View-1003: Weaknesses for Simplified Mapping of Published Vulnerabilities

ID: 1003

Type: Graph

Status: Incomplete

Objective

CWE entries in this view (graph) may be used to categorize potential weaknesses within sources that handle public, third-party vulnerability information, such as the National Vulnerability Database (NVD). By design, this view is incomplete; it is limited to a small number of the most commonly-seen weaknesses, so that it is easier for humans to use. This view uses a shallow hierarchy of two levels in order to simplify the complex, category-oriented navigation of the entire CWE corpus.

Membership

CWE-ID title
CWE-20 输入验证不恰当
CWE-74 输出中的特殊元素转义处理不恰当(注入)
CWE-116 对输出编码和转义不恰当
CWE-119 内存缓冲区边界内操作的限制不恰当
CWE-200 信息暴露
CWE-269 特权管理不恰当
CWE-287 认证机制不恰当
CWE-311 敏感数据加密缺失
CWE-326 不充分的加密强度
CWE-327 使用已被攻破或存在风险的密码学算法
CWE-330 使用不充分的随机数
CWE-345 对数据真实性的验证不充分
CWE-362 使用共享资源的并发执行不恰当同步问题(竞争条件)
CWE-400 未加控制的资源消耗(资源穷尽)
CWE-404 不恰当的资源关闭或释放
CWE-436 解释冲突
CWE-610 资源在另一范围的外部可控制索引
CWE-665 初始化不恰当
CWE-667 加锁机制不恰当
CWE-668 将资源暴露给错误范围
CWE-669 在范围间的资源转移不正确
CWE-670 控制流实现总是不正确
CWE-672 在过期或释放后对资源进行操作
CWE-674 未经控制的递归
CWE-682 数值计算不正确
CWE-697 不充分的比较
CWE-704 不正确的类型转换
CWE-706 使用不正确的解析名称或索引
CWE-732 关键资源的不正确权限授予
CWE-754 对因果或异常条件的不恰当检查
CWE-755 对异常条件的处理不恰当
CWE-834 过度迭代
CWE-862 授权机制缺失
CWE-863 授权机制不正确
CWE-913 动态管理代码资源的控制不恰当
CWE-922 敏感信息的不安全存储

Notes

Maintenance

This view has been modified significantly since its last major revision in 2015. This view is likely to evolve based on the experience of NVD analysts, public feedback, and the CWE Team.

引用

REF-1 CWE - Common Weakness Enumeration