| Subverting Environment Variable Values |
|
CWE-15
|
External Control of System or Configuration Setting
|
|
CWE-20
|
Improper Input Validation
|
|
CWE-73
|
External Control of File Name or Path
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-285
|
Improper Authorization
|
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
|
CWE-353
|
Missing Support for Integrity Check
|
|
| Client-side Injection-induced Buffer Overflow |
|
CWE-20
|
Improper Input Validation
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-118
|
Incorrect Access of Indexable Resource ('Range Error')
|
|
CWE-119
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
|
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
|
|
CWE-353
|
Missing Support for Integrity Check
|
|
CWE-680
|
Integer Overflow to Buffer Overflow
|
|
CWE-697
|
Incorrect Comparison
|
|
| Content Spoofing Via Application API Manipulation |
|
CWE-353
|
Missing Support for Integrity Check
|
|
| Manipulating Opaque Client-based Data Tokens |
|
CWE-233
|
Improper Handling of Parameters
|
|
CWE-285
|
Improper Authorization
|
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
|
CWE-315
|
Cleartext Storage of Sensitive Information in a Cookie
|
|
CWE-353
|
Missing Support for Integrity Check
|
|
CWE-384
|
Session Fixation
|
|
CWE-472
|
External Control of Assumed-Immutable Web Parameter
|
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
|
CWE-565
|
Reliance on Cookies without Validation and Integrity Checking
|
|
| Exploitation of Thunderbolt Protection Flaws |
|
CWE-288
|
Authentication Bypass Using an Alternate Path or Channel
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-353
|
Missing Support for Integrity Check
|
|
CWE-862
|
Missing Authorization
|
|
CWE-1188
|
Insecure Default Initialization of Resource
|
|
| Manipulating State |
|
CWE-315
|
Cleartext Storage of Sensitive Information in a Cookie
|
|
CWE-353
|
Missing Support for Integrity Check
|
|
CWE-372
|
Incomplete Internal State Distinction
|
|
CWE-693
|
Protection Mechanism Failure
|
|
CWE-1245
|
Improper Finite State Machines (FSMs) in Hardware Logic
|
|
CWE-1253
|
Incorrect Selection of Fuse Values
|
|
CWE-1265
|
Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
|
|
CWE-1271
|
Uninitialized Value on Reset for Registers Holding Security Settings
|
|
| Manipulating Writeable Configuration Files |
|
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
|
CWE-99
|
Improper Control of Resource Identifiers ('Resource Injection')
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-349
|
Acceptance of Extraneous Untrusted Data With Trusted Data
|
|
CWE-353
|
Missing Support for Integrity Check
|
|
CWE-354
|
Improper Validation of Integrity Check Value
|
|