view release on metacpan or  search on metacpan

lib/CSAF/Util/CWE.pm  view on Meta::CPAN

    'CWE-266' => q"Incorrect Privilege Assignment",
    'CWE-267' => q"Privilege Defined With Unsafe Actions",
    'CWE-268' => q"Privilege Chaining",
    'CWE-269' => q"Improper Privilege Management",
    'CWE-270' => q"Privilege Context Switching Error",
    'CWE-271' => q"Privilege Dropping / Lowering Errors",
    'CWE-272' => q"Least Privilege Violation",
    'CWE-273' => q"Improper Check for Dropped Privileges",
    'CWE-274' => q"Improper Handling of Insufficient Privileges",
    'CWE-276' => q"Incorrect Default Permissions",
    'CWE-277' => q"Insecure Inherited Permissions",
    'CWE-278' => q"Insecure Preserved Inherited Permissions",
    'CWE-279' => q"Incorrect Execution-Assigned Permissions",
    'CWE-280' => q"Improper Handling of Insufficient Permissions or Privileges ",
    'CWE-281' => q"Improper Preservation of Permissions",
    'CWE-282' => q"Improper Ownership Management",
    'CWE-283' => q"Unverified Ownership",
    'CWE-284' => q"Improper Access Control",
    'CWE-285' => q"Improper Authorization",
    'CWE-286' => q"Incorrect User Management",
    'CWE-287' => q"Improper Authentication",
    'CWE-288' => q"Authentication Bypass Using an Alternate Path or Channel",
    'CWE-289' => q"Authentication Bypass by Alternate Name",
    'CWE-290' => q"Authentication Bypass by Spoofing",
    'CWE-291' => q"Reliance on IP Address for Authentication",
    'CWE-292' => q"DEPRECATED: Trusting Self-reported DNS Name",
    'CWE-293' => q"Using Referer Field for Authentication",
    'CWE-294' => q"Authentication Bypass by Capture-replay",
    'CWE-295' => q"Improper Certificate Validation",
    'CWE-296' => q"Improper Following of a Certificate's Chain of Trust",
    'CWE-297' => q"Improper Validation of Certificate with Host Mismatch",
    'CWE-298' => q"Improper Validation of Certificate Expiration",
    'CWE-299' => q"Improper Check for Certificate Revocation",
    'CWE-300' => q"Channel Accessible by Non-Endpoint",
    'CWE-301' => q"Reflection Attack in an Authentication Protocol",
    'CWE-302' => q"Authentication Bypass by Assumed-Immutable Data",
    'CWE-303' => q"Incorrect Implementation of Authentication Algorithm",
    'CWE-304' => q"Missing Critical Step in Authentication",
    'CWE-305' => q"Authentication Bypass by Primary Weakness",
    'CWE-306' => q"Missing Authentication for Critical Function",
    'CWE-307' => q"Improper Restriction of Excessive Authentication Attempts",
    'CWE-308' => q"Use of Single-factor Authentication",
    'CWE-309' => q"Use of Password System for Primary Authentication",
    'CWE-311' => q"Missing Encryption of Sensitive Data",
    'CWE-312' => q"Cleartext Storage of Sensitive Information",
    'CWE-313' => q"Cleartext Storage in a File or on Disk",
    'CWE-314' => q"Cleartext Storage in the Registry",
    'CWE-315' => q"Cleartext Storage of Sensitive Information in a Cookie",
    'CWE-316' => q"Cleartext Storage of Sensitive Information in Memory",
    'CWE-317' => q"Cleartext Storage of Sensitive Information in GUI",
    'CWE-318' => q"Cleartext Storage of Sensitive Information in Executable",
    'CWE-319' => q"Cleartext Transmission of Sensitive Information",
    'CWE-321' => q"Use of Hard-coded Cryptographic Key",
    'CWE-322' => q"Key Exchange without Entity Authentication",
    'CWE-323' => q"Reusing a Nonce, Key Pair in Encryption",
    'CWE-324' => q"Use of a Key Past its Expiration Date",
    'CWE-325' => q"Missing Cryptographic Step",
    'CWE-326' => q"Inadequate Encryption Strength",
    'CWE-327' => q"Use of a Broken or Risky Cryptographic Algorithm",
    'CWE-328' => q"Use of Weak Hash",
    'CWE-329' => q"Generation of Predictable IV with CBC Mode",
    'CWE-330' => q"Use of Insufficiently Random Values",
    'CWE-331' => q"Insufficient Entropy",
    'CWE-332' => q"Insufficient Entropy in PRNG",
    'CWE-333' => q"Improper Handling of Insufficient Entropy in TRNG",
    'CWE-334' => q"Small Space of Random Values",
    'CWE-335' => q"Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)",
    'CWE-336' => q"Same Seed in Pseudo-Random Number Generator (PRNG)",
    'CWE-337' => q"Predictable Seed in Pseudo-Random Number Generator (PRNG)",
    'CWE-338' => q"Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
    'CWE-339' => q"Small Seed Space in PRNG",
    'CWE-340' => q"Generation of Predictable Numbers or Identifiers",
    'CWE-341' => q"Predictable from Observable State",
    'CWE-342' => q"Predictable Exact Value from Previous Values",
    'CWE-343' => q"Predictable Value Range from Previous Values",
    'CWE-344' => q"Use of Invariant Value in Dynamically Changing Context",
    'CWE-345' => q"Insufficient Verification of Data Authenticity",
    'CWE-346' => q"Origin Validation Error",
    'CWE-347' => q"Improper Verification of Cryptographic Signature",
    'CWE-348' => q"Use of Less Trusted Source",
    'CWE-349' => q"Acceptance of Extraneous Untrusted Data With Trusted Data",
    'CWE-350' => q"Reliance on Reverse DNS Resolution for a Security-Critical Action",
    'CWE-351' => q"Insufficient Type Distinction",
    'CWE-352' => q"Cross-Site Request Forgery (CSRF)",
    'CWE-353' => q"Missing Support for Integrity Check",
    'CWE-354' => q"Improper Validation of Integrity Check Value",
    'CWE-356' => q"Product UI does not Warn User of Unsafe Actions",
    'CWE-357' => q"Insufficient UI Warning of Dangerous Operations",
    'CWE-358' => q"Improperly Implemented Security Check for Standard",
    'CWE-359' => q"Exposure of Private Personal Information to an Unauthorized Actor",
    'CWE-360' => q"Trust of System Event Data",
    'CWE-362' => q"Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
    'CWE-363' => q"Race Condition Enabling Link Following",
    'CWE-364' => q"Signal Handler Race Condition",
    'CWE-365' => q"DEPRECATED: Race Condition in Switch",
    'CWE-366' => q"Race Condition within a Thread",
    'CWE-367' => q"Time-of-check Time-of-use (TOCTOU) Race Condition",
    'CWE-368' => q"Context Switching Race Condition",
    'CWE-369' => q"Divide By Zero",
    'CWE-370' => q"Missing Check for Certificate Revocation after Initial Check",
    'CWE-372' => q"Incomplete Internal State Distinction",
    'CWE-373' => q"DEPRECATED: State Synchronization Error",
    'CWE-374' => q"Passing Mutable Objects to an Untrusted Method",
    'CWE-375' => q"Returning a Mutable Object to an Untrusted Caller",
    'CWE-377' => q"Insecure Temporary File",
    'CWE-378' => q"Creation of Temporary File With Insecure Permissions",
    'CWE-379' => q"Creation of Temporary File in Directory with Insecure Permissions",
    'CWE-382' => q"J2EE Bad Practices: Use of System.exit()",
    'CWE-383' => q"J2EE Bad Practices: Direct Use of Threads",
    'CWE-384' => q"Session Fixation",
    'CWE-385' => q"Covert Timing Channel",
    'CWE-386' => q"Symbolic Name not Mapping to Correct Object",
    'CWE-390' => q"Detection of Error Condition Without Action",
    'CWE-391' => q"Unchecked Error Condition",
    'CWE-392' => q"Missing Report of Error Condition",
    'CWE-393' => q"Return of Wrong Status Code",
    'CWE-394' => q"Unexpected Status Code or Return Value",
    'CWE-395' => q"Use of NullPointerException Catch to Detect NULL Pointer Dereference",
    'CWE-396' => q"Declaration of Catch for Generic Exception",
    'CWE-397' => q"Declaration of Throws for Generic Exception",
    'CWE-400' => q"Uncontrolled Resource Consumption",