CWE
Select a Weakness to see all CVEs that are vulnerable to it.
| ID | Object Name↑ | Stix Type | ||
|---|---|---|---|---|
| CWE-520 | .NET Misconfiguration: Use of Impersonation | weakness | ||
| CWE-36 | Absolute Path Traversal | weakness | ||
| CWE-349 | Acceptance of Extraneous Untrusted Data With Trusted Data | weakness | ||
| CWE-1280 | Access Control Check Implemented After Asset is Accessed | weakness | ||
| CWE-788 | Access of Memory Location After End of Buffer | weakness | ||
| CWE-786 | Access of Memory Location Before Start of Buffer | weakness | ||
| CWE-843 | Access of Resource Using Incompatible Type ('Type Confusion') | weakness | ||
| CWE-824 | Access of Uninitialized Pointer | weakness | ||
| CWE-767 | Access to Critical Private Variable via Public Method | weakness | ||
| CWE-489 | Active Debug Code | weakness | ||
| CWE-464 | Addition of Data Structure Sentinel | weakness | ||
| CWE-774 | Allocation of File Descriptors or Handles Without Limits or Throttling | weakness | ||
| CWE-770 | Allocation of Resources Without Limits or Throttling | weakness | ||
| CWE-670 | Always-Incorrect Control Flow Implementation | weakness | ||
| CWE-1249 | Application-Level Admin Tool with Inconsistent View of Underlying Operating System | weakness | ||
| CWE-1044 | Architecture with Number of Horizontal Layers Outside of Expected Range | weakness | ||
| CWE-582 | Array Declared Public, Final, and Static | weakness | ||
| CWE-11 | ASP.NET Misconfiguration: Creating Debug Binary | weakness | ||
| CWE-1174 | ASP.NET Misconfiguration: Improper Model Validation | weakness | ||
| CWE-12 | ASP.NET Misconfiguration: Missing Custom Error Page | weakness | ||
| CWE-554 | ASP.NET Misconfiguration: Not Using Input Validation Framework | weakness | ||
| CWE-13 | ASP.NET Misconfiguration: Password in Configuration File | weakness | ||
| CWE-556 | ASP.NET Misconfiguration: Use of Identity Impersonation | weakness | ||
| CWE-481 | Assigning instead of Comparing | weakness | ||
| CWE-587 | Assignment of a Fixed Address to a Pointer | weakness | ||
| CWE-563 | Assignment to Variable without Use | weakness | ||
| CWE-1282 | Assumed-Immutable Data is Stored in Writable Memory | weakness | ||
| CWE-405 | Asymmetric Resource Consumption (Amplification) | weakness | ||
| CWE-588 | Attempt to Access Child of a Non-structure Pointer | weakness | ||
| CWE-289 | Authentication Bypass by Alternate Name | weakness | ||
| CWE-302 | Authentication Bypass by Assumed-Immutable Data | weakness | ||
| CWE-294 | Authentication Bypass by Capture-replay | weakness | ||
| CWE-305 | Authentication Bypass by Primary Weakness | weakness | ||
| CWE-290 | Authentication Bypass by Spoofing | weakness | ||
| CWE-288 | Authentication Bypass Using an Alternate Path or Channel | weakness | ||
| CWE-593 | Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created | weakness | ||
| CWE-639 | Authorization Bypass Through User-Controlled Key | weakness | ||
| CWE-566 | Authorization Bypass Through User-Controlled SQL Primary Key | weakness | ||
| CWE-439 | Behavioral Change in New Version or Environment | weakness | ||
| CWE-1327 | Binding to an Unrestricted IP Address | weakness | ||
| CWE-806 | Buffer Access Using Size of Source Buffer | weakness | ||
| CWE-805 | Buffer Access with Incorrect Length Value | weakness | ||
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | weakness | ||
| CWE-126 | Buffer Over-read | weakness | ||
| CWE-127 | Buffer Under-read | weakness | ||
| CWE-124 | Buffer Underwrite ('Buffer Underflow') | weakness | ||
| CWE-589 | Call to Non-ubiquitous API | weakness | ||
| CWE-572 | Call to Thread run() instead of start() | weakness | ||
| CWE-1117 | Callable with Insufficient Behavioral Summary | weakness | ||
| CWE-300 | Channel Accessible by Non-Endpoint | weakness |
