970 indexed
CWECWE weaknesses
970 MITRE CWE entries — software weakness types that underlie vulnerabilities (CVE→CWE link). Filter by category. Authored by Adam Lundqvist.
Showing 51–100 of 970 · page 2 of 20
| ID | Title | Summary |
|---|---|---|
| CWE-1075 | Unconditional Control Flow Transfer outside of Switch Block | The product performs unconditional control transfer (such as a "goto") in code outside of a branching structure such as a switch block. |
| CWE-1076 | Insufficient Adherence to Expected Conventions | The product's architecture, source code, design, documentation, or other artifact does not follow required conventions. |
| CWE-1077 | Floating Point Comparison with Incorrect Operator | The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not… |
| CWE-1078 | Inappropriate Source Code Style or Formatting | The source code does not follow desired style or formatting for indentation, white space, comments, etc. |
| CWE-1079 | Parent Class without Virtual Destructor Method | A parent class contains one or more child classes, but the parent class does not have a virtual destructor method. |
| CWE-108 | Struts: Unvalidated Action Form | Every Action Form must have a corresponding validation form. If a Struts Action Form Mapping specifies a form, it must have a validation form defined under th… |
| CWE-1080 | Source Code File with Excessive Number of Lines of Code | A source code file has too many lines of code. |
| CWE-1082 | Class Instance Self Destruction Control Element | The code contains a class instance that calls the method or function to delete or destroy itself. |
| CWE-1083 | Data Access from Outside Expected Data Manager Component | The product is intended to manage data access through a particular data manager component such as a relational or non-SQL database, but it contains code that p… |
| CWE-1084 | Invokable Control Element with Excessive File or Data Access Operations | A function or method contains too many operations that utilize a data manager or file resource. |
| CWE-1085 | Invokable Control Element with Excessive Volume of Commented-out Code | A function, method, procedure, etc. contains an excessive amount of code that has been commented out within its body. |
| CWE-1086 | Class with Excessive Number of Child Classes | A class contains an unnecessarily large number of children. |
| CWE-1087 | Class with Virtual Method without a Virtual Destructor | A class contains a virtual method, but the method does not have an associated virtual destructor. |
| CWE-1088 | Synchronous Access of Remote Resource without Timeout | The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite. |
| CWE-1089 | Large Data Table with Excessive Number of Indices | The product uses a large data table that contains an excessively large number of indices. |
| CWE-109 | Struts: Validator Turned Off | Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to oth… |
| CWE-1090 | Method Containing Access of a Member Element from Another Class | A method for a class performs an operation that directly accesses a member element from another class. |
| CWE-1091 | Use of Object without Invoking Destructor Method | The product contains a method that accesses an object but does not later invoke the element's associated finalize/destructor method. |
| CWE-1092 | Use of Same Invokable Control Element in Multiple Architectural Layers | The product uses the same control element across multiple architectural layers. |
| CWE-1093 | Excessively Complex Data Representation | The product uses an unnecessarily complex internal representation for its data structures or interrelationships between those structures. |
| CWE-1094 | Excessive Index Range Scan for a Data Resource | The product contains an index range scan for a large data table, but the scan can cover a large number of rows. |
| CWE-1095 | Loop Condition Value Update within the Loop | The product uses a loop with a control flow condition based on a value that is updated within the body of the loop. |
| CWE-1096 | Singleton Class Instance Creation without Proper Locking or Synchronization | The product implements a Singleton design pattern but does not use appropriate locking or other synchronization mechanism to ensure that the singleton class is… |
| CWE-1097 | Persistent Storable Data Element without Associated Comparison Control Element | The product uses a storable data element that does not have all of the associated functions or methods that are necessary to support comparison. |
| CWE-1098 | Data Element containing Pointer Item without Proper Copy Control Element | The code contains a data element with a pointer that does not have an associated copy or constructor method. |
| CWE-1099 | Inconsistent Naming Conventions for Identifiers | The product's code, documentation, or other artifacts do not consistently use the same naming conventions for variables, callables, groups of related… |
| CWE-11 | ASP.NET Misconfiguration: Creating Debug Binary | Debugging messages help attackers learn about the system and plan a form of attack. ASP .NET applications can be configured to produce debug binaries. These b… |
| CWE-110 | Struts: Validator Without Form Field | Validation fields that do not appear in forms they are associated with indicate that the validation logic is out of date. |
| CWE-1100 | Insufficient Isolation of System-Dependent Functions | The product or code does not isolate system-dependent functionality into separate standalone modules. |
| CWE-1101 | Reliance on Runtime Component in Generated Code | The product uses automatically-generated code that cannot be executed without a specific runtime support component. |
| CWE-1102 | Reliance on Machine-Dependent Data Representation | The code uses a data representation that relies on low-level data representation or constructs that may vary across different processors, physical ma… |
| CWE-1103 | Use of Platform-Dependent Third Party Components | The product relies on third-party components that do not provide equivalent functionality across all desirable platforms. |
| CWE-1104 | Use of Unmaintained Third Party Components | The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the origi… |
| CWE-1105 | Insufficient Encapsulation of Machine-Dependent Functionality | The product or code uses machine-dependent functionality, but it does not sufficiently encapsulate or isolate this functionality from the rest of the… |
| CWE-1106 | Insufficient Use of Symbolic Constants | The source code uses literal constants that may need to change or evolve over time, instead of using symbolic constants. |
| CWE-1107 | Insufficient Isolation of Symbolic Constant Definitions | The source code uses symbolic constants, but it does not sufficiently place the definitions of these constants into a more centralized or isolated lo… |
| CWE-1108 | Excessive Reliance on Global Variables | The code is structured in a way that relies too much on using or setting global variables throughout various points in the code, instead of preservin… |
| CWE-1109 | Use of Same Variable for Multiple Purposes | The code contains a callable, block, or other code element in which the same variable is used to control more than one unique task or store more than… |
| CWE-111 | Direct Use of Unsafe JNI | When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses … |
| CWE-1110 | Incomplete Design Documentation | The product's design documentation does not adequately describe control flow, data flow, system initialization, relationships between tasks, componen… |
| CWE-1111 | Incomplete I/O Documentation | The product's documentation does not adequately define inputs, outputs, or system/software interfaces. |
| CWE-1112 | Incomplete Documentation of Program Execution | The document does not fully define all mechanisms that are used to control or influence how product-specific programs are executed. |
| CWE-1113 | Inappropriate Comment Style | The source code uses comment styles or formats that are inconsistent or do not follow expected standards for the product. |
| CWE-1114 | Inappropriate Whitespace Style | The source code contains whitespace that is inconsistent across the code or does not follow expected standards for the product. |
| CWE-1115 | Source Code Element without Standard Prologue | The source code contains elements such as source files that do not consistently provide a prologue or header that has been standardized for the proj… |
| CWE-1116 | Inaccurate Source Code Comments | The source code contains comments that do not accurately describe or explain aspects of the portion of the code with which the comment is associated. |
| CWE-1117 | Callable with Insufficient Behavioral Summary | The code contains a function or method whose signature and/or associated inline documentation does not sufficiently describe the callable's inputs, output… |
| CWE-1118 | Insufficient Documentation of Error Handling Techniques | The documentation does not sufficiently describe the techniques that are used for error handling, exception processing, or similar mechanisms. |
| CWE-1119 | Excessive Use of Unconditional Branching | The code uses too many unconditional branches (such as "goto"). |
| CWE-112 | Missing XML Validation | The product accepts XML from an untrusted source but does not validate the XML against the proper schema. Most successful attacks begin with a violation of th… |