970 indexed
CWECWE weaknesses
970 MITRE CWE entries — software weakness types that underlie vulnerabilities (CVE→CWE link). Filter by category. Authored by Adam Lundqvist.
Showing 201–250 of 644 in Other · page 5 of 13
| ID | Title | Summary |
|---|---|---|
| CWE-1428 | Reliance on HTTP instead of HTTPS | The product provides or relies on use of HTTP communications when HTTPS is available. |
| CWE-1429 | Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface | The product has a hardware interface that silently discards operations in situations for which feedback would be security-relevant, such as the timely de… |
| CWE-143 | Improper Neutralization of Record Delimiters | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as reco… |
| CWE-1431 | Driving Intermediate Cryptographic State/Results to Hardware Module Outputs | The product uses a hardware module implementing a cryptographic algorithm that writes sensitive information about the intermediate state or results of … |
| CWE-1434 | Insecure Setting of Generative AI/ML Model Inference Parameters | The product has a component that relies on a generative AI/ML model configured with inference parameters that produce an unacceptably high rate of errone… |
| CWE-144 | Improper Neutralization of Line Delimiters | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as line… |
| CWE-145 | Improper Neutralization of Section Delimiters | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as sect… |
| CWE-146 | Improper Neutralization of Expression/Command Delimiters | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as expr… |
| CWE-147 | Improper Neutralization of Input Terminators | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as inpu… |
| CWE-148 | Improper Neutralization of Input Leaders | The product does not properly handle when a leading character or sequence ("leader") is missing or malformed, or if multiple leaders are used when only one sho… |
| CWE-149 | Improper Neutralization of Quoting Syntax | Quotes injected into a product can be used to compromise a system. As data are parsed, an injected/absent/duplicate/malformed use of quotes may cause the proce… |
| CWE-150 | Improper Neutralization of Escape, Meta, or Control Sequences | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as esca… |
| CWE-151 | Improper Neutralization of Comment Delimiters | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as comm… |
| CWE-152 | Improper Neutralization of Macro Symbols | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as macr… |
| CWE-153 | Improper Neutralization of Substitution Characters | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as subs… |
| CWE-154 | Improper Neutralization of Variable Name Delimiters | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as vari… |
| CWE-155 | Improper Neutralization of Wildcards or Matching Symbols | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wild… |
| CWE-156 | Improper Neutralization of Whitespace | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as whit… |
| CWE-157 | Failure to Sanitize Paired Delimiters | The product does not properly handle the characters that are used to mark the beginning and ending of a group of entities, such as parentheses, brackets, and b… |
| CWE-158 | Improper Neutralization of Null Byte or NUL Character | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to… |
| CWE-159 | Improper Handling of Invalid Use of Special Elements | The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause advers… |
| CWE-160 | Improper Neutralization of Leading Special Elements | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes leading special elements that could be interpreted… |
| CWE-161 | Improper Neutralization of Multiple Leading Special Elements | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple leading special elements that could be in… |
| CWE-162 | Improper Neutralization of Trailing Special Elements | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes trailing special elements that could be interprete… |
| CWE-163 | Improper Neutralization of Multiple Trailing Special Elements | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple trailing special elements that could be i… |
| CWE-164 | Improper Neutralization of Internal Special Elements | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes internal special elements that could be interprete… |
| CWE-165 | Improper Neutralization of Multiple Internal Special Elements | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple internal special elements that could be i… |
| CWE-166 | Improper Handling of Missing Special Element | The product receives input from an upstream component, but it does not handle or incorrectly handles when an expected special element is missing. |
| CWE-167 | Improper Handling of Additional Special Element | The product receives input from an upstream component, but it does not handle or incorrectly handles when an additional unexpected special element is provided. |
| CWE-168 | Improper Handling of Inconsistent Special Elements | The product does not properly handle input in which an inconsistency exists between two or more special characters or reserved words. An example of this probl… |
| CWE-170 | Improper Null Termination | The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator. Null termination errors frequently … |
| CWE-172 | Encoding Error | The product does not properly encode or decode the data, resulting in unexpected values. |
| CWE-173 | Improper Handling of Alternate Encoding | The product does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent. |
| CWE-174 | Double Decoding of the Same Data | The product decodes the same input twice, which can limit the effectiveness of any protection mechanism that occurs in between the decoding operations. |
| CWE-175 | Improper Handling of Mixed Encoding | The product does not properly handle when the same input uses several different (mixed) encodings. |
| CWE-176 | Improper Handling of Unicode Encoding | The product does not properly handle when an input contains Unicode encoding. |
| CWE-177 | Improper Handling of URL Encoding (Hex Encoding) | The product does not properly handle when all or part of an input has been URL encoded. |
| CWE-178 | Improper Handling of Case Sensitivity | The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent r… |
| CWE-179 | Incorrect Behavior Order: Early Validation | The product validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous i… |
| CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize | The product validates input before it is canonicalized, which prevents the product from detecting data that becomes invalid after the canonicalization step. T… |
| CWE-181 | Incorrect Behavior Order: Validate Before Filter | The product validates data before it has been filtered, which prevents the product from detecting data that becomes invalid after the filtering step. This can… |
| CWE-182 | Collapse of Data into Unsafe Value | The product filters data in a way that causes it to be reduced or "collapsed" into an unsafe value that violates an expected security property. |
| CWE-183 | Permissive List of Allowed Inputs | The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the input… |
| CWE-184 | Incomplete List of Disallowed Inputs | The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require oth… |
| CWE-185 | Incorrect Regular Expression | The product specifies a regular expression in a way that causes data to be improperly matched or compared. When the regular expression is used in protection m… |
| CWE-186 | Overly Restrictive Regular Expression | A regular expression is overly restrictive, which prevents dangerous values from being detected. This weakness is not about regular expression complexity. Rat… |
| CWE-187 | Partial String Comparison | The product performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resulta… |
| CWE-191 | Integer Underflow (Wrap or Wraparound) | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal t… |
| CWE-192 | Integer Coercion Error | Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types. Several flaws fall under the categ… |
| CWE-193 | Off-by-one Error | A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value. |