Pretraži prema CWE oznaci - CERT CVE

CWE lista

CWE ID Opis
CWE-496 Assigning public data to a private array is equivalent to giving public access to the array.
CWE-497 The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.
CWE-498 The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.
CWE-499 The code contains a class with sensitive data, but the class does not explicitly deny serialization. The data can be accessed by serializing the class through another class.
CWE-5 Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the data are sent in plaintext or are weakly encrypted.
CWE-50 A software system that accepts path input in the form of multiple leading slash ('//multiple/leading/slash') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
CWE-500 An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways.
CWE-501 The product mixes trusted and untrusted data in the same data structure or structured message.
CWE-502 The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CWE-506 The application contains code that appears to be malicious in nature.