CVEbaza.pl › Słownik CWE
Słownik CWE
Common Weakness Enumeration — katalog typów podatności bezpieczeństwa. Każde CWE opisuje klasę błędów programistycznych które prowadzą do podatności CVE.
200 typów podatności · 351 838 powiązanych CVE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
51 647
CVE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
23 321
CVE
CWE-787
Out-of-bounds Write
16 668
CVE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
14 367
CVE
CWE-20
Improper Input Validation
13 698
CVE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
10 620
CVE
CWE-352
Cross-Site Request Forgery (CSRF)
10 573
CVE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
10 500
CVE
CWE-125
Out-of-bounds Read
10 461
CVE
CWE-862
Missing Authorization
9309
CVE
CWE-416
Use After Free
9307
CVE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
7240
CVE
CWE-94
Improper Control of Generation of Code ('Code Injection')
6986
CVE
CWE-476
NULL Pointer Dereference
6335
CVE
CWE-264
—
5488
CVE
CWE-284
Improper Access Control
5357
CVE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
5243
CVE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
4986
CVE
CWE-434
Unrestricted Upload of File with Dangerous Type
4979
CVE
CWE-287
Improper Authentication
4909
CVE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
4186
CVE
CWE-190
Integer Overflow or Wraparound
3760
CVE
CWE-400
Uncontrolled Resource Consumption
3568
CVE
CWE-863
Incorrect Authorization
3517
CVE
CWE-121
Stack-based Buffer Overflow
3458
CVE
CWE-502
Deserialization of Untrusted Data
3392
CVE
CWE-918
Server-Side Request Forgery (SSRF)
3203
CVE
CWE-269
Improper Privilege Management
3098
CVE
CWE-306
Missing Authentication for Critical Function
2808
CVE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
2737
CVE
CWE-399
—
2700
CVE
CWE-310
—
2517
CVE
CWE-122
Heap-based Buffer Overflow
2393
CVE
CWE-770
Allocation of Resources Without Limits or Throttling
2209
CVE
CWE-401
Missing Release of Memory after Effective Lifetime
2193
CVE
CWE-639
Authorization Bypass Through User-Controlled Key
2137
CVE
CWE-798
Use of Hard-coded Credentials
2014
CVE
CWE-732
Incorrect Permission Assignment for Critical Resource
1877
CVE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
1819
CVE
CWE-276
Incorrect Default Permissions
1786
CVE
CWE-59
Improper Link Resolution Before File Access ('Link Following')
1734
CVE
CWE-295
Improper Certificate Validation
1679
CVE
CWE-522
Insufficiently Protected Credentials
1560
CVE
CWE-611
Improper Restriction of XML External Entity Reference
1522
CVE
CWE-427
Uncontrolled Search Path Element
1483
CVE
CWE-532
Insertion of Sensitive Information into Log File
1428
CVE
CWE-285
Improper Authorization
1362
CVE
CWE-189
—
1243
CVE
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
1165
CVE
CWE-319
Cleartext Transmission of Sensitive Information
1074
CVE
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
1017
CVE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
981
CVE
CWE-266
Incorrect Privilege Assignment
961
CVE
CWE-415
Double Free
939
CVE
CWE-312
Cleartext Storage of Sensitive Information
936
CVE
CWE-908
Use of Uninitialized Resource
874
CVE
CWE-617
Reachable Assertion
872
CVE
CWE-203
Observable Discrepancy
854
CVE
CWE-347
Improper Verification of Cryptographic Signature
844
CVE
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
830
CVE
CWE-667
Improper Locking
824
CVE
CWE-404
Improper Resource Shutdown or Release
814
CVE
CWE-668
Exposure of Resource to Wrong Sphere
798
CVE
CWE-255
—
786
CVE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
776
CVE
CWE-426
Untrusted Search Path
730
CVE
CWE-754
Improper Check for Unusual or Exceptional Conditions
730
CVE
CWE-129
Improper Validation of Array Index
720
CVE
CWE-307
Improper Restriction of Excessive Authentication Attempts
713
CVE
CWE-345
Insufficient Verification of Data Authenticity
698
CVE
CWE-290
Authentication Bypass by Spoofing
698
CVE
CWE-755
Improper Handling of Exceptional Conditions
676
CVE
CWE-209
Generation of Error Message Containing Sensitive Information
666
CVE
CWE-346
Origin Validation Error
662
CVE
CWE-613
Insufficient Session Expiration
642
CVE
CWE-693
Protection Mechanism Failure
615
CVE
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
607
CVE
CWE-288
Authentication Bypass Using an Alternate Path or Channel
587
CVE
CWE-1333
Inefficient Regular Expression Complexity
572
CVE
CWE-552
Files or Directories Accessible to External Parties
563
CVE
CWE-311
Missing Encryption of Sensitive Data
554
CVE
CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
553
CVE
CWE-191
Integer Underflow (Wrap or Wraparound)
541
CVE
CWE-369
Divide By Zero
533
CVE
CWE-326
Inadequate Encryption Strength
520
CVE
CWE-428
Unquoted Search Path or Element
506
CVE
CWE-674
Uncontrolled Recursion
502
CVE
CWE-116
Improper Encoding or Escaping of Output
498
CVE
CWE-384
Session Fixation
490
CVE
CWE-772
Missing Release of Resource after Effective Lifetime
490
CVE
CWE-73
External Control of File Name or Path
483
CVE
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
462
CVE
CWE-126
Buffer Over-read
455
CVE
CWE-23
Relative Path Traversal
434
CVE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
433
CVE
CWE-134
Use of Externally-Controlled Format String
432
CVE
CWE-330
Use of Insufficiently Random Values
431
CVE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
426
CVE
CWE-922
Insecure Storage of Sensitive Information
424
CVE
CWE-665
Improper Initialization
420
CVE
CWE-254
—
414
CVE
CWE-281
Improper Preservation of Permissions
401
CVE
CWE-1284
Improper Validation of Specified Quantity in Input
385
CVE
CWE-824
Access of Uninitialized Pointer
356
CVE
CWE-201
Insertion of Sensitive Information Into Sent Data
350
CVE
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
343
CVE
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
341
CVE
CWE-1188
Initialization of a Resource with an Insecure Default
334
CVE
CWE-250
Execution with Unnecessary Privileges
333
CVE
CWE-16
—
317
CVE
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
317
CVE
CWE-521
Weak Password Requirements
308
CVE
CWE-451
User Interface (UI) Misrepresentation of Critical Information
303
CVE
CWE-321
Use of Hard-coded Cryptographic Key
302
CVE
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
298
CVE
CWE-704
Incorrect Type Conversion or Cast
298
CVE
CWE-294
Authentication Bypass by Capture-replay
281
CVE
CWE-425
Direct Request ('Forced Browsing')
265
CVE
CWE-707
Improper Neutralization
253
CVE
CWE-494
Download of Code Without Integrity Check
252
CVE
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
246
CVE
CWE-193
Off-by-one Error
243
CVE
CWE-131
Incorrect Calculation of Buffer Size
237
CVE
CWE-19
—
235
CVE
CWE-459
Incomplete Cleanup
225
CVE
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
224
CVE
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
220
CVE
CWE-248
Uncaught Exception
219
CVE
CWE-457
Use of Uninitialized Variable
211
CVE
CWE-256
Plaintext Storage of a Password
210
CVE
CWE-252
Unchecked Return Value
207
CVE
CWE-822
Untrusted Pointer Dereference
201
CVE
CWE-354
Improper Validation of Integrity Check Value
194
CVE
CWE-259
Use of Hard-coded Password
194
CVE
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
192
CVE
CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
188
CVE
CWE-697
Incorrect Comparison
185
CVE
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
180
CVE
CWE-749
Exposed Dangerous Method or Function
173
CVE
CWE-35
Path Traversal: '.../...//'
171
CVE
CWE-17
—
166
CVE
CWE-670
Always-Incorrect Control Flow Implementation
165
CVE
CWE-789
Memory Allocation with Excessive Size Value
163
CVE
CWE-204
Observable Response Discrepancy
161
CVE
CWE-305
Authentication Bypass by Primary Weakness
152
CVE
CWE-280
Improper Handling of Insufficient Permissions or Privileges
152
CVE
CWE-91
XML Injection (aka Blind XPath Injection)
150
CVE
CWE-61
UNIX Symbolic Link (Symlink) Following
150
CVE
CWE-703
Improper Check or Handling of Exceptional Conditions
150
CVE
CWE-331
Insufficient Entropy
149
CVE
CWE-208
Observable Timing Discrepancy
147
CVE
CWE-788
Access of Memory Location After End of Buffer
147
CVE
CWE-1287
Improper Validation of Specified Type of Input
143
CVE
CWE-682
Incorrect Calculation
143
CVE
CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
142
CVE
CWE-602
Client-Side Enforcement of Server-Side Security
142
CVE
CWE-184
Incomplete List of Disallowed Inputs
141
CVE
CWE-916
Use of Password Hash With Insufficient Computational Effort
140
CVE
CWE-681
Incorrect Conversion between Numeric Types
138
CVE
CWE-472
External Control of Assumed-Immutable Web Parameter
136
CVE
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
133
CVE
CWE-358
Improperly Implemented Security Check for Standard
133
CVE
CWE-436
Interpretation Conflict
129
CVE
CWE-36
Absolute Path Traversal
128
CVE
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
124
CVE
CWE-706
Use of Incorrectly-Resolved Name or Reference
123
CVE
CWE-834
Excessive Iteration
118
CVE
CWE-913
Improper Control of Dynamically-Managed Code Resources
114
CVE
CWE-407
Inefficient Algorithmic Complexity
114
CVE
CWE-24
Path Traversal: '../filedir'
112
CVE
CWE-275
—
110
CVE
CWE-909
Missing Initialization of Resource
109
CVE
CWE-763
Release of Invalid Pointer or Reference
109
CVE
CWE-680
Integer Overflow to Buffer Overflow
106
CVE
CWE-669
Incorrect Resource Transfer Between Spheres
105
CVE
CWE-1392
Use of Default Credentials
104
CVE
CWE-942
Permissive Cross-domain Security Policy with Untrusted Domains
104
CVE
CWE-117
Improper Output Neutralization for Logs
103
CVE
CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
103
CVE
CWE-823
Use of Out-of-range Pointer Offset
100
CVE
CWE-130
Improper Handling of Length Parameter Inconsistency
99
CVE
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
97
CVE
CWE-377
Insecure Temporary File
95
CVE
CWE-441
Unintended Proxy or Intermediary ('Confused Deputy')
95
CVE
CWE-1220
Insufficient Granularity of Access Control
94
CVE
CWE-672
Operation on a Resource after Expiration or Release
93
CVE
CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
93
CVE
CWE-320
—
92
CVE
CWE-178
Improper Handling of Case Sensitivity
92
CVE
CWE-303
Incorrect Implementation of Authentication Algorithm
92
CVE
CWE-1286
Improper Validation of Syntactic Correctness of Input
89
CVE
CWE-840
—
88
CVE
CWE-328
Use of Weak Hash
86
CVE
CWE-620
Unverified Password Change
85
CVE
CWE-506
Embedded Malicious Code
85
CVE
CWE-825
Expired Pointer Dereference
84
CVE
CWE-807
Reliance on Untrusted Inputs in a Security Decision
83
CVE
CWE-1390
Weak Authentication
82
CVE
CWE-926
Improper Export of Android Application Components
81
CVE
CWE-565
Reliance on Cookies without Validation and Integrity Checking
81
CVE