970 indexed
CWECWE weaknesses
970 MITRE CWE entries — software weakness types that underlie vulnerabilities (CVE→CWE link). Filter by category. Authored by Adam Lundqvist.
25 in Authz · 970 total
| ID | Title | Summary |
|---|---|---|
| CWE-1268 | Policy Privileges are not Assigned Consistently Between Control and Data Agents | The product's hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies. … |
| CWE-250 | Execution with Unnecessary Privileges | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequenc… |
| CWE-264 | CWE-264: Permissions, Privileges, and Access Controls | Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control. |
| CWE-266 | Incorrect Privilege Assignment | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-267 | Privilege Defined With Unsafe Actions | A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity. |
| CWE-268 | Privilege Chaining | Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed with… |
| CWE-269 | Improper Privilege Management | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
| CWE-270 | Privilege Context Switching Error | The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control. |
| CWE-271 | Privilege Dropping / Lowering Errors | The product does not drop privileges before passing control of a resource to an actor that does not have those privileges. In some contexts, a system executin… |
| CWE-272 | Least Privilege Violation | The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed. |
| CWE-273 | Improper Check for Dropped Privileges | The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. If the drop fails, the product will continue to… |
| CWE-274 | Improper Handling of Insufficient Privileges | The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses. |
| CWE-276 | Incorrect Default Permissions | During installation, installed file permissions are set to allow anyone to modify those files. |
| CWE-277 | Insecure Inherited Permissions | A product defines a set of insecure permissions that are inherited by objects that are created by the program. |
| CWE-278 | Insecure Preserved Inherited Permissions | A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement. |
| CWE-279 | Incorrect Execution-Assigned Permissions | While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user. |
| CWE-280 | Improper Handling of Insufficient Permissions or Privileges | The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. … |
| CWE-281 | Improper Preservation of Permissions | The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less r… |
| CWE-378 | Creation of Temporary File With Insecure Permissions | Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack. |
| CWE-379 | Creation of Temporary File in Directory with Insecure Permissions | The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file. … |
| CWE-648 | Incorrect Use of Privileged APIs | The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causi… |
| CWE-650 | Trusting HTTP Permission Methods on the Server Side | The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. … |
| CWE-689 | Permission Race Condition During Resource Copy | The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource ex… |
| CWE-732 | Incorrect Permission Assignment for Critical Resource | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. When a reso… |
| CWE-9 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the product. If the EJB deployment de… |