Pretraži prema CWE oznaci - CERT CVE

CWE lista

CWE ID Opis
CWE-22 The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-220 The application stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.
CWE-221 The software does not record, or improperly records, security-relevant information that leads to an incorrect decision or hampers later analysis.
CWE-222 The application truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack.
CWE-223 The application does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe.
CWE-224 The software records security-relevant information according to an alternate name of the affected entity, instead of the canonical name.
CWE-225 This weakness can be found at CWE-199.
CWE-226 The product prepares to release a resource such as memory or a file so that the resource can be reused by other entities, but the product does not fully clear previously-used sensitive information from that resource before the resource is released.
CWE-228 The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.
CWE-229 The software does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.