970 indexed
CWECWE weaknesses
970 MITRE CWE entries — software weakness types that underlie vulnerabilities (CVE→CWE link). Filter by category. Authored by Adam Lundqvist.
Showing 251–300 of 644 in Other · page 6 of 13
| ID | Title | Summary |
|---|---|---|
| CWE-194 | Unexpected Sign Extension | The product performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is ne… |
| CWE-195 | Signed to Unsigned Conversion Error | The product uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive ca… |
| CWE-196 | Unsigned to Signed Conversion Error | The product uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive … |
| CWE-197 | Numeric Truncation Error | Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. When a primitive is cast to a smaller pr… |
| CWE-198 | Use of Incorrect Byte Ordering | The product receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input,… |
| CWE-20 | Improper Input Validation | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to pr… |
| CWE-203 | Observable Discrepancy | The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor. |
| CWE-204 | Observable Response Discrepancy | The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended… |
| CWE-205 | Observable Behavioral Discrepancy | The product's behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision pro… |
| CWE-206 | Observable Internal Behavioral Discrepancy | The product performs multiple behaviors that are combined to produce a single result, but the individual behaviors are observable separately in a way that allo… |
| CWE-207 | Observable Behavioral Discrepancy With Equivalent Products | The product operates in an environment in which its existence or specific identity should not be known, but it behaves differently than other products with equ… |
| CWE-208 | Observable Timing Discrepancy | Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant infor… |
| CWE-216 | DEPRECATED: Containment Errors (Container Errors) | This entry has been deprecated, as it was not effective as a weakness and was structured more like a category. In addition, the name is inappropriate, since th… |
| CWE-217 | DEPRECATED: Failure to Protect Stored Data from Modification | This entry has been deprecated because it incorporated and confused multiple weaknesses. The issues formerly covered in this entry can be found at CWE-766 and … |
| CWE-218 | DEPRECATED: Failure to provide confidentiality for stored data | This weakness has been deprecated because it was a duplicate of CWE-493. All content has been transferred to CWE-493. |
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directo… |
| CWE-221 | Information Loss or Omission | The product does not record, or improperly records, security-relevant information that leads to an incorrect decision or hampers later analysis. |
| CWE-222 | Truncation of Security-relevant Information | The product truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack. |
| CWE-223 | Omission of Security-relevant Information | The product does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is sa… |
| CWE-224 | Obscured Security-relevant Information by Alternate Name | The product records security-relevant information according to an alternate name of the affected entity, instead of the canonical name. |
| CWE-225 | DEPRECATED: General Information Management Problems | This weakness can be found at CWE-199. |
| CWE-228 | Improper Handling of Syntactically Invalid Structure | The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification. |
| CWE-229 | Improper Handling of Values | The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are u… |
| CWE-23 | Relative Path Traversal | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as "..… |
| CWE-230 | Improper Handling of Missing Values | The product does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empt… |
| CWE-231 | Improper Handling of Extra Values | The product does not handle or incorrectly handles when more values are provided than expected. |
| CWE-232 | Improper Handling of Undefined Values | The product does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name. |
| CWE-233 | Improper Handling of Parameters | The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefine… |
| CWE-234 | Failure to Handle Missing Parameter | If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arg… |
| CWE-235 | Improper Handling of Extra Parameters | The product does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount. |
| CWE-236 | Improper Handling of Undefined Parameters | The product does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product. |
| CWE-237 | Improper Handling of Structural Elements | The product does not handle or incorrectly handles inputs that are related to complex structures. |
| CWE-238 | Improper Handling of Incomplete Structural Elements | The product does not handle or incorrectly handles when a particular structural element is not completely specified. |
| CWE-239 | Failure to Handle Incomplete Element | The product does not properly handle when a particular element is not completely specified. |
| CWE-24 | Path Traversal: '../filedir' | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that … |
| CWE-240 | Improper Handling of Inconsistent Structural Elements | The product does not handle or incorrectly handles when two or more structural elements should be consistent, but are not. |
| CWE-241 | Improper Handling of Unexpected Data Type | The product does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a let… |
| CWE-242 | Use of Inherently Dangerous Function | The product calls a function that can never be guaranteed to work safely. Certain functions behave in dangerous ways regardless of how they are used. Function… |
| CWE-243 | Creation of chroot Jail Without Changing Working Directory | The product uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside … |
| CWE-245 | J2EE Bad Practices: Direct Management of Connections | The J2EE application directly manages connections, instead of using the container's connection management facilities. The J2EE standard forbids the direct man… |
| CWE-246 | J2EE Bad Practices: Direct Use of Sockets | The J2EE application directly uses sockets instead of using framework method calls. |
| CWE-247 | DEPRECATED: Reliance on DNS Lookups in a Security Decision | This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350. |
| CWE-248 | Uncaught Exception | An exception is thrown from a function, but it is not caught. When an exception is not caught, it may cause the program to crash or expose sensitive informati… |
| CWE-249 | DEPRECATED: Often Misused: Path Manipulation | This entry has been deprecated because of name confusion and an accidental combination of multiple weaknesses. Most of its content has been transferred to C… |
| CWE-25 | Path Traversal: '/../filedir' | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/../" sequences that… |
| CWE-252 | Unchecked Return Value | The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions. Two common progra… |
| CWE-253 | Incorrect Check of Function Return Value | The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions. Important and common functio… |
| CWE-26 | Path Traversal: '/dir/../filename' | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" se… |
| CWE-27 | Path Traversal: 'dir/../../filename' | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal "..… |
| CWE-28 | Path Traversal: '..\filedir' | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "..\" sequences that … |