the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew  

CWE Definitions

Select   Select&Copy
CWE Number Name Number Of Related Vulnerabilities
687 Function Call With Incorrectly Specified Argument Value
688 Function Call With Incorrect Variable or Reference as Argument 1
691 Insufficient Control Flow Management
693 Protection Mechanism Failure 43
694 Use of Multiple Resources with Duplicate Identifier
695 Use of Low-Level Functionality
696 Incorrect Behavior Order
697 Insufficient Comparison 37
698 Redirect Without Exit
703 Failure to Handle Exceptional Conditions
704 Incorrect Type Conversion or Cast 186
705 Incorrect Control Flow Scoping
706 Use of Incorrectly-Resolved Name or Reference 23
707 Improper Enforcement of Message or Data Structure 3
708 Incorrect Ownership Assignment 1
710 Coding Standards Violation 1
732 Incorrect Permission Assignment for Critical Resource 819
733 Compiler Optimization Removal or Modification of Security-critical Code
749 Exposed Dangerous Method or Function 11
754 Improper Check for Unusual or Exceptional Conditions 143
755 Improper Handling of Exceptional Conditions 236
756 Missing Custom Error Page
757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') 2
758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
759 Use of a One-Way Hash without a Salt 1
760 Use of a One-Way Hash with a Predictable Salt 1
761 Free of Pointer not at Start of Buffer
762 Mismatched Memory Management Routines
763 Release of Invalid Pointer or Reference 36
764 Multiple Locks of a Critical Resource
765 Multiple Unlocks of a Critical Resource
766 Critical Variable Declared Public
767 Access to Critical Private Variable via Public Method
768 Incorrect Short Circuit Evaluation
770 Allocation of Resources Without Limits or Throttling 275
771 Missing Reference to Active Allocated Resource
772 Missing Release of Resource after Effective Lifetime 393
773 Missing Reference to Active File Descriptor or Handle
774 Allocation of File Descriptors or Handles Without Limits or Throttling 1
775 Missing Release of File Descriptor or Handle after Effective Lifetime 1
776 Unrestricted Recursive Entity References in DTDs ('XML Bomb') 39
777 Regular Expression without Anchors
778 Insufficient Logging 1
779 Logging of Excessive Data
780 Use of RSA Algorithm without OAEP
781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
782 Exposed IOCTL with Insufficient Access Control
783 Operator Precedence Logic Error
784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
785 Use of Path Manipulation Function without Maximum-sized Buffer
Total number of cwe definitions : 668   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14
The CWE definitions are only provided as a quick reference.They are not complete and may not be up to date!
You must visit for a complete list of CWE entries and for more details.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.