970 indexed
CWECWE weaknesses
970 MITRE CWE entries — software weakness types that underlie vulnerabilities (CVE→CWE link). Filter by category. Authored by Adam Lundqvist.
Showing 251–300 of 970 · page 6 of 20
| ID | Title | Summary |
|---|---|---|
| CWE-1338 | Improper Protections Against Hardware Overheating | A hardware device is missing or has inadequate protection features to prevent overheating. |
| CWE-1339 | Insufficient Precision or Accuracy of a Real Number | The product processes a real number with an implementation in which the number's representation does not preserve required accuracy and precision in its fracti… |
| CWE-134 | Use of Externally-Controlled Format String | The product uses a function that accepts a format string as an argument, but the format string originates from an external source. |
| CWE-1341 | Multiple Releases of Same Resource or Handle | The product attempts to close or release a resource or handle more than once, without any successful open between the close operations. |
| CWE-1342 | Information Exposure through Microarchitectural State after Transient Execution | The processor does not properly clear microarchitectural state after incorrect microcode assists or speculative execution, resulting in transient execution. |
| CWE-135 | Incorrect Calculation of Multi-Byte String Length | The product does not correctly calculate the length of strings that can contain wide or multi-byte characters. |
| CWE-1351 | Improper Handling of Hardware Behavior in Exceptionally Cold Environments | A hardware device, or the firmware running on it, is missing or has incorrect protection features to maintain goals of security… |
| CWE-1357 | Reliance on Insufficiently Trustworthy Component | The product is built from multiple separate components, but it uses a component that is not sufficiently trusted to meet expectations for security, reliability… |
| CWE-138 | Improper Neutralization of Special Elements | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as cont… |
| CWE-1384 | Improper Handling of Physical or Environmental Conditions | The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced. |
| CWE-1385 | Missing Origin Validation in WebSockets | The product uses a WebSocket, but it does not properly verify that the source of data or communication is valid. |
| CWE-1386 | Insecure Operation on Windows Junction / Mount Point | The product opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is … |
| CWE-1389 | Incorrect Parsing of Numbers with Different Radices | The product parses numeric input assuming base 10 (decimal) values, but it does not account for inputs that use a different base number (radix). |
| CWE-1390 | Weak Authentication | The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed… |
| CWE-1391 | Use of Weak Credentials | The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker. |
| CWE-1392 | Use of Default Credentials | The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality. It is common practice for products to… |
| CWE-1393 | Use of Default Password | The product uses default passwords for potentially critical functionality. It is common practice for products to be designed to use default passwords for a… |
| CWE-1394 | Use of Default Cryptographic Key | The product uses a default cryptographic key for potentially critical functionality. It is common practice for products to be designed to use default keys.… |
| CWE-1395 | Dependency on Vulnerable Third-Party Component | The product has a dependency on a third-party component that contains one or more known vulnerabilities. |
| CWE-14 | Compiler Removal of Code to Clear Buffers | Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store… |
| CWE-140 | Improper Neutralization of Delimiters | The product does not neutralize or incorrectly neutralizes delimiters. |
| CWE-141 | Improper Neutralization of Parameter/Argument Delimiters | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as para… |
| CWE-1419 | Incorrect Initialization of Resource | The product attempts to initialize a resource but does not correctly do so, which might leave the resource in an unexpected, incorrect, or insecure state when … |
| CWE-142 | Improper Neutralization of Value Delimiters | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as valu… |
| CWE-1420 | Exposure of Sensitive Information during Transient Execution | A processor event or prediction may allow incorrect operations (or correct operations with incorrect data) to execute transiently, potentially exposing data ov… |
| CWE-1421 | Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution | A processor event may allow transient operations to access architecturally restricted data (for example, in another address space) in a shared microa… |
| CWE-1422 | Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution | A processor event or prediction may allow incorrect or stale data to be forwarded to transient operations, potentially exposing data over a covert chan… |
| CWE-1423 | Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution | Shared microarchitectural predictor state may allow code to influence transient execution across a hardware boundary, potentially exposing data that is… |
| CWE-1426 | Improper Validation of Generative AI Output | The product invokes a generative AI/ML component whose behaviors and outputs cannot be directly controlled, but the product does not validate or insuf… |
| CWE-1427 | Improper Neutralization of Input Used for LLM Prompting | The product uses externally-provided data to build prompts provided to large language models (LLMs), but the way these prompts are constructed causes the LLM t… |
| CWE-1428 | Reliance on HTTP instead of HTTPS | The product provides or relies on use of HTTP communications when HTTPS is available. |
| CWE-1429 | Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface | The product has a hardware interface that silently discards operations in situations for which feedback would be security-relevant, such as the timely de… |
| CWE-143 | Improper Neutralization of Record Delimiters | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as reco… |
| CWE-1431 | Driving Intermediate Cryptographic State/Results to Hardware Module Outputs | The product uses a hardware module implementing a cryptographic algorithm that writes sensitive information about the intermediate state or results of … |
| CWE-1434 | Insecure Setting of Generative AI/ML Model Inference Parameters | The product has a component that relies on a generative AI/ML model configured with inference parameters that produce an unacceptably high rate of errone… |
| CWE-144 | Improper Neutralization of Line Delimiters | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as line… |
| CWE-145 | Improper Neutralization of Section Delimiters | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as sect… |
| CWE-146 | Improper Neutralization of Expression/Command Delimiters | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as expr… |
| CWE-147 | Improper Neutralization of Input Terminators | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as inpu… |
| CWE-148 | Improper Neutralization of Input Leaders | The product does not properly handle when a leading character or sequence ("leader") is missing or malformed, or if multiple leaders are used when only one sho… |
| CWE-149 | Improper Neutralization of Quoting Syntax | Quotes injected into a product can be used to compromise a system. As data are parsed, an injected/absent/duplicate/malformed use of quotes may cause the proce… |
| CWE-15 | External Control of System or Configuration Setting | One or more system settings or configuration elements can be externally controlled by a user. Allowing external control of system settings can disrupt service… |
| CWE-150 | Improper Neutralization of Escape, Meta, or Control Sequences | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as esca… |
| CWE-151 | Improper Neutralization of Comment Delimiters | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as comm… |
| CWE-152 | Improper Neutralization of Macro Symbols | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as macr… |
| CWE-153 | Improper Neutralization of Substitution Characters | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as subs… |
| CWE-154 | Improper Neutralization of Variable Name Delimiters | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as vari… |
| CWE-155 | Improper Neutralization of Wildcards or Matching Symbols | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wild… |
| CWE-156 | Improper Neutralization of Whitespace | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as whit… |
| CWE-157 | Failure to Sanitize Paired Delimiters | The product does not properly handle the characters that are used to mark the beginning and ending of a group of entities, such as parentheses, brackets, and b… |