CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities
New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > Reports > Differences between Version 4.15 and Version 4.16  
ID

Differences between Version 4.15 and Version 4.16

Summary
Summary
Total weaknesses/chains/composites (Version 4.16) 940
Total weaknesses/chains/composites (Version 4.15) 939
Total new 2
Total deprecated 0
Total with major changes 66
Total with only minor changes
Total unchanged 1361

Summary of Entry Types

Type Version 4.15 Version 4.16
Weakness 939 940
Category 374 374
View 50 51
Deprecated 64 64
Total 1427 1429

Back to top
Field Change Summary
Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field Major Minor
Name 0 0
Description 15 0
Diagram 14 0
Relationships 26 0
Common_Consequences 9 0
Applicable_Platforms 0 0
Modes_of_Introduction 2 0
Detection_Factors 0 0
Potential_Mitigations 1 0
Demonstrative_Examples 7 0
Observed_Examples 6 0
Related_Attack_Patterns 0 0
Weakness_Ordinalities 0 0
Time_of_Introduction 0 0
Likelihood_of_Exploit 0 0
References 21 0
Mapping_Notes 1 0
Terminology_Notes 2 0
Alternate_Terms 3 0
Relationship_Notes 0 0
Taxonomy_Mappings 0 0
Maintenance_Notes 2 0
Research_Gaps 0 0
Background_Details 0 0
Theoretical_Notes 0 0
Other_Notes 3 0
View_Type 0 0
View_Structure 0 0
View_Filter 0 0
View_Audience 0 0
Type 0 0
Source_Taxonomy 0 0

Form and Abstraction Changes

From To Total CWE IDs
Unchanged 1427

Status Changes

From To Total
Unchanged 1427

Relationship Changes

The "Version 4.16 Total" lists the total number of relationships in Version 4.16. The "Shared" value is the total number of relationships in entries that were in both Version 4.16 and Version 4.15. The "New" value is the total number of relationships involving entries that did not exist in Version 4.15. Thus, the total number of relationships in Version 4.16 would combine stats from Shared entries and New entries.

Relationship Version 4.16 Total Version 4.15 Total Version 4.16 Shared Unchanged Added to Version 4.16 Removed from Version 4.15 Version 4.16 New
ALL 12516 12462 12462 12462 54
ChildOf 5289 5287 5287 5287 2
ParentOf 5289 5287 5287 5287 2
MemberOf 715 690 690 690 25
HasMember 715 690 690 690 25
CanPrecede 141 141 141 141
CanFollow 141 141 141 141
StartsWith 3 3 3 3
Requires 13 13 13 13
RequiredBy 13 13 13 13
CanAlsoBe 27 27 27 27
PeerOf 170 170 170 170

Nodes Removed in Version 4.16

CWE-ID CWE Name
None.

Nodes Added to Version 4.16

CWE-ID CWE Name
1427 Improper Neutralization of Input Used for LLM Prompting
1430 Weaknesses in the 2024 CWE Top 25 Most Dangerous Software Weaknesses

Nodes Deprecated in Version 4.16

CWE-ID CWE Name
None.
Back to top
Important Changes
Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D Description
N Name
R Relationships

R 20 Improper Input Validation
R 22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
R 77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
R 78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
R 79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
R 89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
R 94 Improper Control of Generation of Code ('Code Injection')
D R 119 Improper Restriction of Operations within the Bounds of a Memory Buffer
R 125 Out-of-bounds Read
D 184 Incomplete List of Disallowed Inputs
R 190 Integer Overflow or Wraparound
R 200 Exposure of Sensitive Information to an Unauthorized Actor
D 201 Insertion of Sensitive Information Into Sent Data
R 269 Improper Privilege Management
R 287 Improper Authentication
D 288 Authentication Bypass Using an Alternate Path or Channel
R 306 Missing Authentication for Critical Function
D 307 Improper Restriction of Excessive Authentication Attempts
R 352 Cross-Site Request Forgery (CSRF)
D 359 Exposure of Private Personal Information to an Unauthorized Actor
D 362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
R 400 Uncontrolled Resource Consumption
R 416 Use After Free
R 434 Unrestricted Upload of File with Dangerous Type
D 467 Use of sizeof() on a Pointer Type
R 476 NULL Pointer Dereference
D R 502 Deserialization of Untrusted Data
D 532 Insertion of Sensitive Information into Log File
D 601 URL Redirection to Untrusted Site ('Open Redirect')
R 787 Out-of-bounds Write
R 798 Use of Hard-coded Credentials
D 835 Loop with Unreachable Exit Condition ('Infinite Loop')
D R 862 Missing Authorization
D R 863 Incorrect Authorization
D R 918 Server-Side Request Forgery (SSRF)
R 1409 Comprehensive Categorization: Injection
Back to top
Detailed Difference Report
Detailed Difference Report
20 Improper Input Validation
Major Relationships
Minor None
22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Major Demonstrative_Examples, Relationships
Minor None
36 Absolute Path Traversal
Major Demonstrative_Examples
Minor None
74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Major Demonstrative_Examples, Observed_Examples
Minor None
77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Major Demonstrative_Examples, Relationships
Minor None
78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Major Relationships
Minor None
79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Major Relationships
Minor None
89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Major Relationships
Minor None
93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
Major Demonstrative_Examples
Minor None
94 Improper Control of Generation of Code ('Code Injection')
Major Mapping_Notes, Relationships
Minor None
113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Major Demonstrative_Examples
Minor None
119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Major Description, Relationships
Minor None
125 Out-of-bounds Read
Major Observed_Examples, Relationships
Minor None
184 Incomplete List of Disallowed Inputs
Major Common_Consequences, Description, Diagram, Modes_of_Introduction
Minor None
190 Integer Overflow or Wraparound
Major Relationships
Minor None
200 Exposure of Sensitive Information to an Unauthorized Actor
Major Relationships
Minor None
201 Insertion of Sensitive Information Into Sent Data
Major Description, Diagram, Other_Notes
Minor None
208 Observable Timing Discrepancy
Major Maintenance_Notes
Minor None
269 Improper Privilege Management
Major Relationships
Minor None
287 Improper Authentication
Major Relationships
Minor None
288 Authentication Bypass Using an Alternate Path or Channel
Major Description, Diagram
Minor None
306 Missing Authentication for Critical Function
Major Relationships
Minor None
307 Improper Restriction of Excessive Authentication Attempts
Major Common_Consequences, Description, Diagram
Minor None
346 Origin Validation Error
Major References
Minor None
347 Improper Verification of Cryptographic Signature
Major Diagram
Minor None
352 Cross-Site Request Forgery (CSRF)
Major Relationships
Minor None
359 Exposure of Private Personal Information to an Unauthorized Actor
Major Description, Diagram, Other_Notes
Minor None
362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Major Alternate_Terms, Common_Consequences, Description, Diagram, Modes_of_Introduction
Minor None
400 Uncontrolled Resource Consumption
Major Relationships
Minor None
416 Use After Free
Major Relationships
Minor None
434 Unrestricted Upload of File with Dangerous Type
Major Relationships
Minor None
467 Use of sizeof() on a Pointer Type
Major Description
Minor None
476 NULL Pointer Dereference
Major Relationships
Minor None
502 Deserialization of Untrusted Data
Major Common_Consequences, Description, Diagram, Potential_Mitigations, Relationships
Minor None
532 Insertion of Sensitive Information into Log File
Major Common_Consequences, Description, Diagram
Minor None
601 URL Redirection to Untrusted Site ('Open Redirect')
Major Alternate_Terms, Common_Consequences, Description, Diagram, Other_Notes
Minor None
750 Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors
Major References
Minor None
751 2009 Top 25 - Insecure Interaction Between Components
Major References
Minor None
752 2009 Top 25 - Risky Resource Management
Major References
Minor None
753 2009 Top 25 - Porous Defenses
Major References
Minor None
787 Out-of-bounds Write
Major Observed_Examples, Relationships
Minor None
798 Use of Hard-coded Credentials
Major Relationships
Minor None
800 Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
Major References
Minor None
801 2010 Top 25 - Insecure Interaction Between Components
Major References
Minor None
802 2010 Top 25 - Risky Resource Management
Major References
Minor None
803 2010 Top 25 - Porous Defenses
Major References
Minor None
808 2010 Top 25 - Weaknesses On the Cusp
Major References
Minor None
835 Loop with Unreachable Exit Condition ('Infinite Loop')
Major Description, Diagram
Minor None
862 Missing Authorization
Major Common_Consequences, Description, Diagram, Relationships, Terminology_Notes
Minor None
863 Incorrect Authorization
Major Common_Consequences, Description, Diagram, Relationships, Terminology_Notes
Minor None
864 2011 Top 25 - Insecure Interaction Between Components
Major References
Minor None
865 2011 Top 25 - Risky Resource Management
Major References
Minor None
866 2011 Top 25 - Porous Defenses
Major References
Minor None
867 2011 Top 25 - Weaknesses On the Cusp
Major References
Minor None
900 Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors
Major References
Minor None
918 Server-Side Request Forgery (SSRF)
Major Alternate_Terms, Common_Consequences, Description, Diagram, Observed_Examples, Relationships
Minor None
940 Improper Verification of Source of a Communication Channel
Major References
Minor None
1200 Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors
Major References
Minor None
1254 Incorrect Comparison Logic Granularity
Major Demonstrative_Examples, Maintenance_Notes
Minor None
1337 Weaknesses in the 2021 CWE Top 25 Most Dangerous Software Weaknesses
Major References
Minor None
1350 Weaknesses in the 2020 CWE Top 25 Most Dangerous Software Weaknesses
Major References
Minor None
1387 Weaknesses in the 2022 CWE Top 25 Most Dangerous Software Weaknesses
Major References
Minor None
1391 Use of Weak Credentials
Major Observed_Examples
Minor None
1392 Use of Default Credentials
Major Observed_Examples
Minor None
1409 Comprehensive Categorization: Injection
Major Relationships
Minor None
1425 Weaknesses in the 2023 CWE Top 25 Most Dangerous Software Weaknesses
Major References
Minor None
Back to top
Page Last Updated: November 19, 2024
 

Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.