970 indexed
CWECWE weaknesses
970 MITRE CWE entries — software weakness types that underlie vulnerabilities (CVE→CWE link). Filter by category. Authored by Adam Lundqvist.
Showing 801–850 of 970 · page 17 of 20
| ID | Title | Summary |
|---|---|---|
| CWE-669 | Incorrect Resource Transfer Between Spheres | The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that p… |
| CWE-67 | Improper Handling of Windows Device Names | The product constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON.… |
| CWE-670 | Always-Incorrect Control Flow Implementation | The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this p… |
| CWE-671 | Lack of Administrator Control over Security | The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect the environment in which the … |
| CWE-672 | Operation on a Resource after Expiration or Release | The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked. |
| CWE-673 | External Influence of Sphere Definition | The product does not prevent the definition of control spheres from external actors. Typically, a product defines its control sphere within the code itself, o… |
| CWE-674 | Uncontrolled Recursion | The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. |
| CWE-675 | Multiple Operations on Resource in Single-Operation Context | The product performs the same operation on a resource two or more times, when the operation should only be applied once. |
| CWE-676 | Use of Potentially Dangerous Function | The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely. |
| CWE-680 | Integer Overflow to Buffer Overflow | The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than exp… |
| CWE-681 | Incorrect Conversion between Numeric Types | When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resu… |
| CWE-682 | Incorrect Calculation | The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management. W… |
| CWE-683 | Function Call With Incorrect Order of Arguments | The product calls a function, procedure, or routine, but the caller specifies the arguments in an incorrect order, leading to resultant weaknesses. While this… |
| CWE-684 | Incorrect Provision of Specified Functionality | The code does not function according to its published specifications, potentially leading to incorrect usage. When providing functionality to an external part… |
| CWE-685 | Function Call With Incorrect Number of Arguments | The product calls a function, procedure, or routine, but the caller specifies too many arguments, or too few arguments, which may lead to undefined behavior an… |
| CWE-686 | Function Call With Incorrect Argument Type | The product calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses. … |
| CWE-687 | Function Call With Incorrectly Specified Argument Value | The product calls a function, procedure, or routine, but the caller specifies an argument that contains the wrong value, which may lead to resultant weaknesses. |
| CWE-688 | Function Call With Incorrect Variable or Reference as Argument | The product calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefi… |
| CWE-689 | Permission Race Condition During Resource Copy | The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource ex… |
| CWE-69 | Improper Handling of Windows ::DATA Alternate Data Stream | The product does not properly prevent access to, or detect usage of, alternate data streams (ADS). An attacker can use an ADS to hide information about a file… |
| CWE-690 | Unchecked Return Value to NULL Pointer Dereference | The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL poi… |
| CWE-691 | Insufficient Control Flow Management | The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways. |
| CWE-692 | Incomplete Denylist to Cross-Site Scripting | The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed. While … |
| CWE-693 | Protection Mechanism Failure | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. This weakne… |
| CWE-694 | Use of Multiple Resources with Duplicate Identifier | The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required. If the product assumes that each… |
| CWE-695 | Use of Low-Level Functionality | The product uses low-level functionality that is explicitly prohibited by the framework or specification under which the product is supposed to operate. The u… |
| CWE-696 | Incorrect Behavior Order | The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses. |
| CWE-697 | Incorrect Comparison | The product compares two entities in a security-relevant context, but the comparison is incorrect. |
| CWE-698 | Execution After Redirect (EAR) | The web application sends a redirect to another location, but instead of exiting, it executes additional code. |
| CWE-7 | J2EE Misconfiguration: Missing Custom Error Page | The default error page of a web application should not display sensitive information about the product. |
| CWE-703 | Improper Check or Handling of Exceptional Conditions | The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product. |
| CWE-704 | Incorrect Type Conversion or Cast | The product does not correctly convert an object, resource, or structure from one type to a different type. |
| CWE-705 | Incorrect Control Flow Scoping | The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition. |
| CWE-706 | Use of Incorrectly-Resolved Name or Reference | The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere. |
| CWE-707 | Improper Neutralization | The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being r… |
| CWE-708 | Incorrect Ownership Assignment | The product assigns an owner to a resource, but the owner is outside of the intended control sphere. This may allow the resource to be manipulated by actors o… |
| CWE-71 | DEPRECATED: Apple '.DS_Store' | This entry has been deprecated as it represents a specific observed example of a UNIX Hard Link weakness type rather than its own individual weakness type. Ple… |
| CWE-710 | Improper Adherence to Coding Standards | The product does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabili… |
| CWE-72 | Improper Handling of Apple HFS+ Alternate Data Stream Path | The product does not properly handle special paths that may identify the data or resource fork of a file on the HFS+ file system. If the product chooses actio… |
| CWE-73 | External Control of File Name or Path | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
| CWE-732 | Incorrect Permission Assignment for Critical Resource | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. When a reso… |
| CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code | The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or m… |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutra… |
| CWE-749 | Exposed Dangerous Method or Function | The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a danger… |
| CWE-75 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) | The product does not adequately filter user-controlled input for special elements with control implications. |
| CWE-754 | Improper Check for Unusual or Exceptional Conditions | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of… |
| CWE-755 | Improper Handling of Exceptional Conditions | The product does not handle or incorrectly handles an exceptional condition. |
| CWE-756 | Missing Custom Error Page | The product does not return custom error pages to the user, possibly exposing sensitive information. |
| CWE-757 | Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') | A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protecti… |
| CWE-758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior | The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity. T… |