Pretraži prema CWE oznaci - CERT CVE

CWE lista

CWE ID Opis
CWE-211 The application performs an operation that triggers an external diagnostic or error message that is not directly generated or controlled by the application, such as an error generated by the programming language interpreter that the software uses. The error can contain sensitive system information.
CWE-212 The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
CWE-311 The software does not encrypt sensitive or critical information before storage or transmission.
CWE-213 The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed.
CWE-214 A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.
CWE-215 The application inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.
CWE-216 This entry has been deprecated, as it was not effective as a weakness and was structured more like a category. In addition, the name is inappropriate, since the "container" term is widely understood by developers in different ways than originally intended by PLOVER, the original source for this entry.
CWE-217 This weakness has been deprecated because it incorporated and confused multiple weaknesses. The issues formerly covered in this weakness can be found at CWE-766 and CWE-767.
CWE-218 This weakness has been deprecated because it was a duplicate of CWE-493. All content has been transferred to CWE-493.
CWE-219 The application stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties.