View-1003: Weaknesses for Simplified Mapping of Published Vulnerabilities

ID: 1003

Type: Graph

Status: Incomplete

Objective

CWE entries in this view (graph) may be used to categorize potential weaknesses within sources that handle public, third-party vulnerability information, such as the National Vulnerability Database (NVD). By design, this view is incomplete; it is limited to a small number of the most commonly-seen weaknesses, so that it is easier for humans to use. This view uses a shallow hierarchy of two levels in order to simplify the complex, category-oriented navigation of the entire CWE corpus.

Membership

CWE-ID	title
CWE-20	输入验证不恰当
CWE-74	输出中的特殊元素转义处理不恰当（注入）
CWE-116	对输出编码和转义不恰当
CWE-119	内存缓冲区边界内操作的限制不恰当
CWE-200	信息暴露
CWE-269	特权管理不恰当
CWE-287	认证机制不恰当
CWE-311	敏感数据加密缺失
CWE-326	不充分的加密强度
CWE-327	使用已被攻破或存在风险的密码学算法
CWE-330	使用不充分的随机数
CWE-345	对数据真实性的验证不充分
CWE-362	使用共享资源的并发执行不恰当同步问题（竞争条件）
CWE-400	未加控制的资源消耗（资源穷尽）
CWE-404	不恰当的资源关闭或释放
CWE-436	解释冲突
CWE-610	资源在另一范围的外部可控制索引
CWE-665	初始化不恰当
CWE-667	加锁机制不恰当
CWE-668	将资源暴露给错误范围
CWE-669	在范围间的资源转移不正确
CWE-670	控制流实现总是不正确
CWE-672	在过期或释放后对资源进行操作
CWE-674	未经控制的递归
CWE-682	数值计算不正确
CWE-697	不充分的比较
CWE-704	不正确的类型转换
CWE-706	使用不正确的解析名称或索引
CWE-732	关键资源的不正确权限授予
CWE-754	对因果或异常条件的不恰当检查
CWE-755	对异常条件的处理不恰当
CWE-834	过度迭代
CWE-862	授权机制缺失
CWE-863	授权机制不正确
CWE-913	动态管理代码资源的控制不恰当
CWE-922	敏感信息的不安全存储

Notes

Maintenance

This view has been modified significantly since its last major revision in 2015. This view is likely to evolve based on the experience of NVD analysts, public feedback, and the CWE Team.

引用

REF-1 CWE - Common Weakness Enumeration

文章来源于互联网:scap中文网