Pretraži prema CWE oznaci - CERT CVE

CWE lista

CWE ID Opis
CWE-603 A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.
CWE-605 When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.
CWE-606 The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.
CWE-607 A public or protected static final field references a mutable object, which allows the object to be changed by malicious code, or accidentally from another package.
CWE-608 An ActionForm class contains a field that has not been declared private, which can be accessed without using a setter or getter.
CWE-609 The program uses double-checked locking to access a resource without the overhead of explicit synchronization, but the locking is insufficient.
CWE-61 The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.
CWE-610 The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
CWE-611 The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CWE-612 The product creates a search index of private or sensitive documents, but it does not properly limit index access to actors who are authorized to see the original information.