the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew  

CWE Definitions

Select   Select&Copy
CWE Number Name Number Of Related Vulnerabilities
656 Reliance on Security through Obscurity
66 Improper Handling of File Names that Identify Virtual Resources
663 Use of a Non-reentrant Function in an Unsynchronized Context
666 Operation on Resource in Wrong Phase of Lifetime
67 Improper Handling of Windows Device Names
671 Lack of Administrator Control over Security
673 External Influence of Sphere Definition
675 Duplicate Operations on Resource
676 Use of Potentially Dangerous Function
683 Function Call With Incorrect Order of Arguments
685 Function Call With Incorrect Number of Arguments
686 Function Call With Incorrect Argument Type
687 Function Call With Incorrectly Specified Argument Value
69 Failure to Handle Windows ::DATA Alternate Data Stream
691 Insufficient Control Flow Management
694 Use of Multiple Resources with Duplicate Identifier
695 Use of Low-Level Functionality
696 Incorrect Behavior Order
698 Redirect Without Exit
7 J2EE Misconfiguration: Missing Custom Error Page
703 Failure to Handle Exceptional Conditions
705 Incorrect Control Flow Scoping
71 Apple '.DS_Store'
72 Improper Handling of Apple HFS+ Alternate Data Stream Path
733 Compiler Optimization Removal or Modification of Security-critical Code
756 Missing Custom Error Page
758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
76 Failure to Resolve Equivalent Special Elements into a Different Plane
761 Free of Pointer not at Start of Buffer
762 Mismatched Memory Management Routines
764 Multiple Locks of a Critical Resource
765 Multiple Unlocks of a Critical Resource
766 Critical Variable Declared Public
767 Access to Critical Private Variable via Public Method
768 Incorrect Short Circuit Evaluation
771 Missing Reference to Active Allocated Resource
773 Missing Reference to Active File Descriptor or Handle
777 Regular Expression without Anchors
779 Logging of Excessive Data
780 Use of RSA Algorithm without OAEP
781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
782 Exposed IOCTL with Insufficient Access Control
783 Operator Precedence Logic Error
784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
785 Use of Path Manipulation Function without Maximum-sized Buffer
786 Access of Memory Location Before Start of Buffer
790 Improper Filtering of Special Elements
791 Incomplete Filtering of Special Elements
792 Incomplete Filtering of One or More Instances of Special Elements
793 Only Filtering One Instance of a Special Element
Total number of cwe definitions : 668   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14
The CWE definitions are only provided as a quick reference.They are not complete and may not be up to date!
You must visit for a complete list of CWE entries and for more details.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.