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share) Yes
CWE:41 Improper Resolution of Path Equivalence No
CWE:42 Path Equivalence: 'filename.' (Trailing Dot) No
CWE:43 Path Equivalence: 'filename....' (Multiple Trailing Dot) No
CWE:44 Path Equivalence: 'file.name' (Internal Dot) No
CWE:45 Path Equivalence: 'file...name' (Multiple Internal Dot) No
CWE:46 Path Equivalence: 'filename ' (Trailing Space) No
CWE:47 Path Equivalence: ' filename' (Leading Space) No
CWE:48 Path Equivalence: 'file name' (Internal Whitespace) No
CWE:49 Path Equivalence: 'filename/' (Trailing Slash) No
CWE:50 Path Equivalence: '//multiple/leading/slash' No
CWE:51 Path Equivalence: '/multiple//internal/slash' No
CWE:52 Path Equivalence: '/multiple/trailing/slash//' No
CWE:53 Path Equivalence: '\multiple\\internal\backslash' No
CWE:54 Path Equivalence: 'filedir\' (Trailing Backslash) No
CWE:55 Path Equivalence: '/./' (Single Dot Directory) No
CWE:56 Path Equivalence: 'filedir*' (Wildcard) No
CWE:57 Path Equivalence: 'fakedir/../realdir/filename' No
CWE:58 Path Equivalence: Windows 8.3 Filename No
CWE:59 Improper Link Resolution Before File Access ('Link Following') No
CWE:60 DEPRECATED: UNIX Path Link Problems No
CWE:61 UNIX Symbolic Link (Symlink) Following No
CWE:62 UNIX Hard Link No
CWE:63 DEPRECATED: Windows Path Link Problems No
CWE:64 Windows Shortcut Following (.LNK) No
CWE:65 Windows Hard Link No
CWE:66 Improper Handling of File Names that Identify Virtual Resources No
CWE:67 Improper Handling of Windows Device Names No
CWE:68 DEPRECATED: Windows Virtual File Problems No
CWE:69 Improper Handling of Windows ::DATA Alternate Data Stream No
CWE:70 DEPRECATED: Mac Virtual File Problems No
CWE:71 DEPRECATED: Apple '.DS_Store' No
CWE:72 Improper Handling of Apple HFS+ Alternate Data Stream Path No
CWE:73 External Control of File Name or Path Yes
CWE:74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Yes
CWE:75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) No
CWE:76 Improper Neutralization of Equivalent Special Elements No
CWE:77 Improper Neutralization of Special Elements used in a Command ('Command Injection') Yes
CWE:78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Yes
CWE:79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Yes
CWE:80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) No
CWE:81 Improper Neutralization of Script in an Error Message Web Page Yes
CWE:82 Improper Neutralization of Script in Attributes of IMG Tags in a Web Page No
CWE:83 Improper Neutralization of Script in Attributes in a Web Page No
CWE:84 Improper Neutralization of Encoded URI Schemes in a Web Page No
CWE:85 Doubled Character XSS Manipulations No
CWE:86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages No
CWE:87 Improper Neutralization of Alternate XSS Syntax No
CWE:88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Yes
CWE:89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Yes
CWE:90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') Yes
CWE:91 XML Injection (aka Blind XPath Injection) Yes
CWE:92 DEPRECATED: Improper Sanitization of Custom Special Characters No
CWE:93 Improper Neutralization of CRLF Sequences ('CRLF Injection') Yes
CWE:94 Improper Control of Generation of Code ('Code Injection') Yes
CWE:95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Yes
CWE:96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') No
CWE:97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page No
CWE:98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') No
CWE:99 Improper Control of Resource Identifiers ('Resource Injection') Yes
CWE:100 DEPRECATED: Technology-Specific Input Validation Problems No
CWE:101 DEPRECATED: Struts Validation Problems No
CWE:102 Struts: Duplicate Validation Forms No
CWE:103 Struts: Incomplete validate() Method Definition Yes
CWE:104 Struts: Form Bean Does Not Extend Validation Class No
CWE:105 Struts: Form Field Without Validator No
CWE:106 Struts: Plug-in Framework not in Use No
CWE:107 Struts: Unused Validation Form No
CWE:108 Struts: Unvalidated Action Form No
CWE:109 Struts: Validator Turned Off No
CWE:110 Struts: Validator Without Form Field No
CWE:111 Direct Use of Unsafe JNI No
CWE:112 Missing XML Validation No
CWE:113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') Yes
CWE:114 Process Control Yes
CWE:115 Misinterpretation of Input No
CWE:116 Improper Encoding or Escaping of Output Yes
CWE:117 Improper Output Neutralization for Logs Yes
CWE:118 Incorrect Access of Indexable Resource ('Range Error') Yes
CWE:119 Improper Restriction of Operations within the Bounds of a Memory Buffer Yes
CWE:120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Yes
CWE:121 Stack-based Buffer Overflow Yes
CWE:122 Heap-based Buffer Overflow Yes
CWE:123 Write-what-where Condition Yes
CWE:124 Buffer Underwrite ('Buffer Underflow') Yes
CWE:125 Out-of-bounds Read Yes
CWE:126 Buffer Over-read Yes
CWE:127 Buffer Under-read Yes
CWE:128 Wrap-around Error Yes
CWE:129 Improper Validation of Array Index Yes
CWE:130 Improper Handling of Length Parameter Inconsistency Yes
CWE:131 Incorrect Calculation of Buffer Size Yes
CWE:132 DEPRECATED: Miscalculated Null Termination No
CWE:133 String Errors Yes
CWE:134 Use of Externally-Controlled Format String Yes
CWE:135 Incorrect Calculation of Multi-Byte String Length Yes
CWE:136 Type Errors Yes
CWE:137 Data Neutralization Issues Yes
CWE:138 Improper Neutralization of Special Elements Yes
CWE:139 DEPRECATED: General Special Element Problems No
CWE:140 Improper Neutralization of Delimiters No
CWE:141 Improper Neutralization of Parameter/Argument Delimiters No
CWE:142 Improper Neutralization of Value Delimiters No
CWE:143 Improper Neutralization of Record Delimiters No
CWE:144 Improper Neutralization of Line Delimiters No
CWE:145 Improper Neutralization of Section Delimiters No
CWE:146 Improper Neutralization of Expression/Command Delimiters No
CWE:147 Improper Neutralization of Input Terminators Yes
CWE:148 Improper Neutralization of Input Leaders No
CWE:149 Improper Neutralization of Quoting Syntax No
CWE:150 Improper Neutralization of Escape, Meta, or Control Sequences No
CWE:151 Improper Neutralization of Comment Delimiters No
CWE:152 Improper Neutralization of Macro Symbols No
CWE:153 Improper Neutralization of Substitution Characters No
CWE:154 Improper Neutralization of Variable Name Delimiters No
CWE:155 Improper Neutralization of Wildcards or Matching Symbols No
CWE:156 Improper Neutralization of Whitespace No
CWE:157 Failure to Sanitize Paired Delimiters No
CWE:158 Improper Neutralization of Null Byte or NUL Character No
CWE:159 Improper Handling of Invalid Use of Special Elements No
CWE:160 Improper Neutralization of Leading Special Elements No
CWE:161 Improper Neutralization of Multiple Leading Special Elements No
CWE:162 Improper Neutralization of Trailing Special Elements No
CWE:163 Improper Neutralization of Multiple Trailing Special Elements No
CWE:164 Improper Neutralization of Internal Special Elements No
CWE:165 Improper Neutralization of Multiple Internal Special Elements No
CWE:166 Improper Handling of Missing Special Element No
CWE:167 Improper Handling of Additional Special Element No
CWE:168 Improper Handling of Inconsistent Special Elements No
CWE:169 DEPRECATED: Technology-Specific Special Elements No
CWE:170 Improper Null Termination Yes
CWE:171 DEPRECATED: Cleansing, Canonicalization, and Comparison Errors No
CWE:172 Encoding Error No
CWE:173 Improper Handling of Alternate Encoding No
CWE:174 Double Decoding of the Same Data No
CWE:175 Improper Handling of Mixed Encoding No
CWE:176 Improper Handling of Unicode Encoding No
CWE:177 Improper Handling of URL Encoding (Hex Encoding) No
CWE:178 Improper Handling of Case Sensitivity No
CWE:179 Incorrect Behavior Order: Early Validation No
CWE:180 Incorrect Behavior Order: Validate Before Canonicalize No
CWE:181 Incorrect Behavior Order: Validate Before Filter No
CWE:182 Collapse of Data into Unsafe Value No
CWE:183 Permissive List of Allowed Inputs No
CWE:184 Incomplete List of Disallowed Inputs No
CWE:185 Incorrect Regular Expression No
CWE:186 Overly Restrictive Regular Expression No
CWE:187 Partial String Comparison No
CWE:188 Reliance on Data/Memory Layout Yes
CWE:189 Numeric Errors Yes
CWE:190 Integer Overflow or Wraparound Yes
CWE:191 Integer Underflow (Wrap or Wraparound) Yes
CWE:192 Integer Coercion Error Yes
CWE:193 Off-by-one Error Yes
CWE:194 Unexpected Sign Extension Yes
CWE:195 Signed to Unsigned Conversion Error Yes
CWE:196 Unsigned to Signed Conversion Error Yes
CWE:197 Numeric Truncation Error Yes
CWE:198 Use of Incorrect Byte Ordering No
CWE:199 Information Management Errors Yes
CWE:200 Exposure of Sensitive Information to an Unauthorized Actor Yes
CWE:201 Insertion of Sensitive Information Into Sent Data Yes
CWE:202 Exposure of Sensitive Information Through Data Queries No
CWE:203 Observable Discrepancy Yes
CWE:204 Observable Response Discrepancy No
CWE:205 Observable Behavioral Discrepancy No
CWE:206 Observable Internal Behavioral Discrepancy No
CWE:207 Observable Behavioral Discrepancy With Equivalent Products No
CWE:208 Observable Timing Discrepancy No
CWE:209 Generation of Error Message Containing Sensitive Information Yes
CWE:210 Self-generated Error Message Containing Sensitive Information No
CWE:211 Externally-Generated Error Message Containing Sensitive Information Yes
CWE:212 Improper Removal of Sensitive Information Before Storage or Transfer Yes
CWE:213 Exposure of Sensitive Information Due to Incompatible Policies No
CWE:214 Invocation of Process Using Visible Sensitive Information No
CWE:215 Insertion of Sensitive Information Into Debugging Code No
CWE:216 DEPRECATED: Containment Errors (Container Errors) No
CWE:217 DEPRECATED: Failure to Protect Stored Data from Modification No
CWE:218 DEPRECATED: Failure to provide confidentiality for stored data No
CWE:219 Storage of File with Sensitive Data Under Web Root No
CWE:220 Storage of File With Sensitive Data Under FTP Root No
CWE:221 Information Loss or Omission Yes
CWE:222 Truncation of Security-relevant Information No
CWE:223 Omission of Security-relevant Information No
CWE:224 Obscured Security-relevant Information by Alternate Name No
CWE:225 DEPRECATED: General Information Management Problems No
CWE:226 Sensitive Information in Resource Not Removed Before Reuse Yes
CWE:227 7PK - API Abuse Yes
CWE:228 Improper Handling of Syntactically Invalid Structure Yes
CWE:229 Improper Handling of Values Yes
CWE:230 Improper Handling of Missing Values Yes
CWE:231 Improper Handling of Extra Values Yes
CWE:232 Improper Handling of Undefined Values Yes
CWE:233 Improper Handling of Parameters No
CWE:234 Failure to Handle Missing Parameter No
CWE:235 Improper Handling of Extra Parameters No
CWE:236 Improper Handling of Undefined Parameters No
CWE:237 Improper Handling of Structural Elements Yes
CWE:238 Improper Handling of Incomplete Structural Elements Yes
CWE:239 Failure to Handle Incomplete Element Yes
CWE:240 Improper Handling of Inconsistent Structural Elements Yes
CWE:241 Improper Handling of Unexpected Data Type Yes
CWE:242 Use of Inherently Dangerous Function Yes
CWE:243 Creation of chroot Jail Without Changing Working Directory Yes
CWE:244 Improper Clearing of Heap Memory Before Release ('Heap Inspection') Yes
CWE:245 J2EE Bad Practices: Direct Management of Connections No
CWE:246 J2EE Bad Practices: Direct Use of Sockets No
CWE:247 DEPRECATED: Reliance on DNS Lookups in a Security Decision No
CWE:248 Uncaught Exception Yes
CWE:249 DEPRECATED: Often Misused: Path Manipulation No
CWE:250 Execution with Unnecessary Privileges No
CWE:251 Often Misused: String Management Yes
CWE:252 Unchecked Return Value Yes
CWE:253 Incorrect Check of Function Return Value Yes
CWE:254 7PK - Security Features Yes
CWE:255 Credentials Management Errors Yes
CWE:256 Plaintext Storage of a Password Yes
CWE:257 Storing Passwords in a Recoverable Format No
CWE:258 Empty Password in Configuration File No
CWE:259 Use of Hard-coded Password Yes
CWE:260 Password in Configuration File No
CWE:261 Weak Encoding for Password No
CWE:262 Not Using Password Aging No
CWE:263 Password Aging with Long Expiration No
CWE:264 Permissions, Privileges, and Access Controls No
CWE:265 Privilege Issues Yes
CWE:266 Incorrect Privilege Assignment Yes
CWE:267 Privilege Defined With Unsafe Actions No
CWE:268 Privilege Chaining No
CWE:269 Improper Privilege Management Yes
CWE:270 Privilege Context Switching Error No
CWE:271 Privilege Dropping / Lowering Errors No
CWE:272 Least Privilege Violation No
CWE:273 Improper Check for Dropped Privileges No
CWE:274 Improper Handling of Insufficient Privileges Yes
CWE:275 Permission Issues Yes
CWE:276 Incorrect Default Permissions No
CWE:277 Insecure Inherited Permissions No
CWE:278 Insecure Preserved Inherited Permissions No
CWE:279 Incorrect Execution-Assigned Permissions No
CWE:280 Improper Handling of Insufficient Permissions or Privileges Yes
CWE:281 Improper Preservation of Permissions Yes
CWE:282 Improper Ownership Management No
CWE:283 Unverified Ownership No
CWE:284 Improper Access Control Yes
CWE:285 Improper Authorization Yes
CWE:286 Incorrect User Management No
CWE:287 Improper Authentication Yes
CWE:288 Authentication Bypass Using an Alternate Path or Channel No
CWE:289 Authentication Bypass by Alternate Name No
CWE:290 Authentication Bypass by Spoofing Yes
CWE:291 Reliance on IP Address for Authentication No
CWE:292 DEPRECATED: Trusting Self-reported DNS Name No
CWE:293 Using Referer Field for Authentication No
CWE:294 Authentication Bypass by Capture-replay No
CWE:295 Improper Certificate Validation Yes
CWE:296 Improper Following of a Certificate's Chain of Trust No
CWE:297 Improper Validation of Certificate with Host Mismatch No
CWE:298 Improper Validation of Certificate Expiration No
CWE:299 Improper Check for Certificate Revocation No
CWE:300 Channel Accessible by Non-Endpoint No
CWE:301 Reflection Attack in an Authentication Protocol No
CWE:302 Authentication Bypass by Assumed-Immutable Data No
CWE:303 Incorrect Implementation of Authentication Algorithm No
CWE:304 Missing Critical Step in Authentication No
CWE:305 Authentication Bypass by Primary Weakness No
CWE:306 Missing Authentication for Critical Function No
CWE:307 Improper Restriction of Excessive Authentication Attempts No
CWE:308 Use of Single-factor Authentication No
CWE:309 Use of Password System for Primary Authentication No
CWE:310 Cryptographic Issues Yes
CWE:311 Missing Encryption of Sensitive Data Yes
CWE:312 Cleartext Storage of Sensitive Information Yes
CWE:313 Cleartext Storage in a File or on Disk Yes
CWE:314 Cleartext Storage in the Registry No
CWE:315 Cleartext Storage of Sensitive Information in a Cookie No
CWE:316 Cleartext Storage of Sensitive Information in Memory Yes
CWE:317 Cleartext Storage of Sensitive Information in GUI No
CWE:318 Cleartext Storage of Sensitive Information in Executable Yes
CWE:319 Cleartext Transmission of Sensitive Information Yes
CWE:320 Key Management Errors Yes
CWE:321 Use of Hard-coded Cryptographic Key Yes
CWE:322 Key Exchange without Entity Authentication No
CWE:323 Reusing a Nonce, Key Pair in Encryption Yes
CWE:324 Use of a Key Past its Expiration Date No
CWE:325 Missing Cryptographic Step Yes
CWE:326 Inadequate Encryption Strength Yes
CWE:327 Use of a Broken or Risky Cryptographic Algorithm Yes
CWE:328 Use of Weak Hash Yes
CWE:329 Generation of Predictable IV with CBC Mode No
CWE:330 Use of Insufficiently Random Values Yes
CWE:331 Insufficient Entropy Yes
CWE:332 Insufficient Entropy in PRNG Yes
CWE:333 Improper Handling of Insufficient Entropy in TRNG No
CWE:334 Small Space of Random Values Yes
CWE:335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) Yes
CWE:336 Same Seed in Pseudo-Random Number Generator (PRNG) Yes
CWE:337 Predictable Seed in Pseudo-Random Number Generator (PRNG) Yes
CWE:338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Yes
CWE:339 Small Seed Space in PRNG Yes
CWE:340 Generation of Predictable Numbers or Identifiers Yes
CWE:341 Predictable from Observable State Yes
CWE:342 Predictable Exact Value from Previous Values Yes
CWE:343 Predictable Value Range from Previous Values Yes
CWE:344 Use of Invariant Value in Dynamically Changing Context Yes
CWE:345 Insufficient Verification of Data Authenticity Yes
CWE:346 Origin Validation Error No
CWE:347 Improper Verification of Cryptographic Signature No
CWE:348 Use of Less Trusted Source No
CWE:349 Acceptance of Extraneous Untrusted Data With Trusted Data Yes
CWE:350 Reliance on Reverse DNS Resolution for a Security-Critical Action Yes
CWE:351 Insufficient Type Distinction No
CWE:352 Cross-Site Request Forgery (CSRF) No
CWE:353 Missing Support for Integrity Check No
CWE:354 Improper Validation of Integrity Check Value No
CWE:355 User Interface Security Issues Yes
CWE:356 Product UI does not Warn User of Unsafe Actions No
CWE:357 Insufficient UI Warning of Dangerous Operations No
CWE:358 Improperly Implemented Security Check for Standard No
CWE:359 Exposure of Private Personal Information to an Unauthorized Actor Yes
CWE:360 Trust of System Event Data No
CWE:361 7PK - Time and State Yes
CWE:362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Yes
CWE:363 Race Condition Enabling Link Following Yes
CWE:364 Signal Handler Race Condition Yes
CWE:365 DEPRECATED: Race Condition in Switch No
CWE:366 Race Condition within a Thread Yes
CWE:367 Time-of-check Time-of-use (TOCTOU) Race Condition Yes
CWE:368 Context Switching Race Condition Yes
CWE:369 Divide By Zero Yes
CWE:370 Missing Check for Certificate Revocation after Initial Check No
CWE:371 State Issues Yes
CWE:372 Incomplete Internal State Distinction No
CWE:373 DEPRECATED: State Synchronization Error No
CWE:374 Passing Mutable Objects to an Untrusted Method No
CWE:375 Returning a Mutable Object to an Untrusted Caller No
CWE:376 DEPRECATED: Temporary File Issues No
CWE:377 Insecure Temporary File Yes
CWE:378 Creation of Temporary File With Insecure Permissions Yes
CWE:379 Creation of Temporary File in Directory with Insecure Permissions Yes
CWE:380 DEPRECATED: Technology-Specific Time and State Issues No
CWE:381 DEPRECATED: J2EE Time and State Issues No
CWE:382 J2EE Bad Practices: Use of System.exit() Yes
CWE:383 J2EE Bad Practices: Direct Use of Threads Yes
CWE:384 Session Fixation No
CWE:385 Covert Timing Channel No
CWE:386 Symbolic Name not Mapping to Correct Object Yes
CWE:387 Signal Errors Yes
CWE:388 7PK - Errors Yes
CWE:389 Error Conditions, Return Values, Status Codes Yes
CWE:390 Detection of Error Condition Without Action Yes
CWE:391 Unchecked Error Condition Yes
CWE:392 Missing Report of Error Condition Yes
CWE:393 Return of Wrong Status Code No
CWE:394 Unexpected Status Code or Return Value Yes
CWE:395 Use of NullPointerException Catch to Detect NULL Pointer Dereference Yes
CWE:396 Declaration of Catch for Generic Exception Yes
CWE:397 Declaration of Throws for Generic Exception Yes
CWE:398 7PK - Code Quality Yes
CWE:399 Resource Management Errors Yes
CWE:400 Uncontrolled Resource Consumption Yes
CWE:401 Missing Release of Memory after Effective Lifetime Yes
CWE:402 Transmission of Private Resources into a New Sphere ('Resource Leak') No
CWE:403 Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') No
CWE:404 Improper Resource Shutdown or Release Yes
CWE:405 Asymmetric Resource Consumption (Amplification) Yes
CWE:406 Insufficient Control of Network Message Volume (Network Amplification) No
CWE:407 Inefficient Algorithmic Complexity No
CWE:408 Incorrect Behavior Order: Early Amplification No
CWE:409 Improper Handling of Highly Compressed Data (Data Amplification) No
CWE:410 Insufficient Resource Pool Yes
CWE:411 Resource Locking Problems Yes
CWE:412 Unrestricted Externally Accessible Lock Yes
CWE:413 Improper Resource Locking Yes
CWE:414 Missing Lock Check Yes
CWE:415 Double Free Yes
CWE:416 Use After Free Yes
CWE:417 Communication Channel Errors Yes
CWE:418 DEPRECATED: Channel Errors No
CWE:419 Unprotected Primary Channel No
CWE:420 Unprotected Alternate Channel No
CWE:421 Race Condition During Access to Alternate Channel No
CWE:422 Unprotected Windows Messaging Channel ('Shatter') No
CWE:423 DEPRECATED: Proxied Trusted Channel No
CWE:424 Improper Protection of Alternate Path No
CWE:425 Direct Request ('Forced Browsing') No
CWE:426 Untrusted Search Path Yes
CWE:427 Uncontrolled Search Path Element Yes
CWE:428 Unquoted Search Path or Element No
CWE:429 Handler Errors No
CWE:430 Deployment of Wrong Handler No
CWE:431 Missing Handler No
CWE:432 Dangerous Signal Handler not Disabled During Sensitive Operations No
CWE:433 Unparsed Raw Web Content Delivery No
CWE:434 Unrestricted Upload of File with Dangerous Type No
CWE:435 Improper Interaction Between Multiple Correctly-Behaving Entities Yes
CWE:436 Interpretation Conflict Yes
CWE:437 Incomplete Model of Endpoint Features No
CWE:438 Behavioral Problems Yes
CWE:439 Behavioral Change in New Version or Environment No
CWE:440 Expected Behavior Violation Yes
CWE:441 Unintended Proxy or Intermediary ('Confused Deputy') No
CWE:442 DEPRECATED: Web Problems No
CWE:443 DEPRECATED: HTTP response splitting No
CWE:444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') No
CWE:445 DEPRECATED: User Interface Errors No
CWE:446 UI Discrepancy for Security Feature No
CWE:447 Unimplemented or Unsupported Feature in UI No
CWE:448 Obsolete Feature in UI No
CWE:449 The UI Performs the Wrong Action No
CWE:450 Multiple Interpretations of UI Input No
CWE:451 User Interface (UI) Misrepresentation of Critical Information Yes
CWE:452 Initialization and Cleanup Errors Yes
CWE:453 Insecure Default Variable Initialization Yes
CWE:454 External Initialization of Trusted Variables or Data Stores Yes
CWE:455 Non-exit on Failed Initialization No
CWE:456 Missing Initialization of a Variable Yes
CWE:457 Use of Uninitialized Variable Yes
CWE:458 DEPRECATED: Incorrect Initialization No
CWE:459 Incomplete Cleanup Yes
CWE:460 Improper Cleanup on Thrown Exception No
CWE:461 DEPRECATED: Data Structure Issues No
CWE:462 Duplicate Key in Associative List (Alist) Yes
CWE:463 Deletion of Data Structure Sentinel No
CWE:464 Addition of Data Structure Sentinel No
CWE:465 Pointer Issues Yes
CWE:466 Return of Pointer Value Outside of Expected Range Yes
CWE:467 Use of sizeof() on a Pointer Type Yes
CWE:468 Incorrect Pointer Scaling Yes
CWE:469 Use of Pointer Subtraction to Determine Size Yes
CWE:470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Yes
CWE:471 Modification of Assumed-Immutable Data (MAID) Yes
CWE:472 External Control of Assumed-Immutable Web Parameter No
CWE:473 PHP External Variable Modification No
CWE:474 Use of Function with Inconsistent Implementations Yes
CWE:475 Undefined Behavior for Input to API Yes
CWE:476 NULL Pointer Dereference Yes
CWE:477 Use of Obsolete Function Yes
CWE:478 Missing Default Case in Multiple Condition Expression Yes
CWE:479 Signal Handler Use of a Non-reentrant Function Yes
CWE:480 Use of Incorrect Operator Yes
CWE:481 Assigning instead of Comparing Yes
CWE:482 Comparing instead of Assigning Yes
CWE:483 Incorrect Block Delimitation Yes
CWE:484 Omitted Break Statement in Switch Yes
CWE:485 7PK - Encapsulation Yes
CWE:486 Comparison of Classes by Name Yes
CWE:487 Reliance on Package-level Scope Yes
CWE:488 Exposure of Data Element to Wrong Session No
CWE:489 Active Debug Code Yes
CWE:490 DEPRECATED: Mobile Code Issues No
CWE:491 Public cloneable() Method Without Final ('Object Hijack') Yes
CWE:492 Use of Inner Class Containing Sensitive Data Yes
CWE:493 Critical Public Variable Without Final Modifier Yes
CWE:494 Download of Code Without Integrity Check No
CWE:495 Private Data Structure Returned From A Public Method Yes
CWE:496 Public Data Assigned to Private Array-Typed Field Yes
CWE:497 Exposure of Sensitive System Information to an Unauthorized Control Sphere Yes
CWE:498 Cloneable Class Containing Sensitive Information Yes
CWE:499 Serializable Class Containing Sensitive Data Yes
CWE:500 Public Static Field Not Marked Final No
CWE:501 Trust Boundary Violation Yes
CWE:502 Deserialization of Untrusted Data Yes
CWE:503 DEPRECATED: Byte/Object Code No
CWE:504 DEPRECATED: Motivation/Intent No
CWE:505 DEPRECATED: Intentionally Introduced Weakness No
CWE:506 Embedded Malicious Code Yes
CWE:507 Trojan Horse Yes
CWE:508 Non-Replicating Malicious Code Yes
CWE:509 Replicating Malicious Code (Virus or Worm) No
CWE:510 Trapdoor Yes
CWE:511 Logic/Time Bomb Yes
CWE:512 Spyware No
CWE:513 DEPRECATED: Intentionally Introduced Nonmalicious Weakness No
CWE:514 Covert Channel Yes
CWE:515 Covert Storage Channel Yes
CWE:516 DEPRECATED: Covert Timing Channel No
CWE:517 DEPRECATED: Other Intentional, Nonmalicious Weakness No
CWE:518 DEPRECATED: Inadvertently Introduced Weakness No
CWE:519 DEPRECATED: .NET Environment Issues No
CWE:520 .NET Misconfiguration: Use of Impersonation No
CWE:521 Weak Password Requirements No
CWE:522 Insufficiently Protected Credentials Yes
CWE:523 Unprotected Transport of Credentials Yes
CWE:524 Use of Cache Containing Sensitive Information Yes
CWE:525 Use of Web Browser Cache Containing Sensitive Information No
CWE:526 Cleartext Storage of Sensitive Information in an Environment Variable No
CWE:527 Exposure of Version-Control Repository to an Unauthorized Control Sphere No
CWE:528 Exposure of Core Dump File to an Unauthorized Control Sphere No
CWE:529 Exposure of Access Control List Files to an Unauthorized Control Sphere Yes
CWE:530 Exposure of Backup File to an Unauthorized Control Sphere Yes
CWE:531 Inclusion of Sensitive Information in Test Code No
CWE:532 Insertion of Sensitive Information into Log File Yes
CWE:533 DEPRECATED: Information Exposure Through Server Log Files No
CWE:534 DEPRECATED: Information Exposure Through Debug Log Files No
CWE:535 Exposure of Information Through Shell Error Message No
CWE:536 Servlet Runtime Error Message Containing Sensitive Information No
CWE:537 Java Runtime Error Message Containing Sensitive Information Yes
CWE:538 Insertion of Sensitive Information into Externally-Accessible File or Directory Yes
CWE:539 Use of Persistent Cookies Containing Sensitive Information No
CWE:540 Inclusion of Sensitive Information in Source Code Yes
CWE:541 Inclusion of Sensitive Information in an Include File No
CWE:542 DEPRECATED: Information Exposure Through Cleanup Log Files No
CWE:543 Use of Singleton Pattern Without Synchronization in a Multithreaded Context Yes
CWE:544 Missing Standardized Error Handling Mechanism No
CWE:545 DEPRECATED: Use of Dynamic Class Loading No
CWE:546 Suspicious Comment Yes
CWE:547 Use of Hard-coded, Security-relevant Constants Yes
CWE:548 Exposure of Information Through Directory Listing No
CWE:549 Missing Password Field Masking No
CWE:550 Server-generated Error Message Containing Sensitive Information Yes
CWE:551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization No
CWE:552 Files or Directories Accessible to External Parties Yes
CWE:553 Command Shell in Externally Accessible Directory No
CWE:554 ASP.NET Misconfiguration: Not Using Input Validation Framework No
CWE:555 J2EE Misconfiguration: Plaintext Password in Configuration File No
CWE:556 ASP.NET Misconfiguration: Use of Identity Impersonation No
CWE:557 Concurrency Issues Yes
CWE:558 Use of getlogin() in Multithreaded Application Yes
CWE:559 DEPRECATED: Often Misused: Arguments and Parameters No
CWE:560 Use of umask() with chmod-style Argument No
CWE:561 Dead Code Yes
CWE:562 Return of Stack Variable Address Yes
CWE:563 Assignment to Variable without Use Yes
CWE:564 SQL Injection: Hibernate No
CWE:565 Reliance on Cookies without Validation and Integrity Checking No
CWE:566 Authorization Bypass Through User-Controlled SQL Primary Key No
CWE:567 Unsynchronized Access to Shared Data in a Multithreaded Context Yes
CWE:568 finalize() Method Without super.finalize() Yes
CWE:569 Expression Issues Yes
CWE:570 Expression is Always False Yes
CWE:571 Expression is Always True Yes
CWE:572 Call to Thread run() instead of start() Yes
CWE:573 Improper Following of Specification by Caller Yes
CWE:574 EJB Bad Practices: Use of Synchronization Primitives No
CWE:575 EJB Bad Practices: Use of AWT Swing No
CWE:576 EJB Bad Practices: Use of Java I/O No
CWE:577 EJB Bad Practices: Use of Sockets No
CWE:578 EJB Bad Practices: Use of Class Loader No
CWE:579 J2EE Bad Practices: Non-serializable Object Stored in Session No
CWE:580 clone() Method Without super.clone() Yes
CWE:581 Object Model Violation: Just One of Equals and Hashcode Defined Yes
CWE:582 Array Declared Public, Final, and Static Yes
CWE:583 finalize() Method Declared Public Yes
CWE:584 Return Inside Finally Block Yes
CWE:585 Empty Synchronized Block Yes
CWE:586 Explicit Call to Finalize() Yes
CWE:587 Assignment of a Fixed Address to a Pointer Yes
CWE:588 Attempt to Access Child of a Non-structure Pointer Yes
CWE:589 Call to Non-ubiquitous API Yes
CWE:590 Free of Memory not on the Heap Yes
CWE:591 Sensitive Data Storage in Improperly Locked Memory No
CWE:592 DEPRECATED: Authentication Bypass Issues No
CWE:593 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created No
CWE:594 J2EE Framework: Saving Unserializable Objects to Disk No
CWE:595 Comparison of Object References Instead of Object Contents Yes
CWE:596 DEPRECATED: Incorrect Semantic Object Comparison No
CWE:597 Use of Wrong Operator in String Comparison Yes
CWE:598 Use of GET Request Method With Sensitive Query Strings No
CWE:599 Missing Validation of OpenSSL Certificate No
CWE:600 Uncaught Exception in Servlet No
CWE:601 URL Redirection to Untrusted Site ('Open Redirect') Yes
CWE:602 Client-Side Enforcement of Server-Side Security No
CWE:603 Use of Client-Side Authentication No
CWE:604 Deprecated Entries No
CWE:605 Multiple Binds to the Same Port Yes
CWE:606 Unchecked Input for Loop Condition Yes
CWE:607 Public Static Final Field References Mutable Object Yes
CWE:608 Struts: Non-private Field in ActionForm Class Yes
CWE:609 Double-Checked Locking Yes
CWE:610 Externally Controlled Reference to a Resource in Another Sphere Yes
CWE:611 Improper Restriction of XML External Entity Reference Yes
CWE:612 Improper Authorization of Index Containing Sensitive Information No
CWE:613 Insufficient Session Expiration Yes
CWE:614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Yes
CWE:615 Inclusion of Sensitive Information in Source Code Comments Yes
CWE:616 Incomplete Identification of Uploaded File Variables (PHP) No
CWE:617 Reachable Assertion No
CWE:618 Exposed Unsafe ActiveX Method No
CWE:619 Dangling Database Cursor ('Cursor Injection') No
CWE:620 Unverified Password Change No
CWE:621 Variable Extraction Error No
CWE:622 Improper Validation of Function Hook Arguments No
CWE:623 Unsafe ActiveX Control Marked Safe For Scripting No
CWE:624 Executable Regular Expression Error Yes
CWE:625 Permissive Regular Expression No
CWE:626 Null Byte Interaction Error (Poison Null Byte) Yes
CWE:627 Dynamic Variable Evaluation No
CWE:628 Function Call with Incorrectly Specified Arguments Yes
CWE:629 Weaknesses in OWASP Top Ten (2007) Yes
CWE:630 DEPRECATED: Weaknesses Examined by SAMATE No
CWE:631 DEPRECATED: Resource-specific Weaknesses No
CWE:632 DEPRECATED: Weaknesses that Affect Files or Directories No
CWE:633 DEPRECATED: Weaknesses that Affect Memory No
CWE:634 DEPRECATED: Weaknesses that Affect System Processes No
CWE:635 Weaknesses Originally Used by NVD from 2008 to 2016 Yes
CWE:636 Not Failing Securely ('Failing Open') No
CWE:637 Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') No
CWE:638 Not Using Complete Mediation No
CWE:639 Authorization Bypass Through User-Controlled Key No
CWE:640 Weak Password Recovery Mechanism for Forgotten Password No
CWE:641 Improper Restriction of Names for Files and Other Resources Yes
CWE:642 External Control of Critical State Data Yes
CWE:643 Improper Neutralization of Data within XPath Expressions ('XPath Injection') Yes
CWE:644 Improper Neutralization of HTTP Headers for Scripting Syntax No
CWE:645 Overly Restrictive Account Lockout Mechanism No
CWE:646 Reliance on File Name or Extension of Externally-Supplied File No
CWE:647 Use of Non-Canonical URL Paths for Authorization Decisions No
CWE:648 Incorrect Use of Privileged APIs No
CWE:649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking No
CWE:650 Trusting HTTP Permission Methods on the Server Side No
CWE:651 Exposure of WSDL File Containing Sensitive Information Yes
CWE:652 Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') No
CWE:653 Improper Isolation or Compartmentalization No
CWE:654 Reliance on a Single Factor in a Security Decision No
CWE:655 Insufficient Psychological Acceptability No
CWE:656 Reliance on Security Through Obscurity No
CWE:657 Violation of Secure Design Principles Yes
CWE:658 Weaknesses in Software Written in C Yes
CWE:659 Weaknesses in Software Written in C++ Yes
CWE:660 Weaknesses in Software Written in Java Yes
CWE:661 Weaknesses in Software Written in PHP Yes
CWE:662 Improper Synchronization Yes
CWE:663 Use of a Non-reentrant Function in a Concurrent Context Yes
CWE:664 Improper Control of a Resource Through its Lifetime Yes
CWE:665 Improper Initialization Yes
CWE:666 Operation on Resource in Wrong Phase of Lifetime Yes
CWE:667 Improper Locking Yes
CWE:668 Exposure of Resource to Wrong Sphere Yes
CWE:669 Incorrect Resource Transfer Between Spheres Yes
CWE:670 Always-Incorrect Control Flow Implementation Yes
CWE:671 Lack of Administrator Control over Security Yes
CWE:672 Operation on a Resource after Expiration or Release Yes
CWE:673 External Influence of Sphere Definition Yes
CWE:674 Uncontrolled Recursion Yes
CWE:675 Multiple Operations on Resource in Single-Operation Context Yes
CWE:676 Use of Potentially Dangerous Function Yes
CWE:677 Weakness Base Elements Yes
CWE:678 Composites No
CWE:679 DEPRECATED: Chain Elements No
CWE:680 Integer Overflow to Buffer Overflow Yes
CWE:681 Incorrect Conversion between Numeric Types Yes
CWE:682 Incorrect Calculation Yes
CWE:683 Function Call With Incorrect Order of Arguments Yes
CWE:684 Incorrect Provision of Specified Functionality Yes
CWE:685 Function Call With Incorrect Number of Arguments Yes
CWE:686 Function Call With Incorrect Argument Type Yes
CWE:687 Function Call With Incorrectly Specified Argument Value Yes
CWE:688 Function Call With Incorrect Variable or Reference as Argument Yes
CWE:689 Permission Race Condition During Resource Copy No
CWE:690 Unchecked Return Value to NULL Pointer Dereference Yes
CWE:691 Insufficient Control Flow Management Yes
CWE:692 Incomplete Denylist to Cross-Site Scripting No
CWE:693 Protection Mechanism Failure Yes
CWE:694 Use of Multiple Resources with Duplicate Identifier Yes
CWE:695 Use of Low-Level Functionality Yes
CWE:696 Incorrect Behavior Order Yes
CWE:697 Incorrect Comparison Yes
CWE:698 Execution After Redirect (EAR) Yes
CWE:699 Software Development Yes
CWE:700 Seven Pernicious Kingdoms Yes
CWE:701 Weaknesses Introduced During Design Yes
CWE:702 Weaknesses Introduced During Implementation Yes
CWE:703 Improper Check or Handling of Exceptional Conditions Yes
CWE:704 Incorrect Type Conversion or Cast Yes
CWE:705 Incorrect Control Flow Scoping Yes
CWE:706 Use of Incorrectly-Resolved Name or Reference Yes
CWE:707 Improper Neutralization Yes
CWE:708 Incorrect Ownership Assignment No
CWE:709 Named Chains Yes
CWE:710 Improper Adherence to Coding Standards Yes
CWE:711 Weaknesses in OWASP Top Ten (2004) Yes
CWE:712 OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS) Yes
CWE:713 OWASP Top Ten 2007 Category A2 - Injection Flaws Yes
CWE:714 OWASP Top Ten 2007 Category A3 - Malicious File Execution Yes
CWE:715 OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference Yes
CWE:716 OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF) No
CWE:717 OWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error Handling Yes
CWE:718 OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management Yes
CWE:719 OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage Yes
CWE:720 OWASP Top Ten 2007 Category A9 - Insecure Communications Yes
CWE:721 OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access Yes
CWE:722 OWASP Top Ten 2004 Category A1 - Unvalidated Input Yes
CWE:723 OWASP Top Ten 2004 Category A2 - Broken Access Control Yes
CWE:724 OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management Yes
CWE:725 OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws Yes
CWE:726 OWASP Top Ten 2004 Category A5 - Buffer Overflows Yes
CWE:727 OWASP Top Ten 2004 Category A6 - Injection Flaws Yes
CWE:728 OWASP Top Ten 2004 Category A7 - Improper Error Handling Yes
CWE:729 OWASP Top Ten 2004 Category A8 - Insecure Storage Yes
CWE:730 OWASP Top Ten 2004 Category A9 - Denial of Service Yes
CWE:731 OWASP Top Ten 2004 Category A10 - Insecure Configuration Management Yes
CWE:732 Incorrect Permission Assignment for Critical Resource Yes
CWE:733 Compiler Optimization Removal or Modification of Security-critical Code Yes
CWE:734 Weaknesses Addressed by the CERT C Secure Coding Standard (2008) Yes
CWE:735 CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE) Yes
CWE:736 CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL) Yes
CWE:737 CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP) Yes
CWE:738 CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT) Yes
CWE:739 CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP) Yes
CWE:740 CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR) Yes
CWE:741 CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR) Yes
CWE:742 CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM) Yes
CWE:743 CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO) Yes
CWE:744 CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV) Yes
CWE:745 CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG) Yes
CWE:746 CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR) Yes
CWE:747 CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC) Yes
CWE:748 CERT C Secure Coding Standard (2008) Appendix - POSIX (POS) Yes
CWE:749 Exposed Dangerous Method or Function Yes
CWE:750 Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors Yes
CWE:751 2009 Top 25 - Insecure Interaction Between Components Yes
CWE:752 2009 Top 25 - Risky Resource Management Yes
CWE:753 2009 Top 25 - Porous Defenses Yes
CWE:754 Improper Check for Unusual or Exceptional Conditions Yes
CWE:755 Improper Handling of Exceptional Conditions Yes
CWE:756 Missing Custom Error Page Yes
CWE:757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') Yes
CWE:758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior Yes
CWE:759 Use of a One-Way Hash without a Salt No
CWE:760 Use of a One-Way Hash with a Predictable Salt Yes
CWE:761 Free of Pointer not at Start of Buffer Yes
CWE:762 Mismatched Memory Management Routines Yes
CWE:763 Release of Invalid Pointer or Reference Yes
CWE:764 Multiple Locks of a Critical Resource Yes
CWE:765 Multiple Unlocks of a Critical Resource Yes
CWE:766 Critical Data Element Declared Public Yes
CWE:767 Access to Critical Private Variable via Public Method No
CWE:768 Incorrect Short Circuit Evaluation Yes
CWE:769 DEPRECATED: Uncontrolled File Descriptor Consumption No
CWE:770 Allocation of Resources Without Limits or Throttling Yes
CWE:771 Missing Reference to Active Allocated Resource Yes
CWE:772 Missing Release of Resource after Effective Lifetime Yes
CWE:773 Missing Reference to Active File Descriptor or Handle Yes
CWE:774 Allocation of File Descriptors or Handles Without Limits or Throttling No
CWE:775 Missing Release of File Descriptor or Handle after Effective Lifetime Yes
CWE:776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') No
CWE:777 Regular Expression without Anchors No
CWE:778 Insufficient Logging No
CWE:779 Logging of Excessive Data No
CWE:780 Use of RSA Algorithm without OAEP Yes
CWE:781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code No
CWE:782 Exposed IOCTL with Insufficient Access Control No
CWE:783 Operator Precedence Logic Error Yes
CWE:784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision No
CWE:785 Use of Path Manipulation Function without Maximum-sized Buffer Yes
CWE:786 Access of Memory Location Before Start of Buffer Yes
CWE:787 Out-of-bounds Write Yes
CWE:788 Access of Memory Location After End of Buffer Yes
CWE:789 Memory Allocation with Excessive Size Value Yes
CWE:790 Improper Filtering of Special Elements No
CWE:791 Incomplete Filtering of Special Elements No
CWE:792 Incomplete Filtering of One or More Instances of Special Elements No
CWE:793 Only Filtering One Instance of a Special Element No
CWE:794 Incomplete Filtering of Multiple Instances of Special Elements No
CWE:795 Only Filtering Special Elements at a Specified Location No
CWE:796 Only Filtering Special Elements Relative to a Marker No
CWE:797 Only Filtering Special Elements at an Absolute Position No
CWE:798 Use of Hard-coded Credentials Yes
CWE:799 Improper Control of Interaction Frequency No
CWE:800 Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors Yes
CWE:801 2010 Top 25 - Insecure Interaction Between Components Yes
CWE:802 2010 Top 25 - Risky Resource Management Yes
CWE:803 2010 Top 25 - Porous Defenses Yes
CWE:804 Guessable CAPTCHA No
CWE:805 Buffer Access with Incorrect Length Value Yes
CWE:806 Buffer Access Using Size of Source Buffer Yes
CWE:807 Reliance on Untrusted Inputs in a Security Decision Yes
CWE:808 2010 Top 25 - Weaknesses On the Cusp Yes
CWE:809 Weaknesses in OWASP Top Ten (2010) Yes
CWE:810 OWASP Top Ten 2010 Category A1 - Injection Yes
CWE:811 OWASP Top Ten 2010 Category A2 - Cross-Site Scripting (XSS) Yes
CWE:812 OWASP Top Ten 2010 Category A3 - Broken Authentication and Session Management Yes
CWE:813 OWASP Top Ten 2010 Category A4 - Insecure Direct Object References Yes
CWE:814 OWASP Top Ten 2010 Category A5 - Cross-Site Request Forgery(CSRF) No
CWE:815 OWASP Top Ten 2010 Category A6 - Security Misconfiguration Yes
CWE:816 OWASP Top Ten 2010 Category A7 - Insecure Cryptographic Storage Yes
CWE:817 OWASP Top Ten 2010 Category A8 - Failure to Restrict URL Access Yes
CWE:818 OWASP Top Ten 2010 Category A9 - Insufficient Transport Layer Protection Yes
CWE:819 OWASP Top Ten 2010 Category A10 - Unvalidated Redirects and Forwards Yes
CWE:820 Missing Synchronization Yes
CWE:821 Incorrect Synchronization Yes
CWE:822 Untrusted Pointer Dereference Yes
CWE:823 Use of Out-of-range Pointer Offset Yes
CWE:824 Access of Uninitialized Pointer Yes
CWE:825 Expired Pointer Dereference Yes
CWE:826 Premature Release of Resource During Expected Lifetime Yes
CWE:827 Improper Control of Document Type Definition No
CWE:828 Signal Handler with Functionality that is not Asynchronous-Safe Yes
CWE:829 Inclusion of Functionality from Untrusted Control Sphere No
CWE:830 Inclusion of Web Functionality from an Untrusted Source No
CWE:831 Signal Handler Function Associated with Multiple Signals No
CWE:832 Unlock of a Resource that is not Locked Yes
CWE:833 Deadlock Yes
CWE:834 Excessive Iteration Yes
CWE:835 Loop with Unreachable Exit Condition ('Infinite Loop') Yes
CWE:836 Use of Password Hash Instead of Password for Authentication No
CWE:837 Improper Enforcement of a Single, Unique Action No
CWE:838 Inappropriate Encoding for Output Context No
CWE:839 Numeric Range Comparison Without Minimum Check Yes
CWE:840 Business Logic Errors Yes
CWE:841 Improper Enforcement of Behavioral Workflow No
CWE:842 Placement of User into Incorrect Group No
CWE:843 Access of Resource Using Incompatible Type ('Type Confusion') Yes
CWE:844 Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011) Yes
CWE:845 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 2 - Input Validation and Data Sanitization (IDS) Yes
CWE:846 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 3 - Declarations and Initialization (DCL) Yes
CWE:847 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP) Yes
CWE:848 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 5 - Numeric Types and Operations (NUM) Yes
CWE:849 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 6 - Object Orientation (OBJ) Yes
CWE:850 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET) Yes
CWE:851 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR) Yes
CWE:852 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA) Yes
CWE:853 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK) Yes
CWE:854 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 11 - Thread APIs (THI) Yes
CWE:855 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS) Yes
CWE:856 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 13 - Thread-Safety Miscellaneous (TSM) No
CWE:857 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO) Yes
CWE:858 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER) Yes
CWE:859 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC) Yes
CWE:860 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV) Yes
CWE:861 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC) Yes
CWE:862 Missing Authorization No
CWE:863 Incorrect Authorization Yes
CWE:864 2011 Top 25 - Insecure Interaction Between Components Yes
CWE:865 2011 Top 25 - Risky Resource Management Yes
CWE:866 2011 Top 25 - Porous Defenses Yes
CWE:867 2011 Top 25 - Weaknesses On the Cusp Yes
CWE:868 Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version) Yes
CWE:869 CERT C++ Secure Coding Section 01 - Preprocessor (PRE) No
CWE:870 CERT C++ Secure Coding Section 02 - Declarations and Initialization (DCL) No
CWE:871 CERT C++ Secure Coding Section 03 - Expressions (EXP) Yes
CWE:872 CERT C++ Secure Coding Section 04 - Integers (INT) Yes
CWE:873 CERT C++ Secure Coding Section 05 - Floating Point Arithmetic (FLP) Yes
CWE:874 CERT C++ Secure Coding Section 06 - Arrays and the STL (ARR) Yes
CWE:875 CERT C++ Secure Coding Section 07 - Characters and Strings (STR) Yes
CWE:876 CERT C++ Secure Coding Section 08 - Memory Management (MEM) Yes
CWE:877 CERT C++ Secure Coding Section 09 - Input Output (FIO) Yes
CWE:878 CERT C++ Secure Coding Section 10 - Environment (ENV) Yes
CWE:879 CERT C++ Secure Coding Section 11 - Signals (SIG) Yes
CWE:880 CERT C++ Secure Coding Section 12 - Exceptions and Error Handling (ERR) Yes
CWE:881 CERT C++ Secure Coding Section 13 - Object Oriented Programming (OOP) No
CWE:882 CERT C++ Secure Coding Section 14 - Concurrency (CON) Yes
CWE:883 CERT C++ Secure Coding Section 49 - Miscellaneous (MSC) Yes
CWE:884 CWE Cross-section Yes
CWE:885 SFP Primary Cluster: Risky Values Yes
CWE:886 SFP Primary Cluster: Unused entities Yes
CWE:887 SFP Primary Cluster: API Yes
CWE:888 Software Fault Pattern (SFP) Clusters Yes
CWE:889 SFP Primary Cluster: Exception Management Yes
CWE:890 SFP Primary Cluster: Memory Access Yes
CWE:891 SFP Primary Cluster: Memory Management Yes
CWE:892 SFP Primary Cluster: Resource Management Yes
CWE:893 SFP Primary Cluster: Path Resolution Yes
CWE:894 SFP Primary Cluster: Synchronization Yes
CWE:895 SFP Primary Cluster: Information Leak Yes
CWE:896 SFP Primary Cluster: Tainted Input Yes
CWE:897 SFP Primary Cluster: Entry Points Yes
CWE:898 SFP Primary Cluster: Authentication Yes
CWE:899 SFP Primary Cluster: Access Control Yes
CWE:900 Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors Yes
CWE:901 SFP Primary Cluster: Privilege Yes
CWE:902 SFP Primary Cluster: Channel Yes
CWE:903 SFP Primary Cluster: Cryptography Yes
CWE:904 SFP Primary Cluster: Malware Yes
CWE:905 SFP Primary Cluster: Predictability Yes
CWE:906 SFP Primary Cluster: UI Yes
CWE:907 SFP Primary Cluster: Other Yes
CWE:908 Use of Uninitialized Resource Yes
CWE:909 Missing Initialization of Resource Yes
CWE:910 Use of Expired File Descriptor Yes
CWE:911 Improper Update of Reference Count No
CWE:912 Hidden Functionality Yes
CWE:913 Improper Control of Dynamically-Managed Code Resources Yes
CWE:914 Improper Control of Dynamically-Identified Variables No
CWE:915 Improperly Controlled Modification of Dynamically-Determined Object Attributes Yes
CWE:916 Use of Password Hash With Insufficient Computational Effort Yes
CWE:917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') Yes
CWE:918 Server-Side Request Forgery (SSRF) No
CWE:919 Weaknesses in Mobile Applications Yes
CWE:920 Improper Restriction of Power Consumption No
CWE:921 Storage of Sensitive Data in a Mechanism without Access Control No
CWE:922 Insecure Storage of Sensitive Information Yes
CWE:923 Improper Restriction of Communication Channel to Intended Endpoints No
CWE:924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel No
CWE:925 Improper Verification of Intent by Broadcast Receiver No
CWE:926 Improper Export of Android Application Components No
CWE:927 Use of Implicit Intent for Sensitive Communication No
CWE:928 Weaknesses in OWASP Top Ten (2013) Yes
CWE:929 OWASP Top Ten 2013 Category A1 - Injection Yes
CWE:930 OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management Yes
CWE:931 OWASP Top Ten 2013 Category A3 - Cross-Site Scripting (XSS) Yes
CWE:932 OWASP Top Ten 2013 Category A4 - Insecure Direct Object References Yes
CWE:933 OWASP Top Ten 2013 Category A5 - Security Misconfiguration Yes
CWE:934 OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure Yes
CWE:935 OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control Yes
CWE:936 OWASP Top Ten 2013 Category A8 - Cross-Site Request Forgery (CSRF) No
CWE:937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities No
CWE:938 OWASP Top Ten 2013 Category A10 - Unvalidated Redirects and Forwards Yes
CWE:939 Improper Authorization in Handler for Custom URL Scheme No
CWE:940 Improper Verification of Source of a Communication Channel No
CWE:941 Incorrectly Specified Destination in a Communication Channel No
CWE:942 Permissive Cross-domain Policy with Untrusted Domains No
CWE:943 Improper Neutralization of Special Elements in Data Query Logic Yes
CWE:944 SFP Secondary Cluster: Access Management Yes
CWE:945 SFP Secondary Cluster: Insecure Resource Access Yes
CWE:946 SFP Secondary Cluster: Insecure Resource Permissions Yes
CWE:947 SFP Secondary Cluster: Authentication Bypass Yes
CWE:948 SFP Secondary Cluster: Digital Certificate No
CWE:949 SFP Secondary Cluster: Faulty Endpoint Authentication Yes
CWE:950 SFP Secondary Cluster: Hardcoded Sensitive Data Yes
CWE:951 SFP Secondary Cluster: Insecure Authentication Policy Yes
CWE:952 SFP Secondary Cluster: Missing Authentication No
CWE:953 SFP Secondary Cluster: Missing Endpoint Authentication No
CWE:954 SFP Secondary Cluster: Multiple Binds to the Same Port Yes
CWE:955 SFP Secondary Cluster: Unrestricted Authentication No
CWE:956 SFP Secondary Cluster: Channel Attack Yes
CWE:957 SFP Secondary Cluster: Protocol Error Yes
CWE:958 SFP Secondary Cluster: Broken Cryptography Yes
CWE:959 SFP Secondary Cluster: Weak Cryptography Yes
CWE:960 SFP Secondary Cluster: Ambiguous Exception Type Yes
CWE:961 SFP Secondary Cluster: Incorrect Exception Behavior Yes
CWE:962 SFP Secondary Cluster: Unchecked Status Condition Yes
CWE:963 SFP Secondary Cluster: Exposed Data Yes
CWE:964 SFP Secondary Cluster: Exposure Temporary File Yes
CWE:965 SFP Secondary Cluster: Insecure Session Management Yes
CWE:966 SFP Secondary Cluster: Other Exposures Yes
CWE:967 SFP Secondary Cluster: State Disclosure Yes
CWE:968 SFP Secondary Cluster: Covert Channel Yes
CWE:969 SFP Secondary Cluster: Faulty Memory Release Yes
CWE:970 SFP Secondary Cluster: Faulty Buffer Access Yes
CWE:971 SFP Secondary Cluster: Faulty Pointer Use Yes
CWE:972 SFP Secondary Cluster: Faulty String Expansion Yes
CWE:973 SFP Secondary Cluster: Improper NULL Termination Yes
CWE:974 SFP Secondary Cluster: Incorrect Buffer Length Computation Yes
CWE:975 SFP Secondary Cluster: Architecture Yes
CWE:976 SFP Secondary Cluster: Compiler Yes
CWE:977 SFP Secondary Cluster: Design Yes
CWE:978 SFP Secondary Cluster: Implementation Yes
CWE:979 SFP Secondary Cluster: Failed Chroot Jail Yes
CWE:980 SFP Secondary Cluster: Link in Resource Name Resolution Yes
CWE:981 SFP Secondary Cluster: Path Traversal Yes
CWE:982 SFP Secondary Cluster: Failure to Release Resource Yes
CWE:983 SFP Secondary Cluster: Faulty Resource Use Yes
CWE:984 SFP Secondary Cluster: Life Cycle Yes
CWE:985 SFP Secondary Cluster: Unrestricted Consumption Yes
CWE:986 SFP Secondary Cluster: Missing Lock Yes
CWE:987 SFP Secondary Cluster: Multiple Locks/Unlocks Yes
CWE:988 SFP Secondary Cluster: Race Condition Window Yes
CWE:989 SFP Secondary Cluster: Unrestricted Lock Yes
CWE:990 SFP Secondary Cluster: Tainted Input to Command Yes
CWE:991 SFP Secondary Cluster: Tainted Input to Environment Yes
CWE:992 SFP Secondary Cluster: Faulty Input Transformation Yes
CWE:993 SFP Secondary Cluster: Incorrect Input Handling Yes
CWE:994 SFP Secondary Cluster: Tainted Input to Variable Yes
CWE:995 SFP Secondary Cluster: Feature Yes
CWE:996 SFP Secondary Cluster: Security No
CWE:997 SFP Secondary Cluster: Information Loss Yes
CWE:998 SFP Secondary Cluster: Glitch in Computation Yes
CWE:999 DEPRECATED: Weaknesses without Software Fault Patterns No
CWE:1000 Research Concepts Yes
CWE:1001 SFP Secondary Cluster: Use of an Improper API Yes
CWE:1002 SFP Secondary Cluster: Unexpected Entry Points Yes
CWE:1003 Weaknesses for Simplified Mapping of Published Vulnerabilities Yes
CWE:1004 Sensitive Cookie Without 'HttpOnly' Flag No
CWE:1005 7PK - Input Validation and Representation Yes
CWE:1006 Bad Coding Practices Yes
CWE:1007 Insufficient Visual Distinction of Homoglyphs Presented to User Yes
CWE:1008 Architectural Concepts Yes
CWE:1009 Audit Yes
CWE:1010 Authenticate Actors Yes
CWE:1011 Authorize Actors Yes
CWE:1012 Cross Cutting Yes
CWE:1013 Encrypt Data Yes
CWE:1014 Identify Actors Yes
CWE:1015 Limit Access Yes
CWE:1016 Limit Exposure Yes
CWE:1017 Lock Computer No
CWE:1018 Manage User Sessions Yes
CWE:1019 Validate Inputs Yes
CWE:1020 Verify Message Integrity Yes
CWE:1021 Improper Restriction of Rendered UI Layers or Frames No
CWE:1022 Use of Web Link to Untrusted Target with window.opener Access No
CWE:1023 Incomplete Comparison with Missing Factors Yes
CWE:1024 Comparison of Incompatible Types Yes
CWE:1025 Comparison Using Wrong Factors Yes
CWE:1026 Weaknesses in OWASP Top Ten (2017) Yes
CWE:1027 OWASP Top Ten 2017 Category A1 - Injection Yes
CWE:1028 OWASP Top Ten 2017 Category A2 - Broken Authentication Yes
CWE:1029 OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure Yes
CWE:1030 OWASP Top Ten 2017 Category A4 - XML External Entities (XXE) Yes
CWE:1031 OWASP Top Ten 2017 Category A5 - Broken Access Control Yes
CWE:1032 OWASP Top Ten 2017 Category A6 - Security Misconfiguration Yes
CWE:1033 OWASP Top Ten 2017 Category A7 - Cross-Site Scripting (XSS) Yes
CWE:1034 OWASP Top Ten 2017 Category A8 - Insecure Deserialization Yes
CWE:1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities No
CWE:1036 OWASP Top Ten 2017 Category A10 - Insufficient Logging & Monitoring No
CWE:1037 Processor Optimization Removal or Modification of Security-critical Code Yes
CWE:1038 Insecure Automated Optimizations Yes
CWE:1039 Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations No
CWE:1040 Quality Weaknesses with Indirect Security Impacts Yes
CWE:1041 Use of Redundant Code Yes
CWE:1042 Static Member Data Element outside of a Singleton Class Element No
CWE:1043 Data Element Aggregating an Excessively Large Number of Non-Primitive Elements No
CWE:1044 Architecture with Number of Horizontal Layers Outside of Expected Range No
CWE:1045 Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor No
CWE:1046 Creation of Immutable Text Using String Concatenation No
CWE:1047 Modules with Circular Dependencies Yes
CWE:1048 Invokable Control Element with Large Number of Outward Calls No
CWE:1049 Excessive Data Query Operations in a Large Data Table No
CWE:1050 Excessive Platform Resource Consumption within a Loop No
CWE:1051 Initialization with Hard-Coded Network Resource Configuration Data No
CWE:1052 Excessive Use of Hard-Coded Literals in Initialization No
CWE:1053 Missing Documentation for Design No
CWE:1054 Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer No
CWE:1055 Multiple Inheritance from Concrete Classes Yes
CWE:1056 Invokable Control Element with Variadic Parameters Yes
CWE:1057 Data Access Operations Outside of Expected Data Manager Component No
CWE:1058 Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element No
CWE:1059 Insufficient Technical Documentation Yes
CWE:1060 Excessive Number of Inefficient Server-Side Data Accesses No
CWE:1061 Insufficient Encapsulation Yes
CWE:1062 Parent Class with References to Child Class No
CWE:1063 Creation of Class Instance within a Static Code Block No
CWE:1064 Invokable Control Element with Signature Containing an Excessive Number of Parameters Yes
CWE:1065 Runtime Resource Management Control Element in a Component Built to Run on Application Servers No
CWE:1066 Missing Serialization Control Element No
CWE:1067 Excessive Execution of Sequential Searches of Data Resource No
CWE:1068 Inconsistency Between Implementation and Documented Design No
CWE:1069 Empty Exception Block No
CWE:1070 Serializable Data Element Containing non-Serializable Item Elements No
CWE:1071 Empty Code Block Yes
CWE:1072 Data Resource Access without Use of Connection Pooling No
CWE:1073 Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses No
CWE:1074 Class with Excessively Deep Inheritance No
CWE:1075 Unconditional Control Flow Transfer outside of Switch Block Yes
CWE:1076 Insufficient Adherence to Expected Conventions Yes
CWE:1077 Floating Point Comparison with Incorrect Operator Yes
CWE:1078 Inappropriate Source Code Style or Formatting Yes
CWE:1079 Parent Class without Virtual Destructor Method Yes
CWE:1080 Source Code File with Excessive Number of Lines of Code Yes
CWE:1081 Entries with Maintenance Notes Yes
CWE:1082 Class Instance Self Destruction Control Element No
CWE:1083 Data Access from Outside Expected Data Manager Component No
CWE:1084 Invokable Control Element with Excessive File or Data Access Operations No
CWE:1085 Invokable Control Element with Excessive Volume of Commented-out Code Yes
CWE:1086 Class with Excessive Number of Child Classes No
CWE:1087 Class with Virtual Method without a Virtual Destructor Yes
CWE:1088 Synchronous Access of Remote Resource without Timeout Yes
CWE:1089 Large Data Table with Excessive Number of Indices No
CWE:1090 Method Containing Access of a Member Element from Another Class No
CWE:1091 Use of Object without Invoking Destructor Method Yes
CWE:1092 Use of Same Invokable Control Element in Multiple Architectural Layers No
CWE:1093 Excessively Complex Data Representation Yes
CWE:1094 Excessive Index Range Scan for a Data Resource No
CWE:1095 Loop Condition Value Update within the Loop Yes
CWE:1096 Singleton Class Instance Creation without Proper Locking or Synchronization No
CWE:1097 Persistent Storable Data Element without Associated Comparison Control Element Yes
CWE:1098 Data Element containing Pointer Item without Proper Copy Control Element No
CWE:1099 Inconsistent Naming Conventions for Identifiers Yes
CWE:1100 Insufficient Isolation of System-Dependent Functions No
CWE:1101 Reliance on Runtime Component in Generated Code No
CWE:1102 Reliance on Machine-Dependent Data Representation No
CWE:1103 Use of Platform-Dependent Third Party Components No
CWE:1104 Use of Unmaintained Third Party Components No
CWE:1105 Insufficient Encapsulation of Machine-Dependent Functionality Yes
CWE:1106 Insufficient Use of Symbolic Constants No
CWE:1107 Insufficient Isolation of Symbolic Constant Definitions No
CWE:1108 Excessive Reliance on Global Variables Yes
CWE:1109 Use of Same Variable for Multiple Purposes No
CWE:1110 Incomplete Design Documentation No
CWE:1111 Incomplete I/O Documentation No
CWE:1112 Incomplete Documentation of Program Execution No
CWE:1113 Inappropriate Comment Style No
CWE:1114 Inappropriate Whitespace Style Yes
CWE:1115 Source Code Element without Standard Prologue No
CWE:1116 Inaccurate Comments No
CWE:1117 Callable with Insufficient Behavioral Summary No
CWE:1118 Insufficient Documentation of Error Handling Techniques No
CWE:1119 Excessive Use of Unconditional Branching No
CWE:1120 Excessive Code Complexity Yes
CWE:1121 Excessive McCabe Cyclomatic Complexity Yes
CWE:1122 Excessive Halstead Complexity No
CWE:1123 Excessive Use of Self-Modifying Code No
CWE:1124 Excessively Deep Nesting Yes
CWE:1125 Excessive Attack Surface No
CWE:1126 Declaration of Variable with Unnecessarily Wide Scope Yes
CWE:1127 Compilation with Insufficient Warnings or Errors Yes
CWE:1128 CISQ Quality Measures (2016) Yes
CWE:1129 CISQ Quality Measures (2016) - Reliability Yes
CWE:1130 CISQ Quality Measures (2016) - Maintainability Yes
CWE:1131 CISQ Quality Measures (2016) - Security Yes
CWE:1132 CISQ Quality Measures (2016) - Performance Efficiency Yes
CWE:1133 Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java Yes
CWE:1134 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 00. Input Validation and Data Sanitization (IDS) Yes
CWE:1135 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 01. Declarations and Initialization (DCL) Yes
CWE:1136 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 02. Expressions (EXP) Yes
CWE:1137 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM) Yes
CWE:1138 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 04. Characters and Strings (STR) No
CWE:1139 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 05. Object Orientation (OBJ) Yes
CWE:1140 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 06. Methods (MET) Yes
CWE:1141 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 07. Exceptional Behavior (ERR) Yes
CWE:1142 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 08. Visibility and Atomicity (VNA) Yes
CWE:1143 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 09. Locking (LCK) Yes
CWE:1144 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 10. Thread APIs (THI) Yes
CWE:1145 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 11. Thread Pools (TPS) Yes
CWE:1146 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 12. Thread-Safety Miscellaneous (TSM) No
CWE:1147 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO) Yes
CWE:1148 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 14. Serialization (SER) Yes
CWE:1149 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 15. Platform Security (SEC) Yes
CWE:1150 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 16. Runtime Environment (ENV) Yes
CWE:1151 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 17. Java Native Interface (JNI) No
CWE:1152 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 49. Miscellaneous (MSC) Yes
CWE:1153 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 50. Android (DRD) No
CWE:1154 Weaknesses Addressed by the SEI CERT C Coding Standard Yes
CWE:1155 SEI CERT C Coding Standard - Guidelines 01. Preprocessor (PRE) No
CWE:1156 SEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL) Yes
CWE:1157 SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP) Yes
CWE:1158 SEI CERT C Coding Standard - Guidelines 04. Integers (INT) Yes
CWE:1159 SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP) Yes
CWE:1160 SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR) Yes
CWE:1161 SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR) Yes
CWE:1162 SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM) Yes
CWE:1163 SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO) Yes
CWE:1164 Irrelevant Code Yes
CWE:1165 SEI CERT C Coding Standard - Guidelines 10. Environment (ENV) Yes
CWE:1166 SEI CERT C Coding Standard - Guidelines 11. Signals (SIG) Yes
CWE:1167 SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR) Yes
CWE:1168 SEI CERT C Coding Standard - Guidelines 13. Application Programming Interfaces (API) No
CWE:1169 SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON) Yes
CWE:1170 SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC) Yes
CWE:1171 SEI CERT C Coding Standard - Guidelines 50. POSIX (POS) Yes
CWE:1172 SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN) Yes
CWE:1173 Improper Use of Validation Framework Yes
CWE:1174 ASP.NET Misconfiguration: Improper Model Validation No
CWE:1175 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 18. Concurrency (CON) No
CWE:1176 Inefficient CPU Computation Yes
CWE:1177 Use of Prohibited Code Yes
CWE:1178 Weaknesses Addressed by the SEI CERT Perl Coding Standard Yes
CWE:1179 SEI CERT Perl Coding Standard - Guidelines 01. Input Validation and Data Sanitization (IDS) Yes
CWE:1180 SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL) Yes
CWE:1181 SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP) Yes
CWE:1182 SEI CERT Perl Coding Standard - Guidelines 04. Integers (INT) Yes
CWE:1183 SEI CERT Perl Coding Standard - Guidelines 05. Strings (STR) No
CWE:1184 SEI CERT Perl Coding Standard - Guidelines 06. Object-Oriented Programming (OOP) No
CWE:1185 SEI CERT Perl Coding Standard - Guidelines 07. File Input and Output (FIO) No
CWE:1186 SEI CERT Perl Coding Standard - Guidelines 50. Miscellaneous (MSC) Yes
CWE:1187 DEPRECATED: Use of Uninitialized Resource No
CWE:1188 Initialization of a Resource with an Insecure Default Yes
CWE:1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC) No
CWE:1190 DMA Device Enabled Too Early in Boot Phase No
CWE:1191 On-Chip Debug and Test Interface With Improper Access Control No
CWE:1192 Improper Identifier for IP Block used in System-On-Chip (SOC) No
CWE:1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control No
CWE:1194 Hardware Design Yes
CWE:1195 Manufacturing and Life Cycle Management Concerns Yes
CWE:1196 Security Flow Issues No
CWE:1197 Integration Issues No
CWE:1198 Privilege Separation and Access Control Issues No
CWE:1199 General Circuit and Logic Design Concerns No
CWE:1200 Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors Yes
CWE:1201 Core and Compute Issues No
CWE:1202 Memory and Storage Issues Yes
CWE:1203 Peripherals, On-chip Fabric, and Interface/IO Problems No
CWE:1204 Generation of Weak Initialization Vector (IV) Yes
CWE:1205 Security Primitives and Cryptography Issues Yes
CWE:1206 Power, Clock, Thermal, and Reset Concerns No
CWE:1207 Debug and Test Problems Yes
CWE:1208 Cross-Cutting Problems Yes
CWE:1209 Failure to Disable Reserved Bits No
CWE:1210 Audit / Logging Errors Yes
CWE:1211 Authentication Errors Yes
CWE:1212 Authorization Errors Yes
CWE:1213 Random Number Issues Yes
CWE:1214 Data Integrity Issues Yes
CWE:1215 Data Validation Issues Yes
CWE:1216 Lockout Mechanism Errors No
CWE:1217 User Session Errors Yes
CWE:1218 Memory Buffer Errors Yes
CWE:1219 File Handling Issues Yes
CWE:1220 Insufficient Granularity of Access Control No
CWE:1221 Incorrect Register Defaults or Module Parameters No
CWE:1222 Insufficient Granularity of Address Regions Protected by Register Locks No
CWE:1223 Race Condition for Write-Once Attributes No
CWE:1224 Improper Restriction of Write-Once Bit Fields No
CWE:1225 Documentation Issues No
CWE:1226 Complexity Issues Yes
CWE:1227 Encapsulation Issues Yes
CWE:1228 API / Function Errors Yes
CWE:1229 Creation of Emergent Resource Yes
CWE:1230 Exposure of Sensitive Information Through Metadata Yes
CWE:1231 Improper Prevention of Lock Bit Modification No
CWE:1232 Improper Lock Behavior After Power State Transition No
CWE:1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection No
CWE:1234 Hardware Internal or Debug Modes Allow Override of Locks No
CWE:1235 Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations Yes
CWE:1236 Improper Neutralization of Formula Elements in a CSV File No
CWE:1237 SFP Primary Cluster: Faulty Resource Release Yes
CWE:1238 SFP Primary Cluster: Failure to Release Memory Yes
CWE:1239 Improper Zeroization of Hardware Register No
CWE:1240 Use of a Cryptographic Primitive with a Risky Implementation No
CWE:1241 Use of Predictable Algorithm in Random Number Generator No
CWE:1242 Inclusion of Undocumented Features or Chicken Bits No
CWE:1243 Sensitive Non-Volatile Information Not Protected During Debug No
CWE:1244 Internal Asset Exposed to Unsafe Debug Access Level or State No
CWE:1245 Improper Finite State Machines (FSMs) in Hardware Logic No
CWE:1246 Improper Write Handling in Limited-write Non-Volatile Memories No
CWE:1247 Improper Protection Against Voltage and Clock Glitches No
CWE:1248 Semiconductor Defects in Hardware Logic with Security-Sensitive Implications No
CWE:1249 Application-Level Admin Tool with Inconsistent View of Underlying Operating System No
CWE:1250 Improper Preservation of Consistency Between Independent Representations of Shared State No
CWE:1251 Mirrored Regions with Different Values No
CWE:1252 CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations No
CWE:1253 Incorrect Selection of Fuse Values No
CWE:1254 Incorrect Comparison Logic Granularity No
CWE:1255 Comparison Logic is Vulnerable to Power Side-Channel Attacks No
CWE:1256 Improper Restriction of Software Interfaces to Hardware Features No
CWE:1257 Improper Access Control Applied to Mirrored or Aliased Memory Regions No
CWE:1258 Exposure of Sensitive System Information Due to Uncleared Debug Information No
CWE:1259 Improper Restriction of Security Token Assignment No
CWE:1260 Improper Handling of Overlap Between Protected Memory Ranges No
CWE:1261 Improper Handling of Single Event Upsets No
CWE:1262 Improper Access Control for Register Interface No
CWE:1263 Improper Physical Access Control No
CWE:1264 Hardware Logic with Insecure De-Synchronization between Control and Data Channels No
CWE:1265 Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls No
CWE:1266 Improper Scrubbing of Sensitive Data from Decommissioned Device No
CWE:1267 Policy Uses Obsolete Encoding No
CWE:1268 Policy Privileges are not Assigned Consistently Between Control and Data Agents No
CWE:1269 Product Released in Non-Release Configuration No
CWE:1270 Generation of Incorrect Security Tokens No
CWE:1271 Uninitialized Value on Reset for Registers Holding Security Settings No
CWE:1272 Sensitive Information Uncleared Before Debug/Power State Transition No
CWE:1273 Device Unlock Credential Sharing No
CWE:1274 Improper Access Control for Volatile Memory Containing Boot Code No
CWE:1275 Sensitive Cookie with Improper SameSite Attribute No
CWE:1276 Hardware Child Block Incorrectly Connected to Parent System No
CWE:1277 Firmware Not Updateable No
CWE:1278 Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques No
CWE:1279 Cryptographic Operations are run Before Supporting Units are Ready No
CWE:1280 Access Control Check Implemented After Asset is Accessed No
CWE:1281 Sequence of Processor Instructions Leads to Unexpected Behavior No
CWE:1282 Assumed-Immutable Data is Stored in Writable Memory No
CWE:1283 Mutable Attestation or Measurement Reporting Data No
CWE:1284 Improper Validation of Specified Quantity in Input Yes
CWE:1285 Improper Validation of Specified Index, Position, or Offset in Input Yes
CWE:1286 Improper Validation of Syntactic Correctness of Input No
CWE:1287 Improper Validation of Specified Type of Input No
CWE:1288 Improper Validation of Consistency within Input No
CWE:1289 Improper Validation of Unsafe Equivalence in Input No
CWE:1290 Incorrect Decoding of Security Identifiers No
CWE:1291 Public Key Re-Use for Signing both Debug and Production Code No
CWE:1292 Incorrect Conversion of Security Identifiers No
CWE:1293 Missing Source Correlation of Multiple Independent Data No
CWE:1294 Insecure Security Identifier Mechanism No
CWE:1295 Debug Messages Revealing Unnecessary Information Yes
CWE:1296 Incorrect Chaining or Granularity of Debug Components No
CWE:1297 Unprotected Confidential Information on Device is Accessible by OSAT Vendors No
CWE:1298 Hardware Logic Contains Race Conditions No
CWE:1299 Missing Protection Mechanism for Alternate Hardware Interface No
CWE:1300 Improper Protection of Physical Side Channels No
CWE:1301 Insufficient or Incomplete Data Removal within Hardware Component No
CWE:1302 Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC) No
CWE:1303 Non-Transparent Sharing of Microarchitectural Resources No
CWE:1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation No
CWE:1305 CISQ Quality Measures (2020) Yes
CWE:1306 CISQ Quality Measures - Reliability Yes
CWE:1307 CISQ Quality Measures - Maintainability Yes
CWE:1308 CISQ Quality Measures - Security Yes
CWE:1309 CISQ Quality Measures - Efficiency Yes
CWE:1310 Missing Ability to Patch ROM Code No
CWE:1311 Improper Translation of Security Attributes by Fabric Bridge No
CWE:1312 Missing Protection for Mirrored Regions in On-Chip Fabric Firewall No
CWE:1313 Hardware Allows Activation of Test or Debug Logic at Runtime No
CWE:1314 Missing Write Protection for Parametric Data Values No
CWE:1315 Improper Setting of Bus Controlling Capability in Fabric End-point No
CWE:1316 Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges No
CWE:1317 Improper Access Control in Fabric Bridge No
CWE:1318 Missing Support for Security Features in On-chip Fabrics or Buses No
CWE:1319 Improper Protection against Electromagnetic Fault Injection (EM-FI) No
CWE:1320 Improper Protection for Outbound Error Messages and Alert Signals No
CWE:1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') No
CWE:1322 Use of Blocking Code in Single-threaded, Non-blocking Context No
CWE:1323 Improper Management of Sensitive Trace Data No
CWE:1324 DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface No
CWE:1325 Improperly Controlled Sequential Memory Allocation No
CWE:1326 Missing Immutable Root of Trust in Hardware No
CWE:1327 Binding to an Unrestricted IP Address No
CWE:1328 Security Version Number Mutable to Older Versions No
CWE:1329 Reliance on Component That is Not Updateable No
CWE:1330 Remanent Data Readable after Memory Erase No
CWE:1331 Improper Isolation of Shared Resources in Network On Chip (NoC) No
CWE:1332 Improper Handling of Faults that Lead to Instruction Skips No
CWE:1333 Inefficient Regular Expression Complexity No
CWE:1334 Unauthorized Error Injection Can Degrade Hardware Redundancy No
CWE:1335 Incorrect Bitwise Shift of Integer Yes
CWE:1336 Improper Neutralization of Special Elements Used in a Template Engine No
CWE:1337 Weaknesses in the 2021 CWE Top 25 Most Dangerous Software Weaknesses Yes
CWE:1338 Improper Protections Against Hardware Overheating No
CWE:1339 Insufficient Precision or Accuracy of a Real Number Yes
CWE:1340 CISQ Data Protection Measures Yes
CWE:1341 Multiple Releases of Same Resource or Handle Yes
CWE:1342 Information Exposure through Microarchitectural State after Transient Execution No
CWE:1343 Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List No
CWE:1344 Weaknesses in OWASP Top Ten (2021) Yes
CWE:1345 OWASP Top Ten 2021 Category A01:2021 - Broken Access Control Yes
CWE:1346 OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures Yes
CWE:1347 OWASP Top Ten 2021 Category A03:2021 - Injection Yes
CWE:1348 OWASP Top Ten 2021 Category A04:2021 - Insecure Design Yes
CWE:1349 OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration Yes
CWE:1350 Weaknesses in the 2020 CWE Top 25 Most Dangerous Software Weaknesses Yes
CWE:1351 Improper Handling of Hardware Behavior in Exceptionally Cold Environments No
CWE:1352 OWASP Top Ten 2021 Category A06:2021 - Vulnerable and Outdated Components No
CWE:1353 OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures Yes
CWE:1354 OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures Yes
CWE:1355 OWASP Top Ten 2021 Category A09:2021 - Security Logging and Monitoring Failures Yes
CWE:1356 OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF) No
CWE:1357 Reliance on Insufficiently Trustworthy Component No
CWE:1358 Weaknesses in SEI ETF Categories of Security Vulnerabilities in ICS Yes
CWE:1359 ICS Communications Yes
CWE:1360 ICS Dependencies (& Architecture) Yes
CWE:1361 ICS Supply Chain Yes
CWE:1362 ICS Engineering (Constructions/Deployment) Yes
CWE:1363 ICS Operations (& Maintenance) Yes
CWE:1364 ICS Communications: Zone Boundary Failures Yes
CWE:1365 ICS Communications: Unreliability Yes
CWE:1366 ICS Communications: Frail Security in Protocols Yes
CWE:1367 ICS Dependencies (& Architecture): External Physical Systems No
CWE:1368 ICS Dependencies (& Architecture): External Digital Systems Yes
CWE:1369 ICS Supply Chain: IT/OT Convergence/Expansion Yes
CWE:1370 ICS Supply Chain: Common Mode Frailties Yes
CWE:1371 ICS Supply Chain: Poorly Documented or Undocumented Features Yes
CWE:1372 ICS Supply Chain: OT Counterfeit and Malicious Corruption Yes
CWE:1373 ICS Engineering (Construction/Deployment): Trust Model Problems Yes
CWE:1374 ICS Engineering (Construction/Deployment): Maker Breaker Blindness No
CWE:1375 ICS Engineering (Construction/Deployment): Gaps in Details/Data Yes
CWE:1376 ICS Engineering (Construction/Deployment): Security Gaps in Commissioning Yes
CWE:1377 ICS Engineering (Construction/Deployment): Inherent Predictability in Design No
CWE:1378 ICS Operations (& Maintenance): Gaps in obligations and training No
CWE:1379 ICS Operations (& Maintenance): Human factors in ICS environments Yes
CWE:1380 ICS Operations (& Maintenance): Post-analysis changes No
CWE:1381 ICS Operations (& Maintenance): Exploitable Standard Operational Procedures No
CWE:1382 ICS Operations (& Maintenance): Emerging Energy Technologies Yes
CWE:1383 ICS Operations (& Maintenance): Compliance/Conformance with Regulatory Requirements Yes
CWE:1384 Improper Handling of Physical or Environmental Conditions No
CWE:1385 Missing Origin Validation in WebSockets No
CWE:1386 Insecure Operation on Windows Junction / Mount Point No
CWE:1387 Weaknesses in the 2022 CWE Top 25 Most Dangerous Software Weaknesses Yes
CWE:1388 Physical Access Issues and Concerns No
CWE:1389 Incorrect Parsing of Numbers with Different Radices Yes
CWE:1390 Weak Authentication Yes
CWE:1391 Use of Weak Credentials Yes
CWE:1392 Use of Default Credentials No
CWE:1393 Use of Default Password No
CWE:1394 Use of Default Cryptographic Key No
CWE:1395 Dependency on Vulnerable Third-Party Component Yes
CWE:1396 Comprehensive Categorization: Access Control Yes
CWE:1397 Comprehensive Categorization: Comparison Yes
CWE:1398 Comprehensive Categorization: Component Interaction Yes
CWE:1399 Comprehensive Categorization: Memory Safety Yes
CWE:1400 Comprehensive Categorization for Software Assurance Trends Yes
CWE:1401 Comprehensive Categorization: Concurrency Yes
CWE:1402 Comprehensive Categorization: Encryption Yes
CWE:1403 Comprehensive Categorization: Exposed Resource Yes
CWE:1404 Comprehensive Categorization: File Handling Yes
CWE:1405 Comprehensive Categorization: Improper Check or Handling of Exceptional Conditions Yes
CWE:1406 Comprehensive Categorization: Improper Input Validation Yes
CWE:1407 Comprehensive Categorization: Improper Neutralization Yes
CWE:1408 Comprehensive Categorization: Incorrect Calculation Yes
CWE:1409 Comprehensive Categorization: Injection Yes
CWE:1410 Comprehensive Categorization: Insufficient Control Flow Management Yes
CWE:1411 Comprehensive Categorization: Insufficient Verification of Data Authenticity Yes
CWE:1412 Comprehensive Categorization: Poor Coding Practices Yes
CWE:1413 Comprehensive Categorization: Protection Mechanism Failure Yes
CWE:1414 Comprehensive Categorization: Randomness Yes
CWE:1415 Comprehensive Categorization: Resource Control Yes
CWE:1416 Comprehensive Categorization: Resource Lifecycle Management Yes
CWE:1417 Comprehensive Categorization: Sensitive Information Exposure Yes
CWE:1418 Comprehensive Categorization: Violation of Secure Design Principles Yes
CWE:1419 Incorrect Initialization of Resource Yes
CWE:1420 Exposure of Sensitive Information during Transient Execution No
CWE:1421 Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution No
CWE:1422 Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution No
CWE:1423 Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution No
CWE:1424 Weaknesses Addressed by ISA/IEC 62443 Requirements Yes
CWE:1425 Weaknesses in the 2023 CWE Top 25 Most Dangerous Software Weaknesses Yes
CWE:2000 Comprehensive CWE Dictionary Yes
Was this article helpful?
2 out of 2 found this helpful

Articles in this section

See more
White Papers
Read our white papers to find useful information about software development in the IoT era, where devices must not only function with impeccable quality and safety but also remain resilient to cyber-attacks.
Product Sheets
Read our datasheets and company briefs to gain quick insights into our solutions, products, and integrations, including their capabilities, benefits, and supported environments.
TalkSecure
Topics relating to DevSecOps, application security testing (AST), binary analysis, product security, software assurance and others.
X