Pretraži prema CWE oznaci - CERT CVE

CWE lista

CWE ID Opis
CWE-1288 The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.
CWE-1289 The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.
CWE-129 The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
CWE-13 Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attackers.
CWE-130 The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
CWE-131 The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
CWE-132 This entry has been deprecated because it was a duplicate of CWE-170. All content has been transferred to CWE-170.
CWE-134 The software uses a function that accepts a format string as an argument, but the format string originates from an external source.
CWE-135 The software does not correctly calculate the length of strings that can contain wide or multi-byte characters.
CWE-138 The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component.