CSAF

 view release on metacpan or  search on metacpan

lib/CSAF/Util/CWE.pm  view on Meta::CPAN

    'CWE-248' => q"Uncaught Exception",
    'CWE-249' => q"DEPRECATED: Often Misused: Path Manipulation",
    'CWE-250' => q"Execution with Unnecessary Privileges",
    'CWE-252' => q"Unchecked Return Value",
    'CWE-253' => q"Incorrect Check of Function Return Value",
    'CWE-256' => q"Plaintext Storage of a Password",
    'CWE-257' => q"Storing Passwords in a Recoverable Format",
    'CWE-258' => q"Empty Password in Configuration File",
    'CWE-259' => q"Use of Hard-coded Password",
    'CWE-260' => q"Password in Configuration File",
    'CWE-261' => q"Weak Encoding for Password",
    'CWE-262' => q"Not Using Password Aging",
    'CWE-263' => q"Password Aging with Long Expiration",
    'CWE-266' => q"Incorrect Privilege Assignment",
    'CWE-267' => q"Privilege Defined With Unsafe Actions",
    'CWE-268' => q"Privilege Chaining",
    'CWE-269' => q"Improper Privilege Management",
    'CWE-270' => q"Privilege Context Switching Error",
    'CWE-271' => q"Privilege Dropping / Lowering Errors",
    'CWE-272' => q"Least Privilege Violation",
    'CWE-273' => q"Improper Check for Dropped Privileges",
    'CWE-274' => q"Improper Handling of Insufficient Privileges",
    'CWE-276' => q"Incorrect Default Permissions",
    'CWE-277' => q"Insecure Inherited Permissions",
    'CWE-278' => q"Insecure Preserved Inherited Permissions",
    'CWE-279' => q"Incorrect Execution-Assigned Permissions",
    'CWE-280' => q"Improper Handling of Insufficient Permissions or Privileges ",
    'CWE-281' => q"Improper Preservation of Permissions",
    'CWE-282' => q"Improper Ownership Management",
    'CWE-283' => q"Unverified Ownership",
    'CWE-284' => q"Improper Access Control",
    'CWE-285' => q"Improper Authorization",
    'CWE-286' => q"Incorrect User Management",
    'CWE-287' => q"Improper Authentication",
    'CWE-288' => q"Authentication Bypass Using an Alternate Path or Channel",
    'CWE-289' => q"Authentication Bypass by Alternate Name",
    'CWE-290' => q"Authentication Bypass by Spoofing",
    'CWE-291' => q"Reliance on IP Address for Authentication",
    'CWE-292' => q"DEPRECATED: Trusting Self-reported DNS Name",
    'CWE-293' => q"Using Referer Field for Authentication",
    'CWE-294' => q"Authentication Bypass by Capture-replay",
    'CWE-295' => q"Improper Certificate Validation",
    'CWE-296' => q"Improper Following of a Certificate's Chain of Trust",
    'CWE-297' => q"Improper Validation of Certificate with Host Mismatch",
    'CWE-298' => q"Improper Validation of Certificate Expiration",
    'CWE-299' => q"Improper Check for Certificate Revocation",
    'CWE-300' => q"Channel Accessible by Non-Endpoint",
    'CWE-301' => q"Reflection Attack in an Authentication Protocol",
    'CWE-302' => q"Authentication Bypass by Assumed-Immutable Data",
    'CWE-303' => q"Incorrect Implementation of Authentication Algorithm",
    'CWE-304' => q"Missing Critical Step in Authentication",
    'CWE-305' => q"Authentication Bypass by Primary Weakness",
    'CWE-306' => q"Missing Authentication for Critical Function",
    'CWE-307' => q"Improper Restriction of Excessive Authentication Attempts",
    'CWE-308' => q"Use of Single-factor Authentication",
    'CWE-309' => q"Use of Password System for Primary Authentication",
    'CWE-311' => q"Missing Encryption of Sensitive Data",
    'CWE-312' => q"Cleartext Storage of Sensitive Information",
    'CWE-313' => q"Cleartext Storage in a File or on Disk",
    'CWE-314' => q"Cleartext Storage in the Registry",
    'CWE-315' => q"Cleartext Storage of Sensitive Information in a Cookie",
    'CWE-316' => q"Cleartext Storage of Sensitive Information in Memory",
    'CWE-317' => q"Cleartext Storage of Sensitive Information in GUI",
    'CWE-318' => q"Cleartext Storage of Sensitive Information in Executable",
    'CWE-319' => q"Cleartext Transmission of Sensitive Information",
    'CWE-321' => q"Use of Hard-coded Cryptographic Key",
    'CWE-322' => q"Key Exchange without Entity Authentication",
    'CWE-323' => q"Reusing a Nonce, Key Pair in Encryption",
    'CWE-324' => q"Use of a Key Past its Expiration Date",
    'CWE-325' => q"Missing Cryptographic Step",
    'CWE-326' => q"Inadequate Encryption Strength",
    'CWE-327' => q"Use of a Broken or Risky Cryptographic Algorithm",
    'CWE-328' => q"Use of Weak Hash",
    'CWE-329' => q"Generation of Predictable IV with CBC Mode",
    'CWE-330' => q"Use of Insufficiently Random Values",
    'CWE-331' => q"Insufficient Entropy",
    'CWE-332' => q"Insufficient Entropy in PRNG",
    'CWE-333' => q"Improper Handling of Insufficient Entropy in TRNG",
    'CWE-334' => q"Small Space of Random Values",
    'CWE-335' => q"Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)",
    'CWE-336' => q"Same Seed in Pseudo-Random Number Generator (PRNG)",
    'CWE-337' => q"Predictable Seed in Pseudo-Random Number Generator (PRNG)",
    'CWE-338' => q"Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
    'CWE-339' => q"Small Seed Space in PRNG",
    'CWE-340' => q"Generation of Predictable Numbers or Identifiers",
    'CWE-341' => q"Predictable from Observable State",
    'CWE-342' => q"Predictable Exact Value from Previous Values",
    'CWE-343' => q"Predictable Value Range from Previous Values",
    'CWE-344' => q"Use of Invariant Value in Dynamically Changing Context",
    'CWE-345' => q"Insufficient Verification of Data Authenticity",
    'CWE-346' => q"Origin Validation Error",
    'CWE-347' => q"Improper Verification of Cryptographic Signature",
    'CWE-348' => q"Use of Less Trusted Source",
    'CWE-349' => q"Acceptance of Extraneous Untrusted Data With Trusted Data",
    'CWE-350' => q"Reliance on Reverse DNS Resolution for a Security-Critical Action",
    'CWE-351' => q"Insufficient Type Distinction",
    'CWE-352' => q"Cross-Site Request Forgery (CSRF)",
    'CWE-353' => q"Missing Support for Integrity Check",
    'CWE-354' => q"Improper Validation of Integrity Check Value",
    'CWE-356' => q"Product UI does not Warn User of Unsafe Actions",
    'CWE-357' => q"Insufficient UI Warning of Dangerous Operations",
    'CWE-358' => q"Improperly Implemented Security Check for Standard",
    'CWE-359' => q"Exposure of Private Personal Information to an Unauthorized Actor",
    'CWE-360' => q"Trust of System Event Data",
    'CWE-362' => q"Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
    'CWE-363' => q"Race Condition Enabling Link Following",
    'CWE-364' => q"Signal Handler Race Condition",
    'CWE-365' => q"DEPRECATED: Race Condition in Switch",
    'CWE-366' => q"Race Condition within a Thread",
    'CWE-367' => q"Time-of-check Time-of-use (TOCTOU) Race Condition",
    'CWE-368' => q"Context Switching Race Condition",
    'CWE-369' => q"Divide By Zero",
    'CWE-370' => q"Missing Check for Certificate Revocation after Initial Check",
    'CWE-372' => q"Incomplete Internal State Distinction",
    'CWE-373' => q"DEPRECATED: State Synchronization Error",
    'CWE-374' => q"Passing Mutable Objects to an Untrusted Method",
    'CWE-375' => q"Returning a Mutable Object to an Untrusted Caller",
    'CWE-377' => q"Insecure Temporary File",
    'CWE-378' => q"Creation of Temporary File With Insecure Permissions",
    'CWE-379' => q"Creation of Temporary File in Directory with Insecure Permissions",
    'CWE-382' => q"J2EE Bad Practices: Use of System.exit()",

lib/CSAF/Util/CWE.pm  view on Meta::CPAN

    'CWE-470' => q"Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')",
    'CWE-471' => q"Modification of Assumed-Immutable Data (MAID)",
    'CWE-472' => q"External Control of Assumed-Immutable Web Parameter",
    'CWE-473' => q"PHP External Variable Modification",
    'CWE-474' => q"Use of Function with Inconsistent Implementations",
    'CWE-475' => q"Undefined Behavior for Input to API",
    'CWE-476' => q"NULL Pointer Dereference",
    'CWE-477' => q"Use of Obsolete Function",
    'CWE-478' => q"Missing Default Case in Multiple Condition Expression",
    'CWE-479' => q"Signal Handler Use of a Non-reentrant Function",
    'CWE-480' => q"Use of Incorrect Operator",
    'CWE-481' => q"Assigning instead of Comparing",
    'CWE-482' => q"Comparing instead of Assigning",
    'CWE-483' => q"Incorrect Block Delimitation",
    'CWE-484' => q"Omitted Break Statement in Switch",
    'CWE-486' => q"Comparison of Classes by Name",
    'CWE-487' => q"Reliance on Package-level Scope",
    'CWE-488' => q"Exposure of Data Element to Wrong Session",
    'CWE-489' => q"Active Debug Code",
    'CWE-491' => q"Public cloneable() Method Without Final ('Object Hijack')",
    'CWE-492' => q"Use of Inner Class Containing Sensitive Data",
    'CWE-493' => q"Critical Public Variable Without Final Modifier",
    'CWE-494' => q"Download of Code Without Integrity Check",
    'CWE-495' => q"Private Data Structure Returned From A Public Method",
    'CWE-496' => q"Public Data Assigned to Private Array-Typed Field",
    'CWE-497' => q"Exposure of Sensitive System Information to an Unauthorized Control Sphere",
    'CWE-498' => q"Cloneable Class Containing Sensitive Information",
    'CWE-499' => q"Serializable Class Containing Sensitive Data",
    'CWE-500' => q"Public Static Field Not Marked Final",
    'CWE-501' => q"Trust Boundary Violation",
    'CWE-502' => q"Deserialization of Untrusted Data",
    'CWE-506' => q"Embedded Malicious Code",
    'CWE-507' => q"Trojan Horse",
    'CWE-508' => q"Non-Replicating Malicious Code",
    'CWE-509' => q"Replicating Malicious Code (Virus or Worm)",
    'CWE-510' => q"Trapdoor",
    'CWE-511' => q"Logic/Time Bomb",
    'CWE-512' => q"Spyware",
    'CWE-514' => q"Covert Channel",
    'CWE-515' => q"Covert Storage Channel",
    'CWE-516' => q"DEPRECATED: Covert Timing Channel",
    'CWE-520' => q".NET Misconfiguration: Use of Impersonation",
    'CWE-521' => q"Weak Password Requirements",
    'CWE-522' => q"Insufficiently Protected Credentials",
    'CWE-523' => q"Unprotected Transport of Credentials",
    'CWE-524' => q"Use of Cache Containing Sensitive Information",
    'CWE-525' => q"Use of Web Browser Cache Containing Sensitive Information",
    'CWE-526' => q"Cleartext Storage of Sensitive Information in an Environment Variable",
    'CWE-527' => q"Exposure of Version-Control Repository to an Unauthorized Control Sphere",
    'CWE-528' => q"Exposure of Core Dump File to an Unauthorized Control Sphere",
    'CWE-529' => q"Exposure of Access Control List Files to an Unauthorized Control Sphere",
    'CWE-530' => q"Exposure of Backup File to an Unauthorized Control Sphere",
    'CWE-531' => q"Inclusion of Sensitive Information in Test Code",
    'CWE-532' => q"Insertion of Sensitive Information into Log File",
    'CWE-533' => q"DEPRECATED: Information Exposure Through Server Log Files",
    'CWE-534' => q"DEPRECATED: Information Exposure Through Debug Log Files",
    'CWE-535' => q"Exposure of Information Through Shell Error Message",
    'CWE-536' => q"Servlet Runtime Error Message Containing Sensitive Information",
    'CWE-537' => q"Java Runtime Error Message Containing Sensitive Information",
    'CWE-538' => q"Insertion of Sensitive Information into Externally-Accessible File or Directory",
    'CWE-539' => q"Use of Persistent Cookies Containing Sensitive Information",
    'CWE-540' => q"Inclusion of Sensitive Information in Source Code",
    'CWE-541' => q"Inclusion of Sensitive Information in an Include File",
    'CWE-542' => q"DEPRECATED: Information Exposure Through Cleanup Log Files",
    'CWE-543' => q"Use of Singleton Pattern Without Synchronization in a Multithreaded Context",
    'CWE-544' => q"Missing Standardized Error Handling Mechanism",
    'CWE-545' => q"DEPRECATED: Use of Dynamic Class Loading",
    'CWE-546' => q"Suspicious Comment",
    'CWE-547' => q"Use of Hard-coded, Security-relevant Constants",
    'CWE-548' => q"Exposure of Information Through Directory Listing",
    'CWE-549' => q"Missing Password Field Masking",
    'CWE-550' => q"Server-generated Error Message Containing Sensitive Information",
    'CWE-551' => q"Incorrect Behavior Order: Authorization Before Parsing and Canonicalization",
    'CWE-552' => q"Files or Directories Accessible to External Parties",
    'CWE-553' => q"Command Shell in Externally Accessible Directory",
    'CWE-554' => q"ASP.NET Misconfiguration: Not Using Input Validation Framework",
    'CWE-555' => q"J2EE Misconfiguration: Plaintext Password in Configuration File",
    'CWE-556' => q"ASP.NET Misconfiguration: Use of Identity Impersonation",
    'CWE-558' => q"Use of getlogin() in Multithreaded Application",
    'CWE-560' => q"Use of umask() with chmod-style Argument",
    'CWE-561' => q"Dead Code",
    'CWE-562' => q"Return of Stack Variable Address",
    'CWE-563' => q"Assignment to Variable without Use",
    'CWE-564' => q"SQL Injection: Hibernate",
    'CWE-565' => q"Reliance on Cookies without Validation and Integrity Checking",
    'CWE-566' => q"Authorization Bypass Through User-Controlled SQL Primary Key",
    'CWE-567' => q"Unsynchronized Access to Shared Data in a Multithreaded Context",
    'CWE-568' => q"finalize() Method Without super.finalize()",
    'CWE-570' => q"Expression is Always False",
    'CWE-571' => q"Expression is Always True",
    'CWE-572' => q"Call to Thread run() instead of start()",
    'CWE-573' => q"Improper Following of Specification by Caller",
    'CWE-574' => q"EJB Bad Practices: Use of Synchronization Primitives",
    'CWE-575' => q"EJB Bad Practices: Use of AWT Swing",
    'CWE-576' => q"EJB Bad Practices: Use of Java I/O",
    'CWE-577' => q"EJB Bad Practices: Use of Sockets",
    'CWE-578' => q"EJB Bad Practices: Use of Class Loader",
    'CWE-579' => q"J2EE Bad Practices: Non-serializable Object Stored in Session",
    'CWE-580' => q"clone() Method Without super.clone()",
    'CWE-581' => q"Object Model Violation: Just One of Equals and Hashcode Defined",
    'CWE-582' => q"Array Declared Public, Final, and Static",
    'CWE-583' => q"finalize() Method Declared Public",
    'CWE-584' => q"Return Inside Finally Block",
    'CWE-585' => q"Empty Synchronized Block",
    'CWE-586' => q"Explicit Call to Finalize()",
    'CWE-587' => q"Assignment of a Fixed Address to a Pointer",
    'CWE-588' => q"Attempt to Access Child of a Non-structure Pointer",
    'CWE-589' => q"Call to Non-ubiquitous API",
    'CWE-590' => q"Free of Memory not on the Heap",
    'CWE-591' => q"Sensitive Data Storage in Improperly Locked Memory",
    'CWE-592' => q"DEPRECATED: Authentication Bypass Issues",
    'CWE-593' => q"Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created",
    'CWE-594' => q"J2EE Framework: Saving Unserializable Objects to Disk",
    'CWE-595' => q"Comparison of Object References Instead of Object Contents",
    'CWE-596' => q"DEPRECATED: Incorrect Semantic Object Comparison",
    'CWE-597' => q"Use of Wrong Operator in String Comparison",
    'CWE-598' => q"Use of GET Request Method With Sensitive Query Strings",
    'CWE-599' => q"Missing Validation of OpenSSL Certificate",
    'CWE-600' => q"Uncaught Exception in Servlet ",
    'CWE-601' => q"URL Redirection to Untrusted Site ('Open Redirect')",
    'CWE-602' => q"Client-Side Enforcement of Server-Side Security",
    'CWE-603' => q"Use of Client-Side Authentication",
    'CWE-605' => q"Multiple Binds to the Same Port",
    'CWE-606' => q"Unchecked Input for Loop Condition",
    'CWE-607' => q"Public Static Final Field References Mutable Object",
    'CWE-608' => q"Struts: Non-private Field in ActionForm Class",
    'CWE-609' => q"Double-Checked Locking",
    'CWE-610' => q"Externally Controlled Reference to a Resource in Another Sphere",
    'CWE-611' => q"Improper Restriction of XML External Entity Reference",
    'CWE-612' => q"Improper Authorization of Index Containing Sensitive Information",
    'CWE-613' => q"Insufficient Session Expiration",
    'CWE-614' => q"Sensitive Cookie in HTTPS Session Without 'Secure' Attribute",
    'CWE-615' => q"Inclusion of Sensitive Information in Source Code Comments",
    'CWE-616' => q"Incomplete Identification of Uploaded File Variables (PHP)",
    'CWE-617' => q"Reachable Assertion",
    'CWE-618' => q"Exposed Unsafe ActiveX Method",
    'CWE-619' => q"Dangling Database Cursor ('Cursor Injection')",
    'CWE-620' => q"Unverified Password Change",
    'CWE-621' => q"Variable Extraction Error",
    'CWE-622' => q"Improper Validation of Function Hook Arguments",
    'CWE-623' => q"Unsafe ActiveX Control Marked Safe For Scripting",
    'CWE-624' => q"Executable Regular Expression Error",
    'CWE-625' => q"Permissive Regular Expression",
    'CWE-626' => q"Null Byte Interaction Error (Poison Null Byte)",
    'CWE-627' => q"Dynamic Variable Evaluation",
    'CWE-628' => q"Function Call with Incorrectly Specified Arguments",
    'CWE-636' => q"Not Failing Securely ('Failing Open')",
    'CWE-637' => q"Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')",
    'CWE-638' => q"Not Using Complete Mediation",
    'CWE-639' => q"Authorization Bypass Through User-Controlled Key",
    'CWE-640' => q"Weak Password Recovery Mechanism for Forgotten Password",
    'CWE-641' => q"Improper Restriction of Names for Files and Other Resources",
    'CWE-642' => q"External Control of Critical State Data",
    'CWE-643' => q"Improper Neutralization of Data within XPath Expressions ('XPath Injection')",
    'CWE-644' => q"Improper Neutralization of HTTP Headers for Scripting Syntax",
    'CWE-645' => q"Overly Restrictive Account Lockout Mechanism",
    'CWE-646' => q"Reliance on File Name or Extension of Externally-Supplied File",
    'CWE-647' => q"Use of Non-Canonical URL Paths for Authorization Decisions",
    'CWE-648' => q"Incorrect Use of Privileged APIs",
    'CWE-649' => q"Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking",
    'CWE-650' => q"Trusting HTTP Permission Methods on the Server Side",
    'CWE-651' => q"Exposure of WSDL File Containing Sensitive Information",
    'CWE-652' => q"Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')",
    'CWE-653' => q"Improper Isolation or Compartmentalization",
    'CWE-654' => q"Reliance on a Single Factor in a Security Decision",
    'CWE-655' => q"Insufficient Psychological Acceptability",
    'CWE-656' => q"Reliance on Security Through Obscurity",
    'CWE-657' => q"Violation of Secure Design Principles",
    'CWE-662' => q"Improper Synchronization",
    'CWE-663' => q"Use of a Non-reentrant Function in a Concurrent Context",
    'CWE-664' => q"Improper Control of a Resource Through its Lifetime",
    'CWE-665' => q"Improper Initialization",
    'CWE-666' => q"Operation on Resource in Wrong Phase of Lifetime",
    'CWE-667' => q"Improper Locking",
    'CWE-668' => q"Exposure of Resource to Wrong Sphere",
    'CWE-669' => q"Incorrect Resource Transfer Between Spheres",
    'CWE-670' => q"Always-Incorrect Control Flow Implementation",
    'CWE-671' => q"Lack of Administrator Control over Security",
    'CWE-672' => q"Operation on a Resource after Expiration or Release",
    'CWE-673' => q"External Influence of Sphere Definition",
    'CWE-674' => q"Uncontrolled Recursion",
    'CWE-675' => q"Multiple Operations on Resource in Single-Operation Context",
    'CWE-676' => q"Use of Potentially Dangerous Function",
    'CWE-680' => q"Integer Overflow to Buffer Overflow",
    'CWE-681' => q"Incorrect Conversion between Numeric Types",
    'CWE-682' => q"Incorrect Calculation",
    'CWE-683' => q"Function Call With Incorrect Order of Arguments",
    'CWE-684' => q"Incorrect Provision of Specified Functionality",
    'CWE-685' => q"Function Call With Incorrect Number of Arguments",
    'CWE-686' => q"Function Call With Incorrect Argument Type",
    'CWE-687' => q"Function Call With Incorrectly Specified Argument Value",
    'CWE-688' => q"Function Call With Incorrect Variable or Reference as Argument",
    'CWE-689' => q"Permission Race Condition During Resource Copy",
    'CWE-690' => q"Unchecked Return Value to NULL Pointer Dereference",
    'CWE-691' => q"Insufficient Control Flow Management",
    'CWE-692' => q"Incomplete Denylist to Cross-Site Scripting",
    'CWE-693' => q"Protection Mechanism Failure",
    'CWE-694' => q"Use of Multiple Resources with Duplicate Identifier",
    'CWE-695' => q"Use of Low-Level Functionality",
    'CWE-696' => q"Incorrect Behavior Order",
    'CWE-697' => q"Incorrect Comparison",
    'CWE-698' => q"Execution After Redirect (EAR)",
    'CWE-703' => q"Improper Check or Handling of Exceptional Conditions",
    'CWE-704' => q"Incorrect Type Conversion or Cast",
    'CWE-705' => q"Incorrect Control Flow Scoping",
    'CWE-706' => q"Use of Incorrectly-Resolved Name or Reference",
    'CWE-707' => q"Improper Neutralization",
    'CWE-708' => q"Incorrect Ownership Assignment",
    'CWE-710' => q"Improper Adherence to Coding Standards",
    'CWE-732' => q"Incorrect Permission Assignment for Critical Resource",
    'CWE-733' => q"Compiler Optimization Removal or Modification of Security-critical Code",
    'CWE-749' => q"Exposed Dangerous Method or Function",
    'CWE-754' => q"Improper Check for Unusual or Exceptional Conditions",
    'CWE-755' => q"Improper Handling of Exceptional Conditions",
    'CWE-756' => q"Missing Custom Error Page",
    'CWE-757' => q"Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')",
    'CWE-758' => q"Reliance on Undefined, Unspecified, or Implementation-Defined Behavior",
    'CWE-759' => q"Use of a One-Way Hash without a Salt",
    'CWE-760' => q"Use of a One-Way Hash with a Predictable Salt",
    'CWE-761' => q"Free of Pointer not at Start of Buffer",
    'CWE-762' => q"Mismatched Memory Management Routines",
    'CWE-763' => q"Release of Invalid Pointer or Reference",
    'CWE-764' => q"Multiple Locks of a Critical Resource",
    'CWE-765' => q"Multiple Unlocks of a Critical Resource",
    'CWE-766' => q"Critical Data Element Declared Public",
    'CWE-767' => q"Access to Critical Private Variable via Public Method",
    'CWE-768' => q"Incorrect Short Circuit Evaluation",
    'CWE-769' => q"DEPRECATED: Uncontrolled File Descriptor Consumption",
    'CWE-770' => q"Allocation of Resources Without Limits or Throttling",
    'CWE-771' => q"Missing Reference to Active Allocated Resource",
    'CWE-772' => q"Missing Release of Resource after Effective Lifetime",
    'CWE-773' => q"Missing Reference to Active File Descriptor or Handle",
    'CWE-774' => q"Allocation of File Descriptors or Handles Without Limits or Throttling",
    'CWE-775' => q"Missing Release of File Descriptor or Handle after Effective Lifetime",
    'CWE-776' => q"Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')",
    'CWE-777' => q"Regular Expression without Anchors",
    'CWE-778' => q"Insufficient Logging",
    'CWE-779' => q"Logging of Excessive Data",
    'CWE-780' => q"Use of RSA Algorithm without OAEP",
    'CWE-781' => q"Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code",
    'CWE-782' => q"Exposed IOCTL with Insufficient Access Control",
    'CWE-783' => q"Operator Precedence Logic Error",
    'CWE-784' => q"Reliance on Cookies without Validation and Integrity Checking in a Security Decision",
    'CWE-785' => q"Use of Path Manipulation Function without Maximum-sized Buffer",
    'CWE-786' => q"Access of Memory Location Before Start of Buffer",
    'CWE-787' => q"Out-of-bounds Write",
    'CWE-788' => q"Access of Memory Location After End of Buffer",
    'CWE-789' => q"Memory Allocation with Excessive Size Value",
    'CWE-790' => q"Improper Filtering of Special Elements",
    'CWE-791' => q"Incomplete Filtering of Special Elements",
    'CWE-792' => q"Incomplete Filtering of One or More Instances of Special Elements",
    'CWE-793' => q"Only Filtering One Instance of a Special Element",
    'CWE-794' => q"Incomplete Filtering of Multiple Instances of Special Elements",
    'CWE-795' => q"Only Filtering Special Elements at a Specified Location",
    'CWE-796' => q"Only Filtering Special Elements Relative to a Marker",
    'CWE-797' => q"Only Filtering Special Elements at an Absolute Position",
    'CWE-798' => q"Use of Hard-coded Credentials",
    'CWE-799' => q"Improper Control of Interaction Frequency",
    'CWE-804' => q"Guessable CAPTCHA",
    'CWE-805' => q"Buffer Access with Incorrect Length Value",
    'CWE-806' => q"Buffer Access Using Size of Source Buffer",
    'CWE-807' => q"Reliance on Untrusted Inputs in a Security Decision",
    'CWE-820' => q"Missing Synchronization",
    'CWE-821' => q"Incorrect Synchronization",
    'CWE-822' => q"Untrusted Pointer Dereference",
    'CWE-823' => q"Use of Out-of-range Pointer Offset",
    'CWE-824' => q"Access of Uninitialized Pointer",
    'CWE-825' => q"Expired Pointer Dereference",
    'CWE-826' => q"Premature Release of Resource During Expected Lifetime",
    'CWE-827' => q"Improper Control of Document Type Definition",
    'CWE-828' => q"Signal Handler with Functionality that is not Asynchronous-Safe",
    'CWE-829' => q"Inclusion of Functionality from Untrusted Control Sphere",
    'CWE-830' => q"Inclusion of Web Functionality from an Untrusted Source",
    'CWE-831' => q"Signal Handler Function Associated with Multiple Signals",
    'CWE-832' => q"Unlock of a Resource that is not Locked",
    'CWE-833' => q"Deadlock",
    'CWE-834' => q"Excessive Iteration",
    'CWE-835' => q"Loop with Unreachable Exit Condition ('Infinite Loop')",
    'CWE-836' => q"Use of Password Hash Instead of Password for Authentication",
    'CWE-837' => q"Improper Enforcement of a Single, Unique Action",
    'CWE-838' => q"Inappropriate Encoding for Output Context",
    'CWE-839' => q"Numeric Range Comparison Without Minimum Check",
    'CWE-841' => q"Improper Enforcement of Behavioral Workflow",
    'CWE-842' => q"Placement of User into Incorrect Group",
    'CWE-843' => q"Access of Resource Using Incompatible Type ('Type Confusion')",
    'CWE-862' => q"Missing Authorization",
    'CWE-863' => q"Incorrect Authorization",
    'CWE-908' => q"Use of Uninitialized Resource",
    'CWE-909' => q"Missing Initialization of Resource",
    'CWE-910' => q"Use of Expired File Descriptor",
    'CWE-911' => q"Improper Update of Reference Count",
    'CWE-912' => q"Hidden Functionality",
    'CWE-913' => q"Improper Control of Dynamically-Managed Code Resources",
    'CWE-914' => q"Improper Control of Dynamically-Identified Variables",
    'CWE-915' => q"Improperly Controlled Modification of Dynamically-Determined Object Attributes",
    'CWE-916' => q"Use of Password Hash With Insufficient Computational Effort",
    'CWE-917' =>
        "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')",
    'CWE-918'  => q"Server-Side Request Forgery (SSRF)",
    'CWE-920'  => q"Improper Restriction of Power Consumption",
    'CWE-921'  => q"Storage of Sensitive Data in a Mechanism without Access Control",
    'CWE-922'  => q"Insecure Storage of Sensitive Information",
    'CWE-923'  => q"Improper Restriction of Communication Channel to Intended Endpoints",
    'CWE-924'  => q"Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
    'CWE-925'  => q"Improper Verification of Intent by Broadcast Receiver",
    'CWE-926'  => q"Improper Export of Android Application Components",
    'CWE-927'  => q"Use of Implicit Intent for Sensitive Communication",
    'CWE-939'  => q"Improper Authorization in Handler for Custom URL Scheme",
    'CWE-940'  => q"Improper Verification of Source of a Communication Channel",
    'CWE-941'  => q"Incorrectly Specified Destination in a Communication Channel",
    'CWE-942'  => q"Permissive Cross-domain Policy with Untrusted Domains",
    'CWE-943'  => q"Improper Neutralization of Special Elements in Data Query Logic",
    'CWE-1004' => q"Sensitive Cookie Without 'HttpOnly' Flag",
    'CWE-1007' => q"Insufficient Visual Distinction of Homoglyphs Presented to User",
    'CWE-1021' => q"Improper Restriction of Rendered UI Layers or Frames",
    'CWE-1022' => q"Use of Web Link to Untrusted Target with window.opener Access",
    'CWE-1023' => q"Incomplete Comparison with Missing Factors",
    'CWE-1024' => q"Comparison of Incompatible Types",
    'CWE-1025' => q"Comparison Using Wrong Factors",
    'CWE-1037' => q"Processor Optimization Removal or Modification of Security-critical Code",
    'CWE-1038' => q"Insecure Automated Optimizations",
    'CWE-1039' =>
        "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
    'CWE-1041' => q"Use of Redundant Code",
    'CWE-1042' => q"Static Member Data Element outside of a Singleton Class Element",
    'CWE-1043' => q"Data Element Aggregating an Excessively Large Number of Non-Primitive Elements",
    'CWE-1044' => q"Architecture with Number of Horizontal Layers Outside of Expected Range",
    'CWE-1045' => q"Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor",
    'CWE-1046' => q"Creation of Immutable Text Using String Concatenation",
    'CWE-1047' => q"Modules with Circular Dependencies",
    'CWE-1048' => q"Invokable Control Element with Large Number of Outward Calls",
    'CWE-1049' => q"Excessive Data Query Operations in a Large Data Table",
    'CWE-1050' => q"Excessive Platform Resource Consumption within a Loop",
    'CWE-1051' => q"Initialization with Hard-Coded Network Resource Configuration Data",
    'CWE-1052' => q"Excessive Use of Hard-Coded Literals in Initialization",
    'CWE-1053' => q"Missing Documentation for Design",
    'CWE-1054' => q"Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer",
    'CWE-1055' => q"Multiple Inheritance from Concrete Classes",
    'CWE-1056' => q"Invokable Control Element with Variadic Parameters",
    'CWE-1057' => q"Data Access Operations Outside of Expected Data Manager Component",
    'CWE-1058' => q"Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element",
    'CWE-1059' => q"Insufficient Technical Documentation",
    'CWE-1060' => q"Excessive Number of Inefficient Server-Side Data Accesses",
    'CWE-1061' => q"Insufficient Encapsulation",
    'CWE-1062' => q"Parent Class with References to Child Class",
    'CWE-1063' => q"Creation of Class Instance within a Static Code Block",
    'CWE-1064' => q"Invokable Control Element with Signature Containing an Excessive Number of Parameters",
    'CWE-1065' => q"Runtime Resource Management Control Element in a Component Built to Run on Application Servers",
    'CWE-1066' => q"Missing Serialization Control Element",
    'CWE-1067' => q"Excessive Execution of Sequential Searches of Data Resource",
    'CWE-1068' => q"Inconsistency Between Implementation and Documented Design",
    'CWE-1069' => q"Empty Exception Block",
    'CWE-1070' => q"Serializable Data Element Containing non-Serializable Item Elements",
    'CWE-1071' => q"Empty Code Block",
    'CWE-1072' => q"Data Resource Access without Use of Connection Pooling",
    'CWE-1073' => q"Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses",
    'CWE-1074' => q"Class with Excessively Deep Inheritance",
    'CWE-1075' => q"Unconditional Control Flow Transfer outside of Switch Block",
    'CWE-1076' => q"Insufficient Adherence to Expected Conventions",
    'CWE-1077' => q"Floating Point Comparison with Incorrect Operator",
    'CWE-1078' => q"Inappropriate Source Code Style or Formatting",
    'CWE-1079' => q"Parent Class without Virtual Destructor Method",
    'CWE-1080' => q"Source Code File with Excessive Number of Lines of Code",
    'CWE-1082' => q"Class Instance Self Destruction Control Element",
    'CWE-1083' => q"Data Access from Outside Expected Data Manager Component",
    'CWE-1084' => q"Invokable Control Element with Excessive File or Data Access Operations",
    'CWE-1085' => q"Invokable Control Element with Excessive Volume of Commented-out Code",
    'CWE-1086' => q"Class with Excessive Number of Child Classes",
    'CWE-1087' => q"Class with Virtual Method without a Virtual Destructor",
    'CWE-1088' => q"Synchronous Access of Remote Resource without Timeout",
    'CWE-1089' => q"Large Data Table with Excessive Number of Indices",
    'CWE-1090' => q"Method Containing Access of a Member Element from Another Class",
    'CWE-1091' => q"Use of Object without Invoking Destructor Method",

lib/CSAF/Util/CWE.pm  view on Meta::CPAN

    'CWE-1176' => q"Inefficient CPU Computation",
    'CWE-1177' => q"Use of Prohibited Code",
    'CWE-1187' => q"DEPRECATED: Use of Uninitialized Resource",
    'CWE-1188' => q"Initialization of a Resource with an Insecure Default",
    'CWE-1189' => q"Improper Isolation of Shared Resources on System-on-a-Chip (SoC)",
    'CWE-1190' => q"DMA Device Enabled Too Early in Boot Phase",
    'CWE-1191' => q"On-Chip Debug and Test Interface With Improper Access Control",
    'CWE-1192' => q"Improper Identifier for IP Block used in System-On-Chip (SOC)",
    'CWE-1193' => q"Power-On of Untrusted Execution Core Before Enabling Fabric Access Control",
    'CWE-1204' => q"Generation of Weak Initialization Vector (IV)",
    'CWE-1209' => q"Failure to Disable Reserved Bits",
    'CWE-1220' => q"Insufficient Granularity of Access Control",
    'CWE-1221' => q"Incorrect Register Defaults or Module Parameters",
    'CWE-1222' => q"Insufficient Granularity of Address Regions Protected by Register Locks",
    'CWE-1223' => q"Race Condition for Write-Once Attributes",
    'CWE-1224' => q"Improper Restriction of Write-Once Bit Fields",
    'CWE-1229' => q"Creation of Emergent Resource",
    'CWE-1230' => q"Exposure of Sensitive Information Through Metadata",
    'CWE-1231' => q"Improper Prevention of Lock Bit Modification",
    'CWE-1232' => q"Improper Lock Behavior After Power State Transition",
    'CWE-1233' => q"Security-Sensitive Hardware Controls with Missing Lock Bit Protection",
    'CWE-1234' => q"Hardware Internal or Debug Modes Allow Override of Locks",
    'CWE-1235' => q"Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations",
    'CWE-1236' => q"Improper Neutralization of Formula Elements in a CSV File",
    'CWE-1239' => q"Improper Zeroization of Hardware Register",
    'CWE-1240' => q"Use of a Cryptographic Primitive with a Risky Implementation",
    'CWE-1241' => q"Use of Predictable Algorithm in Random Number Generator",
    'CWE-1242' => q"Inclusion of Undocumented Features or Chicken Bits",
    'CWE-1243' => q"Sensitive Non-Volatile Information Not Protected During Debug",
    'CWE-1244' => q"Internal Asset Exposed to Unsafe Debug Access Level or State",
    'CWE-1245' => q"Improper Finite State Machines (FSMs) in Hardware Logic",
    'CWE-1246' => q"Improper Write Handling in Limited-write Non-Volatile Memories",
    'CWE-1247' => q"Improper Protection Against Voltage and Clock Glitches",
    'CWE-1248' => q"Semiconductor Defects in Hardware Logic with Security-Sensitive Implications",
    'CWE-1249' => q"Application-Level Admin Tool with Inconsistent View of Underlying Operating System",
    'CWE-1250' => q"Improper Preservation of Consistency Between Independent Representations of Shared State",
    'CWE-1251' => q"Mirrored Regions with Different Values",
    'CWE-1252' => q"CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations",
    'CWE-1253' => q"Incorrect Selection of Fuse Values",
    'CWE-1254' => q"Incorrect Comparison Logic Granularity",
    'CWE-1255' => q"Comparison Logic is Vulnerable to Power Side-Channel Attacks",
    'CWE-1256' => q"Improper Restriction of Software Interfaces to Hardware Features",
    'CWE-1257' => q"Improper Access Control Applied to Mirrored or Aliased Memory Regions",
    'CWE-1258' => q"Exposure of Sensitive System Information Due to Uncleared Debug Information",
    'CWE-1259' => q"Improper Restriction of Security Token Assignment",
    'CWE-1260' => q"Improper Handling of Overlap Between Protected Memory Ranges",
    'CWE-1261' => q"Improper Handling of Single Event Upsets",
    'CWE-1262' => q"Improper Access Control for Register Interface",
    'CWE-1263' => q"Improper Physical Access Control",
    'CWE-1264' => q"Hardware Logic with Insecure De-Synchronization between Control and Data Channels",
    'CWE-1265' => q"Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls",
    'CWE-1266' => q"Improper Scrubbing of Sensitive Data from Decommissioned Device",
    'CWE-1267' => q"Policy Uses Obsolete Encoding",
    'CWE-1268' => q"Policy Privileges are not Assigned Consistently Between Control and Data Agents",
    'CWE-1269' => q"Product Released in Non-Release Configuration",
    'CWE-1270' => q"Generation of Incorrect Security Tokens",
    'CWE-1271' => q"Uninitialized Value on Reset for Registers Holding Security Settings",
    'CWE-1272' => q"Sensitive Information Uncleared Before Debug/Power State Transition",
    'CWE-1273' => q"Device Unlock Credential Sharing",
    'CWE-1274' => q"Improper Access Control for Volatile Memory Containing Boot Code",
    'CWE-1275' => q"Sensitive Cookie with Improper SameSite Attribute",
    'CWE-1276' => q"Hardware Child Block Incorrectly Connected to Parent System",
    'CWE-1277' => q"Firmware Not Updateable",
    'CWE-1278' =>
        "Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques",
    'CWE-1279' => q"Cryptographic Operations are run Before Supporting Units are Ready",
    'CWE-1280' => q"Access Control Check Implemented After Asset is Accessed",
    'CWE-1281' => q"Sequence of Processor Instructions Leads to Unexpected Behavior",
    'CWE-1282' => q"Assumed-Immutable Data is Stored in Writable Memory",
    'CWE-1283' => q"Mutable Attestation or Measurement Reporting Data",
    'CWE-1284' => q"Improper Validation of Specified Quantity in Input",
    'CWE-1285' => q"Improper Validation of Specified Index, Position, or Offset in Input",
    'CWE-1286' => q"Improper Validation of Syntactic Correctness of Input",
    'CWE-1287' => q"Improper Validation of Specified Type of Input",
    'CWE-1288' => q"Improper Validation of Consistency within Input",
    'CWE-1289' => q"Improper Validation of Unsafe Equivalence in Input",
    'CWE-1290' => q"Incorrect Decoding of Security Identifiers ",
    'CWE-1291' => q"Public Key Re-Use for Signing both Debug and Production Code",
    'CWE-1292' => q"Incorrect Conversion of Security Identifiers",
    'CWE-1293' => q"Missing Source Correlation of Multiple Independent Data",
    'CWE-1294' => q"Insecure Security Identifier Mechanism",
    'CWE-1295' => q"Debug Messages Revealing Unnecessary Information",
    'CWE-1296' => q"Incorrect Chaining or Granularity of Debug Components",
    'CWE-1297' => q"Unprotected Confidential Information on Device is Accessible by OSAT Vendors",
    'CWE-1298' => q"Hardware Logic Contains Race Conditions",
    'CWE-1299' => q"Missing Protection Mechanism for Alternate Hardware Interface",
    'CWE-1300' => q"Improper Protection of Physical Side Channels",
    'CWE-1301' => q"Insufficient or Incomplete Data Removal within Hardware Component",
    'CWE-1302' => q"Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)",
    'CWE-1303' => q"Non-Transparent Sharing of Microarchitectural Resources",
    'CWE-1304' =>
        "Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation",
    'CWE-1310' => q"Missing Ability to Patch ROM Code",
    'CWE-1311' => q"Improper Translation of Security Attributes by Fabric Bridge",
    'CWE-1312' => q"Missing Protection for Mirrored Regions in On-Chip Fabric Firewall",
    'CWE-1313' => q"Hardware Allows Activation of Test or Debug Logic at Runtime",
    'CWE-1314' => q"Missing Write Protection for Parametric Data Values",
    'CWE-1315' => q"Improper Setting of Bus Controlling Capability in Fabric End-point",
    'CWE-1316' => q"Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges",
    'CWE-1317' => q"Improper Access Control in Fabric Bridge",
    'CWE-1318' => q"Missing Support for Security Features in On-chip Fabrics or Buses",
    'CWE-1319' => q"Improper Protection against Electromagnetic Fault Injection (EM-FI)",
    'CWE-1320' => q"Improper Protection for Outbound Error Messages and Alert Signals",
    'CWE-1321' => q"Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')",
    'CWE-1322' => q"Use of Blocking Code in Single-threaded, Non-blocking Context",
    'CWE-1323' => q"Improper Management of Sensitive Trace Data",
    'CWE-1324' => q"DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface",
    'CWE-1325' => q"Improperly Controlled Sequential Memory Allocation",
    'CWE-1326' => q"Missing Immutable Root of Trust in Hardware",
    'CWE-1327' => q"Binding to an Unrestricted IP Address",
    'CWE-1328' => q"Security Version Number Mutable to Older Versions",
    'CWE-1329' => q"Reliance on Component That is Not Updateable",
    'CWE-1330' => q"Remanent Data Readable after Memory Erase",
    'CWE-1331' => q"Improper Isolation of Shared Resources in Network On Chip (NoC)",
    'CWE-1332' => q"Improper Handling of Faults that Lead to Instruction Skips",
    'CWE-1333' => q"Inefficient Regular Expression Complexity",
    'CWE-1334' => q"Unauthorized Error Injection Can Degrade Hardware Redundancy",
    'CWE-1335' => q"Incorrect Bitwise Shift of Integer",
    'CWE-1336' => q"Improper Neutralization of Special Elements Used in a Template Engine",
    'CWE-1338' => q"Improper Protections Against Hardware Overheating",
    'CWE-1339' => q"Insufficient Precision or Accuracy of a Real Number",



( run in 1.852 second using v1.01-cache-2.11-cpan-6aa56a78535 )