CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > Reports > Differences between Version 4.3 and Version 4.4  
ID

Differences between Version 4.3 and Version 4.4

Summary
Summary
Total weaknesses/chains/composites (Version 4.4) 918
Total weaknesses/chains/composites (Version 4.3) 916
Total new 3
Total deprecated 0
Total with major changes 241
Total with only minor changes 3
Total unchanged 1091

Summary of Entry Types

Type Version 4.3 Version 4.4
Weakness 916 918
Category 316 316
View 42 43
Deprecated 61 61
Total 1335 1338

Field Change Summary
Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field Major Minor
Name 6 0
Description 22 1
Relationships 57 0
Applicable_Platforms 0 0
Modes_of_Introduction 1 0
Detection_Factors 1 0
Potential_Mitigations 28 1
Demonstrative_Examples 79 2
Observed_Examples 15 0
Related_Attack_Patterns 6 0
Weakness_Ordinalities 3 0
Time_of_Introduction 0 0
Likelihood_of_Exploit 1 0
References 21 0
Common_Consequences 2 0
Terminology_Notes 1 0
Alternate_Terms 8 0
Relationship_Notes 3 0
Taxonomy_Mappings 10 0
Maintenance_Notes 51 0
Research_Gaps 1 0
Background_Details 1 0
Theoretical_Notes 4 0
Other_Notes 4 0
View_Type 0 0
View_Structure 0 0
View_Filter 0 0
View_Audience 0 0
Type 1 0
Source_Taxonomy 0 0

Form and Abstraction Changes

From To Total CWE IDs
Unchanged 1334
Weakness/Class Weakness/Base 1 1271

Status Changes

From To Total
Unchanged 1331
Incomplete Draft 4

Relationship Changes

The "Version 4.4 Total" lists the total number of relationships in Version 4.4. The "Shared" value is the total number of relationships in entries that were in both Version 4.4 and Version 4.3. The "New" value is the total number of relationships involving entries that did not exist in Version 4.3. Thus, the total number of relationships in Version 4.4 would combine stats from Shared entries and New entries.

Relationship Version 4.4 Total Version 4.3 Total Version 4.4 Shared Unchanged Added to Version 4.4 Removed from Version 4.3 Version 4.4 New
ALL 9589 9533 9581 9513 68 20 8
ChildOf 3983 3956 3979 3946 33 10 4
ParentOf 3983 3956 3979 3946 33 10 4
MemberOf 564 564 564 564
HasMember 564 564 564 564
CanPrecede 132 132 132 132
CanFollow 132 132 132 132
StartsWith 3 3 3 3
Requires 13 13 13 13
RequiredBy 13 13 13 13
CanAlsoBe 28 28 28 28
PeerOf 174 172 174 172 2

Nodes Removed from Version 4.3

CWE-ID CWE Name
None.

Nodes Added to Version 4.4

CWE-ID CWE Name
1081 Entries with Maintenance Notes
1204 Generation of Weak Initialization Vector (IV)
1333 Inefficient Regular Expression Complexity

Nodes Deprecated in Version 4.4

CWE-ID CWE Name
None.
Important Changes
Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D Description
N Name
R Relationships

D 20 Improper Input Validation
R 22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
R 59 Improper Link Resolution Before File Access ('Link Following')
R 77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
D 79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
R 95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
D 111 Direct Use of Unsafe JNI
R 116 Improper Encoding or Escaping of Output
R 129 Improper Validation of Array Index
R 134 Use of Externally-Controlled Format String
R 185 Incorrect Regular Expression
R 189 Numeric Errors
D 217 DEPRECATED: Failure to Protect Stored Data from Modification
R 248 Uncaught Exception
D 249 DEPRECATED: Often Misused: Path Manipulation
R 252 Unchecked Return Value
R 284 Improper Access Control
D 301 Reflection Attack in an Authentication Protocol
DNR 329 Not Using an Unpredictable IV with CBC Mode
R 330 Use of Insufficiently Random Values
R 375 Returning a Mutable Object to an Untrusted Caller
D R 391 Unchecked Error Condition
R 394 Unexpected Status Code or Return Value
R 401 Missing Release of Memory after Effective Lifetime
R 407 Inefficient Algorithmic Complexity
D 427 Uncontrolled Search Path Element
R 456 Missing Initialization of a Variable
R 457 Use of Uninitialized Variable
R 460 Improper Cleanup on Thrown Exception
R 477 Use of Obsolete Function
R 480 Use of Incorrect Operator
R 488 Exposure of Data Element to Wrong Session
R 498 Cloneable Class Containing Sensitive Information
R 499 Serializable Class Containing Sensitive Data
R 561 Dead Code
R 563 Assignment to Variable without Use
D R 597 Use of Wrong Operator in String Comparison
R 603 Use of Client-Side Authentication
R 628 Function Call with Incorrectly Specified Arguments
R 656 Reliance on Security Through Obscurity
R 664 Improper Control of a Resource Through its Lifetime
R 668 Exposure of Resource to Wrong Sphere
R 681 Incorrect Conversion between Numeric Types
R 687 Function Call With Incorrectly Specified Argument Value
R 690 Unchecked Return Value to NULL Pointer Dereference
R 705 Incorrect Control Flow Scoping
D 711 Weaknesses in OWASP Top Ten (2004)
D 734 Weaknesses Addressed by the CERT C Secure Coding Standard (2008)
R 754 Improper Check for Unusual or Exceptional Conditions
R 762 Mismatched Memory Management Routines
R 767 Access to Critical Private Variable via Public Method
R 783 Operator Precedence Logic Error
R 789 Memory Allocation with Excessive Size Value
D 868 Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)
R 969 SFP Secondary Cluster: Faulty Memory Release
R 977 SFP Secondary Cluster: Design
R 982 SFP Secondary Cluster: Failure to Release Resource
R 998 SFP Secondary Cluster: Glitch in Computation
D 1000 Research Concepts
DN 1129 CISQ Quality Measures (2016) - Reliability
DN 1130 CISQ Quality Measures (2016) - Maintainability
DN 1131 CISQ Quality Measures (2016) - Security
DN 1132 CISQ Quality Measures (2016) - Performance Efficiency
R 1179 SEI CERT Perl Coding Standard - Guidelines 01. Input Validation and Data Sanitization (IDS)
R 1180 SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL)
R 1181 SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP)
R 1182 SEI CERT Perl Coding Standard - Guidelines 04. Integers (INT)
R 1184 SEI CERT Perl Coding Standard - Guidelines 06. Object-Oriented Programming (OOP)
R 1185 SEI CERT Perl Coding Standard - Guidelines 07. File Input and Output (FIO)
R 1186 SEI CERT Perl Coding Standard - Guidelines 50. Miscellaneous (MSC)
D 1232 Improper Lock Behavior After Power State Transition
D 1236 Improper Neutralization of Formula Elements in a CSV File
D 1243 Sensitive Non-Volatile Information Not Protected During Debug
R 1255 Comparison Logic is Vulnerable to Power Side-Channel Attacks
N 1271 Uninitialized Value on Reset for Registers Holding Security Settings
R 1327 Binding to an Unrestricted IP Address
D 1332 Insufficient Protection Against Instruction Skipping Via Fault Injection
Detailed Difference Report
Detailed Difference Report
13 ASP.NET Misconfiguration: Password in Configuration File
Major Demonstrative_Examples
Minor None
20 Improper Input Validation
Major Description, Potential_Mitigations
Minor None
21 DEPRECATED: Pathname Traversal and Equivalence Errors
Major Taxonomy_Mappings
Minor None
22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Major Demonstrative_Examples, Relationships
Minor None
23 Relative Path Traversal
Major Demonstrative_Examples
Minor None
32 Path Traversal: '...' (Triple Dot)
Major Potential_Mitigations
Minor None
33 Path Traversal: '....' (Multiple Dot)
Major Potential_Mitigations
Minor None
34 Path Traversal: '....//'
Major Potential_Mitigations
Minor None
35 Path Traversal: '.../...//'
Major Potential_Mitigations
Minor None
36 Absolute Path Traversal
Major Demonstrative_Examples
Minor None
37 Path Traversal: '/absolute/pathname/here'
Major Potential_Mitigations
Minor None
38 Path Traversal: '\absolute\pathname\here'
Major Potential_Mitigations
Minor None
39 Path Traversal: 'C:dirname'
Major Potential_Mitigations
Minor None
40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
Major Potential_Mitigations
Minor None
59 Improper Link Resolution Before File Access ('Link Following')
Major Relationships
Minor None
60 DEPRECATED: UNIX Path Link Problems
Major Taxonomy_Mappings
Minor None
68 DEPRECATED: Windows Virtual File Problems
Major Taxonomy_Mappings
Minor None
70 DEPRECATED: Mac Virtual File Problems
Major Taxonomy_Mappings
Minor None
71 DEPRECATED: Apple '.DS_Store'
Major Taxonomy_Mappings
Minor None
73 External Control of File Name or Path
Major Maintenance_Notes, Potential_Mitigations
Minor None
77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Major Relationships
Minor None
79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Major Demonstrative_Examples, Description
Minor None
87 Improper Neutralization of Alternate XSS Syntax
Major Demonstrative_Examples
Minor None
94 Improper Control of Generation of Code ('Code Injection')
Major Demonstrative_Examples
Minor None
95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Major Relationships
Minor None
96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Major Demonstrative_Examples
Minor None
98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Major Potential_Mitigations
Minor None
111 Direct Use of Unsafe JNI
Major Description
Minor None
114 Process Control
Major Maintenance_Notes
Minor None
116 Improper Encoding or Escaping of Output
Major Relationships, Terminology_Notes
Minor None
120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Major Demonstrative_Examples
Minor None
121 Stack-based Buffer Overflow
Major Demonstrative_Examples, References
Minor None
122 Heap-based Buffer Overflow
Major References
Minor None
123 Write-what-where Condition
Major References
Minor None
124 Buffer Underwrite ('Buffer Underflow')
Major Potential_Mitigations
Minor None
128 Wrap-around Error
Major Potential_Mitigations, References
Minor None
129 Improper Validation of Array Index
Major References, Relationships
Minor None
131 Incorrect Calculation of Buffer Size
Major Demonstrative_Examples, Potential_Mitigations
Minor None
134 Use of Externally-Controlled Format String
Major Potential_Mitigations, Relationships
Minor None
135 Incorrect Calculation of Multi-Byte String Length
Major References
Minor None
159 Improper Handling of Invalid Use of Special Elements
Major Maintenance_Notes
Minor None
171 DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
Major Taxonomy_Mappings
Minor None
178 Improper Handling of Case Sensitivity
Major Demonstrative_Examples
Minor None
185 Incorrect Regular Expression
Major Relationships
Minor None
188 Reliance on Data/Memory Layout
Major References
Minor None
189 Numeric Errors
Major Relationships
Minor None
190 Integer Overflow or Wraparound
Major Potential_Mitigations
Minor None
191 Integer Underflow (Wrap or Wraparound)
Major Demonstrative_Examples
Minor None
192 Integer Coercion Error
Major Demonstrative_Examples, Maintenance_Notes, References
Minor None
193 Off-by-one Error
Major Demonstrative_Examples
Minor None
194 Unexpected Sign Extension
Major Potential_Mitigations, References
Minor None
195 Signed to Unsigned Conversion Error
Major Demonstrative_Examples, References
Minor None
196 Unsigned to Signed Conversion Error
Major References
Minor None
217 DEPRECATED: Failure to Protect Stored Data from Modification
Major Description
Minor None
228 Improper Handling of Syntactically Invalid Structure
Major Demonstrative_Examples, Maintenance_Notes, Theoretical_Notes
Minor None
230 Improper Handling of Missing Values
Major Demonstrative_Examples
Minor None
233 Improper Handling of Parameters
Major Demonstrative_Examples
Minor None
242 Use of Inherently Dangerous Function
Major Demonstrative_Examples
Minor None
247 DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision
Major Taxonomy_Mappings
Minor None
248 Uncaught Exception
Major Relationships
Minor None
249 DEPRECATED: Often Misused: Path Manipulation
Major Description, Maintenance_Notes
Minor None
252 Unchecked Return Value
Major Demonstrative_Examples, Observed_Examples, Relationships, Weakness_Ordinalities
Minor None
256 Unprotected Storage of Credentials
Major Demonstrative_Examples
Minor None
257 Storing Passwords in a Recoverable Format
Major Demonstrative_Examples, Maintenance_Notes
Minor None
259 Use of Hard-coded Password
Major Demonstrative_Examples, Maintenance_Notes
Minor None
260 Password in Configuration File
Major Demonstrative_Examples
Minor None
266 Incorrect Privilege Assignment
Major Demonstrative_Examples
Minor None
267 Privilege Defined With Unsafe Actions
Major Maintenance_Notes
Minor None
269 Improper Privilege Management
Major Demonstrative_Examples
Minor None
272 Least Privilege Violation
Major Demonstrative_Examples
Minor None
274 Improper Handling of Insufficient Privileges
Major Relationship_Notes, Theoretical_Notes
Minor None
280 Improper Handling of Insufficient Permissions or Privileges
Major Maintenance_Notes
Minor None
284 Improper Access Control
Major Maintenance_Notes, Relationships
Minor None
285 Improper Authorization
Major Alternate_Terms
Minor None
287 Improper Authentication
Major Alternate_Terms, Demonstrative_Examples
Minor None
290 Authentication Bypass by Spoofing
Major None
Minor Demonstrative_Examples
292 DEPRECATED (Duplicate): Trusting Self-reported DNS Name
Major Likelihood_of_Exploit, Taxonomy_Mappings
Minor None
293 Using Referer Field for Authentication
Major References
Minor None
300 Channel Accessible by Non-Endpoint
Major Alternate_Terms, Related_Attack_Patterns
Minor None
301 Reflection Attack in an Authentication Protocol
Major Description, Other_Notes
Minor None
302 Authentication Bypass by Assumed-Immutable Data
Major Demonstrative_Examples
Minor None
308 Use of Single-factor Authentication
Major Demonstrative_Examples
Minor None
309 Use of Password System for Primary Authentication
Major Demonstrative_Examples
Minor None
312 Cleartext Storage of Sensitive Information
Major Demonstrative_Examples
Minor None
313 Cleartext Storage in a File or on Disk
Major Demonstrative_Examples
Minor None
324 Use of a Key Past its Expiration Date
Major References
Minor None
327 Use of a Broken or Risky Cryptographic Algorithm
Major References
Minor None
328 Reversible One-Way Hash
Major Demonstrative_Examples
Minor None
329 Not Using an Unpredictable IV with CBC Mode
Major Background_Details, Common_Consequences, Demonstrative_Examples, Description, Modes_of_Introduction, Name, Observed_Examples, Potential_Mitigations, References, Relationships
Minor None
330 Use of Insufficiently Random Values
Major Maintenance_Notes, Relationships
Minor None
332 Insufficient Entropy in PRNG
Major References
Minor None
338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Major Demonstrative_Examples
Minor None
339 Small Seed Space in PRNG
Major Maintenance_Notes
Minor None
350 Reliance on Reverse DNS Resolution for a Security-Critical Action
Major Demonstrative_Examples
Minor None
359 Exposure of Private Personal Information to an Unauthorized Actor
Major References
Minor None
362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Major Demonstrative_Examples
Minor None
364 Signal Handler Race Condition
Major Potential_Mitigations
Minor None
366 Race Condition within a Thread
Major Potential_Mitigations
Minor None
375 Returning a Mutable Object to an Untrusted Caller
Major Relationships
Minor None
378 Creation of Temporary File With Insecure Permissions
Major Demonstrative_Examples
Minor None
379 Creation of Temporary File in Directory with Insecure Permissions
Major Demonstrative_Examples
Minor None
387 Signal Errors
Major Maintenance_Notes
Minor None
391 Unchecked Error Condition
Major Description, Relationships
Minor None
393 Return of Wrong Status Code
Major Maintenance_Notes
Minor None
394 Unexpected Status Code or Return Value
Major Relationships
Minor None
401 Missing Release of Memory after Effective Lifetime
Major Relationships
Minor None
404 Improper Resource Shutdown or Release
Major Demonstrative_Examples
Minor None
407 Inefficient Algorithmic Complexity
Major References, Relationships
Minor None
413 Improper Resource Locking
Major Demonstrative_Examples
Minor None
415 Double Free
Major Maintenance_Notes, Theoretical_Notes
Minor None
426 Untrusted Search Path
Major Demonstrative_Examples
Minor None
427 Uncontrolled Search Path Element
Major Alternate_Terms, Description, Maintenance_Notes, References, Theoretical_Notes
Minor None
434 Unrestricted Upload of File with Dangerous Type
Major Demonstrative_Examples
Minor None
446 UI Discrepancy for Security Feature
Major Maintenance_Notes, Relationship_Notes, Weakness_Ordinalities
Minor None
451 User Interface (UI) Misrepresentation of Critical Information
Major Maintenance_Notes, Observed_Examples
Minor None
456 Missing Initialization of a Variable
Major Demonstrative_Examples, Observed_Examples, Relationships
Minor None
457 Use of Uninitialized Variable
Major Demonstrative_Examples, Observed_Examples, Relationships
Minor None
460 Improper Cleanup on Thrown Exception
Major Relationships
Minor None
469 Use of Pointer Subtraction to Determine Size
Major Potential_Mitigations
Minor None
476 NULL Pointer Dereference
Major Demonstrative_Examples, Observed_Examples
Minor None
477 Use of Obsolete Function
Major Relationships
Minor None
480 Use of Incorrect Operator
Major Demonstrative_Examples, Relationships
Minor None
481 Assigning instead of Comparing
Major Demonstrative_Examples, Potential_Mitigations
Minor None
488 Exposure of Data Element to Wrong Session
Major Relationships
Minor None
489 Active Debug Code
Major Related_Attack_Patterns
Minor None
490 DEPRECATED: Mobile Code Issues
Major Other_Notes
Minor None
494 Download of Code Without Integrity Check
Major References, Related_Attack_Patterns
Minor None
497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
Major Demonstrative_Examples
Minor None
498 Cloneable Class Containing Sensitive Information
Major Relationships
Minor None
499 Serializable Class Containing Sensitive Data
Major Relationships
Minor None
502 Deserialization of Untrusted Data
Major None
Minor Demonstrative_Examples
503 DEPRECATED: Byte/Object Code
Major Taxonomy_Mappings
Minor None
504 DEPRECATED: Motivation/Intent
Major Taxonomy_Mappings
Minor None
522 Insufficiently Protected Credentials
Major Demonstrative_Examples
Minor None
541 Inclusion of Sensitive Information in an Include File
Major Demonstrative_Examples
Minor None
561 Dead Code
Major Relationships
Minor None
563 Assignment to Variable without Use
Major Relationships
Minor None
587 Assignment of a Fixed Address to a Pointer
Major Common_Consequences, Weakness_Ordinalities
Minor Description
590 Free of Memory not on the Heap
Major Maintenance_Notes, Other_Notes
Minor None
595 Comparison of Object References Instead of Object Contents
Major Demonstrative_Examples
Minor None
597 Use of Wrong Operator in String Comparison
Major Demonstrative_Examples, Description, Potential_Mitigations, Relationships
Minor None
600 Uncaught Exception in Servlet
Major Demonstrative_Examples
Minor None
603 Use of Client-Side Authentication
Major Maintenance_Notes, Relationships
Minor None
625 Permissive Regular Expression
Major Demonstrative_Examples
Minor None
628 Function Call with Incorrectly Specified Arguments
Major Detection_Factors, Relationships
Minor None
635 Weaknesses Originally Used by NVD from 2008 to 2016
Major Maintenance_Notes
Minor None
639 Authorization Bypass Through User-Controlled Key
Major Alternate_Terms
Minor None
642 External Control of Critical State Data
Major Demonstrative_Examples
Minor None
654 Reliance on a Single Factor in a Security Decision
Major Alternate_Terms, Maintenance_Notes
Minor None
656 Reliance on Security Through Obscurity
Major Relationships
Minor None
664 Improper Control of a Resource Through its Lifetime
Major Maintenance_Notes, Relationships
Minor None
665 Improper Initialization
Major Observed_Examples
Minor None
667 Improper Locking
Major Demonstrative_Examples
Minor None
668 Exposure of Resource to Wrong Sphere
Major Relationships
Minor None
674 Uncontrolled Recursion
Major Potential_Mitigations
Minor None
676 Use of Potentially Dangerous Function
Major Demonstrative_Examples
Minor None
681 Incorrect Conversion between Numeric Types
Major Relationships
Minor None
687 Function Call With Incorrectly Specified Argument Value
Major Relationships
Minor None
690 Unchecked Return Value to NULL Pointer Dereference
Major Demonstrative_Examples, Relationships
Minor None
691 Insufficient Control Flow Management
Major Maintenance_Notes
Minor None
693 Protection Mechanism Failure
Major Maintenance_Notes
Minor None
696 Incorrect Behavior Order
Major Observed_Examples
Minor None
705 Incorrect Control Flow Scoping
Major Relationships
Minor None
711 Weaknesses in OWASP Top Ten (2004)
Major Description, Maintenance_Notes, Relationship_Notes
Minor None
734 Weaknesses Addressed by the CERT C Secure Coding Standard (2008)
Major Description, Maintenance_Notes
Minor None
754 Improper Check for Unusual or Exceptional Conditions
Major Demonstrative_Examples, Relationships
Minor None
756 Missing Custom Error Page
Major Demonstrative_Examples
Minor None
759 Use of a One-Way Hash without a Salt
Major Demonstrative_Examples
Minor None
761 Free of Pointer not at Start of Buffer
Major Observed_Examples
Minor None
762 Mismatched Memory Management Routines
Major Relationships
Minor None
763 Release of Invalid Pointer or Reference
Major Maintenance_Notes
Minor None
767 Access to Critical Private Variable via Public Method
Major Relationships
Minor None
772 Missing Release of Resource after Effective Lifetime
Major Demonstrative_Examples
Minor None
782 Exposed IOCTL with Insufficient Access Control
Major Observed_Examples
Minor None
783 Operator Precedence Logic Error
Major Relationships
Minor None
785 Use of Path Manipulation Function without Maximum-sized Buffer
Major Maintenance_Notes
Minor None
787 Out-of-bounds Write
Major Demonstrative_Examples
Minor None
789 Memory Allocation with Excessive Size Value
Major Demonstrative_Examples, Relationships
Minor None
795 Only Filtering Special Elements at a Specified Location
Major Demonstrative_Examples
Minor None
798 Use of Hard-coded Credentials
Major Demonstrative_Examples
Minor None
805 Buffer Access with Incorrect Length Value
Major None
Minor Potential_Mitigations
825 Expired Pointer Dereference
Major Observed_Examples
Minor None
828 Signal Handler with Functionality that is not Asynchronous-Safe
Major Demonstrative_Examples
Minor None
829 Inclusion of Functionality from Untrusted Control Sphere
Major Potential_Mitigations, Related_Attack_Patterns
Minor None
835 Loop with Unreachable Exit Condition ('Infinite Loop')
Major Observed_Examples
Minor None
862 Missing Authorization
Major Alternate_Terms, Observed_Examples
Minor None
863 Incorrect Authorization
Major Alternate_Terms
Minor None
868 Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)
Major Description, Maintenance_Notes
Minor None
908 Use of Uninitialized Resource
Major Demonstrative_Examples, Observed_Examples
Minor None
909 Missing Initialization of Resource
Major Demonstrative_Examples, Observed_Examples
Minor None
922 Insecure Storage of Sensitive Information
Major Maintenance_Notes
Minor None
923 Improper Restriction of Communication Channel to Intended Endpoints
Major Maintenance_Notes
Minor None
924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Major Maintenance_Notes
Minor None
927 Use of Implicit Intent for Sensitive Communication
Major Maintenance_Notes
Minor None
939 Improper Authorization in Handler for Custom URL Scheme
Major Demonstrative_Examples
Minor None
941 Incorrectly Specified Destination in a Communication Channel
Major Maintenance_Notes
Minor None
943 Improper Neutralization of Special Elements in Data Query Logic
Major Maintenance_Notes
Minor None
969 SFP Secondary Cluster: Faulty Memory Release
Major Relationships
Minor None
977 SFP Secondary Cluster: Design
Major Relationships
Minor None
982 SFP Secondary Cluster: Failure to Release Resource
Major Relationships
Minor None
998 SFP Secondary Cluster: Glitch in Computation
Major Relationships
Minor None
1000 Research Concepts
Major Description, Other_Notes
Minor None
1003 Weaknesses for Simplified Mapping of Published Vulnerabilities
Major Maintenance_Notes
Minor None
1023 Incomplete Comparison with Missing Factors
Major Demonstrative_Examples
Minor None
1025 Comparison Using Wrong Factors
Major Demonstrative_Examples
Minor None
1037 Processor Optimization Removal or Modification of Security-critical Code
Major Related_Attack_Patterns
Minor None
1129 CISQ Quality Measures (2016) - Reliability
Major Description, Name
Minor None
1130 CISQ Quality Measures (2016) - Maintainability
Major Description, Name
Minor None
1131 CISQ Quality Measures (2016) - Security
Major Description, Name
Minor None
1132 CISQ Quality Measures (2016) - Performance Efficiency
Major Description, Name
Minor None
1179 SEI CERT Perl Coding Standard - Guidelines 01. Input Validation and Data Sanitization (IDS)
Major Relationships
Minor None
1180 SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL)
Major Relationships
Minor None
1181 SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP)
Major Relationships
Minor None
1182 SEI CERT Perl Coding Standard - Guidelines 04. Integers (INT)
Major Relationships
Minor None
1184 SEI CERT Perl Coding Standard - Guidelines 06. Object-Oriented Programming (OOP)
Major Relationships
Minor None
1185 SEI CERT Perl Coding Standard - Guidelines 07. File Input and Output (FIO)
Major Relationships
Minor None
1186 SEI CERT Perl Coding Standard - Guidelines 50. Miscellaneous (MSC)
Major Relationships
Minor None
1191 Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization
Major Maintenance_Notes
Minor None
1232 Improper Lock Behavior After Power State Transition
Major Description
Minor None
1233 Improper Hardware Lock Protection for Security Sensitive Controls
Major Maintenance_Notes
Minor None
1235 Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations
Major Demonstrative_Examples
Minor None
1236 Improper Neutralization of Formula Elements in a CSV File
Major Description, Potential_Mitigations
Minor None
1241 Use of Predictable Algorithm in Random Number Generator
Major Maintenance_Notes, Research_Gaps
Minor None
1243 Sensitive Non-Volatile Information Not Protected During Debug
Major Description
Minor None
1244 Improper Access to Sensitive Information Using Debug and Test Interfaces
Major Maintenance_Notes
Minor None
1247 Missing or Improperly Implemented Protection Against Voltage and Clock Glitches
Major Functional_Areas
Minor None
1251 Mirrored Regions with Different Values
Major Demonstrative_Examples
Minor None
1255 Comparison Logic is Vulnerable to Power Side-Channel Attacks
Major Functional_Areas, Maintenance_Notes, Relationships
Minor None
1256 Hardware Features Enable Physical Attacks from Software
Major Demonstrative_Examples, Functional_Areas, Maintenance_Notes
Minor None
1259 Improper Restriction of Security Token Assignment
Major Maintenance_Notes
Minor None
1271 Uninitialized Value on Reset for Registers Holding Security Settings
Major Name, Type
Minor None
1272 Sensitive Information Uncleared Before Debug/Power State Transition
Major Functional_Areas
Minor None
1277 Firmware Not Updateable
Major Maintenance_Notes
Minor None
1278 Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
Major Maintenance_Notes
Minor None
1279 Cryptographic Operations are run Before Supporting Units are Ready
Major Maintenance_Notes
Minor None
1281 Sequence of Processor Instructions Leads to Unexpected Behavior (Halt and Catch Fire)
Major Potential_Mitigations
Minor None
1282 Assumed-Immutable Data is Stored in Writable Memory
Major Maintenance_Notes
Minor None
1285 Improper Validation of Specified Index, Position, or Offset in Input
Major Demonstrative_Examples
Minor None
1300 Improper Protection Against Physical Side Channels
Major Functional_Areas, Maintenance_Notes
Minor None
1303 Non-Transparent Sharing of Microarchitectural Resources
Major Related_Attack_Patterns
Minor None
1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
Major Functional_Areas
Minor None
1310 Missing Ability to Patch ROM Code
Major Maintenance_Notes
Minor None
1327 Binding to an Unrestricted IP Address
Major Relationships
Minor None
1332 Insufficient Protection Against Instruction Skipping Via Fault Injection
Major Description, Functional_Areas, Potential_Mitigations, References
Minor None
Page Last Updated: March 15, 2021