970 indexed
CWECWE weaknesses
970 MITRE CWE entries — software weakness types that underlie vulnerabilities (CVE→CWE link). Filter by category. Authored by Adam Lundqvist.
Showing 1–50 of 60 in Logic · page 1 of 2
| ID | Title | Summary |
|---|---|---|
| CWE-1050 | Excessive Platform Resource Consumption within a Loop | The product has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, ses… |
| CWE-1065 | Runtime Resource Management Control Element in a Component Built to Run on Application Servers | The product uses deployed components from application servers, but it also uses low-level functions/methods for management of resources, instead of the API pro… |
| CWE-1067 | Excessive Execution of Sequential Searches of Data Resource | The product contains a data query against an SQL table or view that is configured in a way that does not utilize an index and may cause sequential se… |
| CWE-1072 | Data Resource Access without Use of Connection Pooling | The product accesses a data resource through a database without using a connection pooling capability. |
| CWE-1088 | Synchronous Access of Remote Resource without Timeout | The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite. |
| CWE-1094 | Excessive Index Range Scan for a Data Resource | The product contains an index range scan for a large data table, but the scan can cover a large number of rows. |
| CWE-1096 | Singleton Class Instance Creation without Proper Locking or Synchronization | The product implements a Singleton design pattern but does not use appropriate locking or other synchronization mechanism to ensure that the singleton class is… |
| CWE-118 | Incorrect Access of Indexable Resource ('Range Error') | The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memor… |
| CWE-1187 | DEPRECATED: Use of Uninitialized Resource | This entry has been deprecated because it was a duplicate of CWE-908. All content has been transferred to CWE-908. |
| CWE-1189 | Improper Isolation of Shared Resources on System-on-a-Chip (SoC) | The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents. |
| CWE-1223 | Race Condition for Write-Once Attributes | A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race co… |
| CWE-1229 | Creation of Emergent Resource | The product manages resources or behaves in a way that indirectly creates a new, distinct resource that can be used by attackers in violation of the intended p… |
| CWE-1264 | Hardware Logic with Insecure De-Synchronization between Control and Data Channels | The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete. |
| CWE-1298 | Hardware Logic Contains Race Conditions | A race condition in the hardware logic results in undermining security guarantees of the system. |
| CWE-1303 | Non-Transparent Sharing of Microarchitectural Resources | Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts. |
| CWE-1331 | Improper Isolation of Shared Resources in Network On Chip (NoC) | The Network On Chip (NoC) does not isolate or incorrectly isolates its on-chip-fabric and internal resources such that they are shared between trusted and untr… |
| CWE-1341 | Multiple Releases of Same Resource or Handle | The product attempts to close or release a resource or handle more than once, without any successful open between the close operations. |
| CWE-1419 | Incorrect Initialization of Resource | The product attempts to initialize a resource but does not correctly do so, which might leave the resource in an unexpected, incorrect, or insecure state when … |
| CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared … |
| CWE-363 | Race Condition Enabling Link Following | The product checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before … |
| CWE-364 | Signal Handler Race Condition | The product uses a signal handler that introduces a race condition. |
| CWE-365 | DEPRECATED: Race Condition in Switch | This entry has been deprecated. There are no documented cases in which a switch's control expression is evaluated more than once. It is likely that this entry… |
| CWE-366 | Race Condition within a Thread | If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of e… |
| CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalida… |
| CWE-368 | Context Switching Race Condition | A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an … |
| CWE-373 | DEPRECATED: State Synchronization Error | This entry was deprecated because it overlapped the same concepts as race condition (CWE-362) and Improper Synchronization (CWE-662). |
| CWE-400 | Uncontrolled Resource Consumption | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-404 | Improper Resource Shutdown or Release | The product does not release or incorrectly releases a resource before it is made available for re-use. When a resource is created or allocated, the developer… |
| CWE-405 | Asymmetric Resource Consumption (Amplification) | The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the ad… |
| CWE-410 | Insufficient Resource Pool | The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relat… |
| CWE-413 | Improper Resource Locking | The product does not lock or does not correctly lock a resource when the product must have exclusive access to the resource. When a resource is not properly l… |
| CWE-421 | Race Condition During Access to Alternate Channel | The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors. This creates a race condition th… |
| CWE-543 | Use of Singleton Pattern Without Synchronization in a Multithreaded Context | The product uses the singleton pattern when creating a resource within a multithreaded environment. The use of a singleton pattern may not be thread-safe. |
| CWE-567 | Unsynchronized Access to Shared Data in a Multithreaded Context | The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data cha… |
| CWE-574 | EJB Bad Practices: Use of Synchronization Primitives | The product violates the Enterprise JavaBeans (EJB) specification by using thread synchronization primitives. The Enterprise JavaBeans specification requires … |
| CWE-585 | Empty Synchronized Block | The product contains an empty synchronized block. An empty synchronized block does not actually accomplish any synchronization and may indicate a troubled sec… |
| CWE-610 | Externally Controlled Reference to a Resource in Another Sphere | The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere. |
| CWE-641 | Improper Restriction of Names for Files and Other Resources | The product constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resul… |
| CWE-66 | Improper Handling of File Names that Identify Virtual Resources | The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly specified within the directory that is… |
| CWE-662 | Improper Synchronization | The product utilizes multiple threads, processes, components, or systems to allow temporary access to a shared resource that can only be exclusive to one proce… |
| CWE-664 | Improper Control of a Resource Through its Lifetime | The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release. |
| CWE-666 | Operation on Resource in Wrong Phase of Lifetime | The product performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpected behaviors. A resource's lifecycle… |
| CWE-669 | Incorrect Resource Transfer Between Spheres | The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that p… |
| CWE-672 | Operation on a Resource after Expiration or Release | The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked. |
| CWE-675 | Multiple Operations on Resource in Single-Operation Context | The product performs the same operation on a resource two or more times, when the operation should only be applied once. |
| CWE-694 | Use of Multiple Resources with Duplicate Identifier | The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required. If the product assumes that each… |
| CWE-764 | Multiple Locks of a Critical Resource | The product locks a critical resource more times than intended, leading to an unexpected state in the system. When a product is operating in a concurrent envi… |
| CWE-765 | Multiple Unlocks of a Critical Resource | The product unlocks a critical resource more times than intended, leading to an unexpected state in the system. When the product is operating in a concurrent … |
| CWE-770 | Allocation of Resources Without Limits or Throttling | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resou… |
| CWE-771 | Missing Reference to Active Allocated Resource | The product does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed. This does not nece… |