View-1003: Weaknesses for Simplified Mapping of Published Vulnerabilities

admin 2022年1月7日02:23:27CWE(弱点枚举)评论14 views1387字阅读4分37秒阅读模式

View-1003: Weaknesses for Simplified Mapping of Published Vulnerabilities

ID: 1003

Type: Graph

Status: Incomplete

Objective

CWE entries in this view (graph) may be used to categorize potential weaknesses within sources that handle public, third-party vulnerability information, such as the National Vulnerability Database (NVD). By design, this view is incomplete; it is limited to a small number of the most commonly-seen weaknesses, so that it is easier for humans to use. This view uses a shallow hierarchy of two levels in order to simplify the complex, category-oriented navigation of the entire CWE corpus.

Membership

CWE-ID title
CWE-20 输入验证不恰当
CWE-74 输出中的特殊元素转义处理不恰当(注入)
CWE-116 对输出编码和转义不恰当
CWE-119 内存缓冲区边界内操作的限制不恰当
CWE-200 信息暴露
CWE-269 特权管理不恰当
CWE-287 认证机制不恰当
CWE-311 敏感数据加密缺失
CWE-326 不充分的加密强度
CWE-327 使用已被攻破或存在风险的密码学算法
CWE-330 使用不充分的随机数
CWE-345 对数据真实性的验证不充分
CWE-362 使用共享资源的并发执行不恰当同步问题(竞争条件)
CWE-400 未加控制的资源消耗(资源穷尽)
CWE-404 不恰当的资源关闭或释放
CWE-436 解释冲突
CWE-610 资源在另一范围的外部可控制索引
CWE-665 初始化不恰当
CWE-667 加锁机制不恰当
CWE-668 将资源暴露给错误范围
CWE-669 在范围间的资源转移不正确
CWE-670 控制流实现总是不正确
CWE-672 在过期或释放后对资源进行操作
CWE-674 未经控制的递归
CWE-682 数值计算不正确
CWE-697 不充分的比较
CWE-704 不正确的类型转换
CWE-706 使用不正确的解析名称或索引
CWE-732 关键资源的不正确权限授予
CWE-754 对因果或异常条件的不恰当检查
CWE-755 对异常条件的处理不恰当
CWE-834 过度迭代
CWE-862 授权机制缺失
CWE-863 授权机制不正确
CWE-913 动态管理代码资源的控制不恰当
CWE-922 敏感信息的不安全存储

Notes

Maintenance

This view has been modified significantly since its last major revision in 2015. This view is likely to evolve based on the experience of NVD analysts, public feedback, and the CWE Team.

引用

REF-1 CWE - Common Weakness Enumeration

文章来源于互联网:scap中文网

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年1月7日02:23:27
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  View-1003: Weaknesses for Simplified Mapping of Published Vulnerabilities http://cn-sec.com/archives/612749.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: