Weaknesses Originally Used by NVD from 2008 to 2016
A view in the Common Weakness Enumeration published by The MITRE Corporation.
Objective
Views in the Common Weakness Enumeration (CWE) represent one perspective with which to consider a set of weaknesses.
CWE nodes in this view (slice) were used by NIST to categorize vulnerabilities within NVD, from 2008 to 2016. This original version has been used by many other projects.
Weaknesses
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a ...
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the...
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralize...
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process th...
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but ...
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an uni...
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes...
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralize...
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Categories
Weaknesses in this category are related to the management of credentials.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniqu...
Weaknesses in this category are related to improper calculation or conversion of numbers.
Weaknesses in this category are related to improper management of system resources.
Deprecated or Obsolete
Weaknesses in this category are typically introduced during the configuration of the software.
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
See Also
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.