Pretraži prema CWE oznaci - CERT CVE

CWE lista

CWE ID Opis
CWE-239 The software does not properly handle when a particular element is not completely specified.
CWE-24 The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.
CWE-240 The software does not handle or incorrectly handles when two or more structural elements should be consistent, but are not.
CWE-241 The software does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).
CWE-243 The program uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside of the jail.
CWE-244 Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.
CWE-245 The J2EE application directly manages connections, instead of using the container's connection management facilities.
CWE-246 The J2EE application directly uses sockets instead of using framework method calls.
CWE-247 This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350.
CWE-248 An exception is thrown from a function, but it is not caught.