970 indexed
CWECWE weaknesses
970 MITRE CWE entries — software weakness types that underlie vulnerabilities (CVE→CWE link). Filter by category. Authored by Adam Lundqvist.
Showing 51–100 of 644 in Other · page 2 of 13
| ID | Title | Summary |
|---|---|---|
| CWE-1082 | Class Instance Self Destruction Control Element | The code contains a class instance that calls the method or function to delete or destroy itself. |
| CWE-1083 | Data Access from Outside Expected Data Manager Component | The product is intended to manage data access through a particular data manager component such as a relational or non-SQL database, but it contains code that p… |
| CWE-1084 | Invokable Control Element with Excessive File or Data Access Operations | A function or method contains too many operations that utilize a data manager or file resource. |
| CWE-1085 | Invokable Control Element with Excessive Volume of Commented-out Code | A function, method, procedure, etc. contains an excessive amount of code that has been commented out within its body. |
| CWE-1086 | Class with Excessive Number of Child Classes | A class contains an unnecessarily large number of children. |
| CWE-1087 | Class with Virtual Method without a Virtual Destructor | A class contains a virtual method, but the method does not have an associated virtual destructor. |
| CWE-1089 | Large Data Table with Excessive Number of Indices | The product uses a large data table that contains an excessively large number of indices. |
| CWE-109 | Struts: Validator Turned Off | Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to oth… |
| CWE-1090 | Method Containing Access of a Member Element from Another Class | A method for a class performs an operation that directly accesses a member element from another class. |
| CWE-1091 | Use of Object without Invoking Destructor Method | The product contains a method that accesses an object but does not later invoke the element's associated finalize/destructor method. |
| CWE-1092 | Use of Same Invokable Control Element in Multiple Architectural Layers | The product uses the same control element across multiple architectural layers. |
| CWE-1093 | Excessively Complex Data Representation | The product uses an unnecessarily complex internal representation for its data structures or interrelationships between those structures. |
| CWE-1095 | Loop Condition Value Update within the Loop | The product uses a loop with a control flow condition based on a value that is updated within the body of the loop. |
| CWE-1097 | Persistent Storable Data Element without Associated Comparison Control Element | The product uses a storable data element that does not have all of the associated functions or methods that are necessary to support comparison. |
| CWE-1099 | Inconsistent Naming Conventions for Identifiers | The product's code, documentation, or other artifacts do not consistently use the same naming conventions for variables, callables, groups of related… |
| CWE-110 | Struts: Validator Without Form Field | Validation fields that do not appear in forms they are associated with indicate that the validation logic is out of date. |
| CWE-1100 | Insufficient Isolation of System-Dependent Functions | The product or code does not isolate system-dependent functionality into separate standalone modules. |
| CWE-1101 | Reliance on Runtime Component in Generated Code | The product uses automatically-generated code that cannot be executed without a specific runtime support component. |
| CWE-1102 | Reliance on Machine-Dependent Data Representation | The code uses a data representation that relies on low-level data representation or constructs that may vary across different processors, physical ma… |
| CWE-1103 | Use of Platform-Dependent Third Party Components | The product relies on third-party components that do not provide equivalent functionality across all desirable platforms. |
| CWE-1104 | Use of Unmaintained Third Party Components | The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the origi… |
| CWE-1105 | Insufficient Encapsulation of Machine-Dependent Functionality | The product or code uses machine-dependent functionality, but it does not sufficiently encapsulate or isolate this functionality from the rest of the… |
| CWE-1106 | Insufficient Use of Symbolic Constants | The source code uses literal constants that may need to change or evolve over time, instead of using symbolic constants. |
| CWE-1107 | Insufficient Isolation of Symbolic Constant Definitions | The source code uses symbolic constants, but it does not sufficiently place the definitions of these constants into a more centralized or isolated lo… |
| CWE-1108 | Excessive Reliance on Global Variables | The code is structured in a way that relies too much on using or setting global variables throughout various points in the code, instead of preservin… |
| CWE-1109 | Use of Same Variable for Multiple Purposes | The code contains a callable, block, or other code element in which the same variable is used to control more than one unique task or store more than… |
| CWE-111 | Direct Use of Unsafe JNI | When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses … |
| CWE-1110 | Incomplete Design Documentation | The product's design documentation does not adequately describe control flow, data flow, system initialization, relationships between tasks, componen… |
| CWE-1111 | Incomplete I/O Documentation | The product's documentation does not adequately define inputs, outputs, or system/software interfaces. |
| CWE-1112 | Incomplete Documentation of Program Execution | The document does not fully define all mechanisms that are used to control or influence how product-specific programs are executed. |
| CWE-1113 | Inappropriate Comment Style | The source code uses comment styles or formats that are inconsistent or do not follow expected standards for the product. |
| CWE-1114 | Inappropriate Whitespace Style | The source code contains whitespace that is inconsistent across the code or does not follow expected standards for the product. |
| CWE-1115 | Source Code Element without Standard Prologue | The source code contains elements such as source files that do not consistently provide a prologue or header that has been standardized for the proj… |
| CWE-1116 | Inaccurate Source Code Comments | The source code contains comments that do not accurately describe or explain aspects of the portion of the code with which the comment is associated. |
| CWE-1117 | Callable with Insufficient Behavioral Summary | The code contains a function or method whose signature and/or associated inline documentation does not sufficiently describe the callable's inputs, output… |
| CWE-1118 | Insufficient Documentation of Error Handling Techniques | The documentation does not sufficiently describe the techniques that are used for error handling, exception processing, or similar mechanisms. |
| CWE-1119 | Excessive Use of Unconditional Branching | The code uses too many unconditional branches (such as "goto"). |
| CWE-112 | Missing XML Validation | The product accepts XML from an untrusted source but does not validate the XML against the proper schema. Most successful attacks begin with a violation of th… |
| CWE-1120 | Excessive Code Complexity | The code is too complex, as calculated using a well-defined, quantitative measure. |
| CWE-1121 | Excessive McCabe Cyclomatic Complexity | The code contains McCabe cyclomatic complexity that exceeds a desirable maximum. |
| CWE-1122 | Excessive Halstead Complexity | The code is structured in a way that a Halstead complexity measure exceeds a desirable maximum. |
| CWE-1123 | Excessive Use of Self-Modifying Code | The product uses too much self-modifying code. |
| CWE-1124 | Excessively Deep Nesting | The code contains a callable or other code grouping in which the nesting / branching is too deep. |
| CWE-1125 | Excessive Attack Surface | The product has an attack surface whose quantitative measurement exceeds a desirable maximum. |
| CWE-1126 | Declaration of Variable with Unnecessarily Wide Scope | The source code declares a variable in one scope, but the variable is only used within a narrower scope. |
| CWE-1127 | Compilation with Insufficient Warnings or Errors | The code is compiled without sufficient warnings enabled, which may prevent the detection of subtle bugs or quality issues. |
| CWE-113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') | The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and L… |
| CWE-114 | Process Control | Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and pay… |
| CWE-115 | Misinterpretation of Input | The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion. |
| CWE-116 | Improper Encoding or Escaping of Output | The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly.… |