970 indexed
CWECWE weaknesses
970 MITRE CWE entries — software weakness types that underlie vulnerabilities (CVE→CWE link). Filter by category. Authored by Adam Lundqvist.
Showing 1–50 of 644 in Other · page 1 of 13
| ID | Title | Summary |
|---|---|---|
| CWE-1007 | Insufficient Visual Distinction of Homoglyphs Presented to User | The product displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar… |
| CWE-102 | Struts: Duplicate Validation Forms | The product uses multiple validation forms with the same name, which might cause the Struts Validator to validate a form that the programmer does not expect. … |
| CWE-1021 | Improper Restriction of Rendered UI Layers or Frames | The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain. |
| CWE-1022 | Use of Web Link to Untrusted Target with window.opener Access | The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modify… |
| CWE-1023 | Incomplete Comparison with Missing Factors | The product performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include o… |
| CWE-1024 | Comparison of Incompatible Types | The product performs a comparison between two entities, but the entities are of different, incompatible types that cannot be guaranteed to provide correct resu… |
| CWE-1025 | Comparison Using Wrong Factors | The code performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorr… |
| CWE-103 | Struts: Incomplete validate() Method Definition | The product has a validator form that either does not define a validate() method, or defines a validate() method but does not call super.validate(). |
| CWE-1037 | Processor Optimization Removal or Modification of Security-critical Code | The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechani… |
| CWE-1038 | Insecure Automated Optimizations | The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an uninten… |
| CWE-1039 | Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism | The product uses an automated mechanism such as machine learning to recognize complex data inputs (e.g. image or audio) as a particular concept or category, bu… |
| CWE-104 | Struts: Form Bean Does Not Extend Validation Class | If a form bean does not extend an ActionForm subclass of the Validator framework, it can expose the application to other weaknesses related to insufficient inp… |
| CWE-1041 | Use of Redundant Code | The product has multiple functions, methods, procedures, macros, etc. that contain the same code. |
| CWE-1042 | Static Member Data Element outside of a Singleton Class Element | The code contains a member element that is declared as static (but not final), in which its parent class element is not a singleton class - that is,… |
| CWE-1043 | Data Element Aggregating an Excessively Large Number of Non-Primitive Elements | The product uses a data element that has an excessively large number of sub-elements with non-primitive data types such as structures or aggregated object… |
| CWE-1044 | Architecture with Number of Horizontal Layers Outside of Expected Range | The product's architecture contains too many - or too few - horizontal layers. |
| CWE-1045 | Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor | A parent class has a virtual destructor method, but the parent has a child class that does not have a virtual destructor. |
| CWE-1046 | Creation of Immutable Text Using String Concatenation | The product creates an immutable text string using string concatenation operations. |
| CWE-1047 | Modules with Circular Dependencies | The product contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies. As an example, with Java, th… |
| CWE-1048 | Invokable Control Element with Large Number of Outward Calls | The code contains callable control elements that contain an excessively large number of references to other application objects external to t… |
| CWE-1049 | Excessive Data Query Operations in a Large Data Table | The product performs a data query with a large number of joins and sub-queries on a large data table. |
| CWE-105 | Struts: Form Field Without Validator | The product has a form field that is not validated by a corresponding validation form, which can introduce other weaknesses related to insufficient input valid… |
| CWE-1052 | Excessive Use of Hard-Coded Literals in Initialization | The product initializes a data element using a hard-coded literal that is not a simple integer or static constant element. |
| CWE-1053 | Missing Documentation for Design | The product does not have documentation that represents how it is designed. |
| CWE-1054 | Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer | The code at one architectural layer invokes code that resides at a deeper layer than the adjacent layer, i.e., the invocation skips at least one laye… |
| CWE-1055 | Multiple Inheritance from Concrete Classes | The product contains a class with inheritance from more than one concrete class. |
| CWE-1056 | Invokable Control Element with Variadic Parameters | A named-callable or method control element has a signature that supports a variable (variadic) number of parameters or arguments. |
| CWE-1057 | Data Access Operations Outside of Expected Data Manager Component | The product uses a dedicated, central data manager component as required by design, but it contains code that performs data-access operations that do not use t… |
| CWE-1058 | Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | The code contains a function or method that operates in a multi-threaded environment but owns an unsafe non-final static storable or … |
| CWE-1059 | Insufficient Technical Documentation | The product does not contain sufficient technical or engineering documentation (whether on paper or in electronic form) that contains descrip… |
| CWE-106 | Struts: Plug-in Framework not in Use | When an application does not use an input validation framework such as the Struts Validator, there is a greater risk of introducing weaknesses related to insuf… |
| CWE-1060 | Excessive Number of Inefficient Server-Side Data Accesses | The product performs too many data queries without using efficient data processing functionality such as stored procedures. |
| CWE-1061 | Insufficient Encapsulation | The product does not sufficiently hide the internal representation and implementation details of data or methods, which might allow external components or modu… |
| CWE-1062 | Parent Class with References to Child Class | The code has a parent class that contains references to a child class, its methods, or its members. |
| CWE-1063 | Creation of Class Instance within a Static Code Block | A static code block creates an instance of a class. |
| CWE-1064 | Invokable Control Element with Signature Containing an Excessive Number of Parameters | The product contains a function, subroutine, or method whose signature has an unnecessarily large number of parameters/arguments. |
| CWE-1066 | Missing Serialization Control Element | The product contains a serializable data element that does not have an associated serialization method. |
| CWE-1068 | Inconsistency Between Implementation and Documented Design | The implementation of the product is not consistent with the design as described within the relevant documentation. |
| CWE-1069 | Empty Exception Block | An invokable code block contains an exception handling block that does not contain any code, i.e. is empty. |
| CWE-107 | Struts: Unused Validation Form | An unused validation form indicates that validation logic is not up-to-date. |
| CWE-1070 | Serializable Data Element Containing non-Serializable Item Elements | The product contains a serializable, storable data element such as a field or member, but the data element contains member elements that are not seri… |
| CWE-1071 | Empty Code Block | The source code contains a block that does not contain any code, i.e., the block is empty. |
| CWE-1074 | Class with Excessively Deep Inheritance | A class has an inheritance level that is too high, i.e., it has a large number of parent classes. |
| CWE-1075 | Unconditional Control Flow Transfer outside of Switch Block | The product performs unconditional control transfer (such as a "goto") in code outside of a branching structure such as a switch block. |
| CWE-1076 | Insufficient Adherence to Expected Conventions | The product's architecture, source code, design, documentation, or other artifact does not follow required conventions. |
| CWE-1077 | Floating Point Comparison with Incorrect Operator | The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not… |
| CWE-1078 | Inappropriate Source Code Style or Formatting | The source code does not follow desired style or formatting for indentation, white space, comments, etc. |
| CWE-1079 | Parent Class without Virtual Destructor Method | A parent class contains one or more child classes, but the parent class does not have a virtual destructor method. |
| CWE-108 | Struts: Unvalidated Action Form | Every Action Form must have a corresponding validation form. If a Struts Action Form Mapping specifies a form, it must have a validation form defined under th… |
| CWE-1080 | Source Code File with Excessive Number of Lines of Code | A source code file has too many lines of code. |