Weakness

Select the type of the potential issue you have discovered. Can't pick just one?
Select the best match or submit a separate report for each distinct weakness.

Absolute Path Traversal(CWE-36)

Absolute Path Traversal(CAPEC-597)

Acceptance of Extraneous Untrusted Data With Trusted Data(CWE-349)

Access Control Check Implemented After Asset is Accessed(CWE-1280)

Accessing Functionality Not Properly Constrained by ACLs(CAPEC-1)

Accessing/Intercepting/Modifying HTTP Cookies(CAPEC-31)

Access of Memory Location After End of Buffer(CWE-788)

Access of Memory Location Before Start of Buffer(CWE-786)

Access of Uninitialized Pointer(CWE-824)

Access to Critical Private Variable via Public Method(CWE-767)

Account Footprinting(CAPEC-575)

Action Spoofing(CAPEC-173)

Active OS Fingerprinting(CAPEC-312)

Adding a Space to a File Extension(CAPEC-649)

Addition of Data Structure Sentinel(CWE-464)

Add Malicious File to Shared Webroot(CAPEC-563)

Adversary in the Browser (AiTB)(CAPEC-662)

Adversary in the Middle (AiTM)(CAPEC-94)

AJAX Footprinting(CAPEC-85)

Allocation of File Descriptors or Handles Without Limits or Throttling(CWE-774)

Allocation of Resources Without Limits or Throttling(CWE-770)

Alteration of a Software Update(CAPEC-669)

Altered Component Firmware(CAPEC-638)

Altered Installed BIOS(CAPEC-532)

Alternative Execution Due to Deceptive Filenames(CAPEC-635)

Always-Incorrect Control Flow Implementation(CWE-670)

Amplification(CAPEC-490)

Analysis of Packet Timing and Sizes(CAPEC-621)

Android Activity Hijack(CAPEC-501)

Android Intent Intercept(CAPEC-499)

Application API Button Hijacking(CAPEC-388)

Application API Message Manipulation via Man-in-the-Middle(CAPEC-384)

Application API Navigation Remapping(CAPEC-386)

Application Fingerprinting(CAPEC-541)

Application-Level Admin Tool with Inconsistent View of Underlying Operating

System(CWE-1249)

Architecture with Number of Horizontal Layers Outside of Expected Range(CWE-1044)

Argument Injection(CAPEC-6)

Array Declared Public, Final, and Static(CWE-582)

Array Index Underflow(CWE-129)

Artificially Inflate File Sizes(CAPEC-572)

ASIC With Malicious Functionality(CAPEC-539)

ASP.NET Misconfiguration: Creating Debug Binary(CWE-11)

ASP.NET Misconfiguration: Improper Model Validation(CWE-1174)

ASP.NET Misconfiguration: Missing Custom Error Page(CWE-12)

ASP.NET Misconfiguration: Not Using Input Validation Framework(CWE-554)

ASP.NET Misconfiguration: Password in Configuration File(CWE-13)

ASP.NET Misconfiguration: Use of Identity Impersonation(CWE-556)

Assigning instead of Comparing(CWE-481)

Assignment of a Fixed Address to a Pointer(CWE-587)

Assignment to Variable without Use(CWE-563)

Assumed-Immutable Data is Stored in Writable Memory(CWE-1282)

Asymmetric Resource Consumption (Amplification)(CWE-405)

Attempt to Access Child of a Non-structure Pointer(CWE-588)

Audit Log Manipulation(CAPEC-268)

Authentication Abuse(CAPEC-114)

Authentication Bypass(CAPEC-115)

Authentication Bypass by Alternate Name(CWE-289)

Authentication Bypass by Assumed-Immutable Data(CWE-302)

Authentication Bypass by Capture-replay(CWE-294)

Authentication Bypass by Primary Weakness(CWE-305)

Authentication Bypass by Spoofing(CWE-290)

Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are
Created(CWE-593)

Authentication Bypass Using an Alternate Path or Channel(CWE-288)

Authorization Bypass Through User-Controlled SQL Primary Key(CWE-566)

Automated Recognition Mechanism with Inadequate Detection or Handling of

Adversarial Input Perturbations(CWE-1039)

Avoid Security Tool Identification by Adding Data(CAPEC-655)

Behavioral Change in New Version or Environment(CWE-439)

BGP Route Disabling(CAPEC-584)

Binding to an Unrestricted IP Address(CWE-1327)

BitSquatting(CAPEC-611)

Black Box Reverse Engineering(CAPEC-189)

Blind SQL Injection(CAPEC-7)

Block Access to Libraries(CAPEC-96)

Blockage(CAPEC-603)

Block Logging to Central Repository(CAPEC-571)

Blue Boxing(CAPEC-5)

BlueSmacking(CAPEC-666)

Bluetooth Impersonation AttackS (BIAS)(CAPEC-667)

Browser Fingerprinting(CAPEC-472)

Browser in the Middle (BiTM)(CAPEC-701)

Brute Force(CAPEC-112)

Buffer Access Using Size of Source Buffer(CWE-806)

Buffer Access with Incorrect Length Value(CWE-805)

Buffer Manipulation(CAPEC-123)

Buffer Overflow in an API Call(CAPEC-8)

Buffer Overflow in Local Command-Line Utilities(CAPEC-9)

Buffer Overflow via Environment Variables(CAPEC-10)

Buffer Overflow via Parameter Expansion(CAPEC-47)

Buffer Overflow via Symbolic Links(CAPEC-45)

Buffer Over-read(CWE-126)

Buffer Underflow(CWE-124)

Buffer Under-read(CWE-127)

Business Logic Errors(CWE-840)

Bypassing ATA Password Security(CAPEC-402)

Bypassing Electronic Locks and Access Controls(CAPEC-395)

Bypassing of Intermediate Forms in Multiple-Form Sets(CAPEC-140)

Bypassing Physical Locks(CAPEC-391)

Bypassing Physical Security(CAPEC-390)

Cache Poisoning(CAPEC-141)

Callable with Insufficient Behavioral Summary(CWE-1117)

Calling Micro-Services Directly(CAPEC-179)

Call to Non-ubiquitous API(CWE-589)

Call to Thread run() instead of start()(CWE-572)

Capture Credentials via Keylogger(CAPEC-568)

Carry-Off GPS Attack(CAPEC-628)

Cause Web Server Misclassification(CAPEC-11)

Cellular Broadcast Message Request(CAPEC-618)

Cellular Data Injection(CAPEC-610)

Cellular Jamming(CAPEC-605)

Cellular Rogue Base Station(CAPEC-617)

Cellular Traffic Intercept(CAPEC-609)

Checksum Spoofing(CAPEC-145)

Choosing Message Identifier(CAPEC-12)

Classic Buffer Overflow(CWE-120)

Class Instance Self Destruction Control Element(CWE-1082)

Class with Excessively Deep Inheritance(CWE-1074)

Class with Excessive Number of Child Classes(CWE-1086)

Class with Virtual Method without a Virtual Destructor(CWE-1087)

Cleartext Storage in a File or on Disk(CWE-313)

Cleartext Storage in the Registry(CWE-314)

Cleartext Storage of Sensitive Information(CWE-312)

Cleartext Storage of Sensitive Information in a Cookie(CWE-315)

Cleartext Storage of Sensitive Information in Executable(CWE-318)

Cleartext Storage of Sensitive Information in GUI(CWE-317)

Cleartext Storage of Sensitive Information in Memory(CWE-316)

Cleartext Transmission of Sensitive Information(CWE-319)

Client-Server Protocol Manipulation(CAPEC-220)

Client-Side Enforcement of Server-Side Security(CWE-602)

Client-side Injection-induced Buffer Overflow(CAPEC-14)

Cloneable Class Containing Sensitive Information(CWE-498)

clone() Method Without super.clone()(CWE-580)

Cloning Magnetic Strip Cards(CAPEC-397)

Cloning RFID Cards or Chips(CAPEC-399)

Code Inclusion(CAPEC-175)

Code Injection(CAPEC-242)

Code Injection(CWE-94)

Collapse of Data into Unsafe Value(CWE-182)

Collect Data as Provided by Users(CAPEC-569)

Collect Data from Clipboard(CAPEC-637)

Collect Data from Common Resource Locations(CAPEC-150)

Collect Data from Registries(CAPEC-647)

Collect Data from Screen Capture(CAPEC-648)

Command Delimiters(CAPEC-15)

Command Injection(CAPEC-248)
Command Injection - Generic(CWE-77)

Command Line Execution through SQL Injection(CAPEC-108)

Command Shell in Externally Accessible Directory(CWE-553)

Communication Channel Manipulation(CAPEC-216)

Comparing instead of Assigning(CWE-482)

Comparison Logic is Vulnerable to Power Side-Channel Attacks(CWE-1255)

Comparison of Classes by Name(CWE-486)

Comparison of Incompatible Types(CWE-1024)

Comparison of Object References Instead of Object Contents(CWE-595)

Comparison Using Wrong Factors(CWE-1025)

Compilation with Insufficient Warnings or Errors(CWE-1127)

Compiler Optimization Removal or Modification of Security-critical Code(CWE-733)

Compiler Removal of Code to Clear Buffers(CWE-14)

Compromising Emanations Attack(CAPEC-623)

Concurrent Execution using Shared Resource with Improper Synchronization ('Race

Condition')(CWE-362)

Configuration/Environment Manipulation(CAPEC-176)

Connection Reset(CAPEC-595)

Contaminate Resource(CAPEC-548)

Content Spoofing(CAPEC-148)

Content Spoofing Via Application API Manipulation(CAPEC-389)

Context Switching Race Condition(CWE-368)

Contradictory Destinations in Traffic Routing Schemes(CAPEC-481)

Counterfeit GPS Signals(CAPEC-627)

Counterfeit Hardware Component Inserted During Product Assembly(CAPEC-520)

Counterfeit Organizations(CAPEC-544)

Counterfeit Websites(CAPEC-543)

Covert Channel(CWE-514)

Covert Storage Channel(CWE-515)

Covert Timing Channel(CWE-385)

CPU Hardware Not Configured to Support Exclusivity of Write and Execute
Operations(CWE-1252)

Create files with the same name as files protected with a higher
classification(CAPEC-177)

Create Malicious Client(CAPEC-202)

Creating a Rogue Certification Authority Certificate(CAPEC-459)

Creation of chroot Jail Without Changing Working Directory(CWE-243)

Creation of Class Instance within a Static Code Block(CWE-1063)

Creation of Emergent Resource(CWE-1229)

Creation of Immutable Text Using String Concatenation(CWE-1046)

Creation of Temporary File in Directory with Insecure Permissions(CWE-379)

Creation of Temporary File With Insecure Permissions(CWE-378)

Credential Prompt Impersonation(CAPEC-654)

Credential Stuffing(CAPEC-600)

Critical Data Element Declared Public(CWE-766)

Critical Public Variable Without Final Modifier(CWE-493)

CRLF Injection(CWE-93)

Cross-Domain Search Timing(CAPEC-462)

Cross Frame Scripting (XFS)(CAPEC-587)

Cross-Site Flashing(CAPEC-178)

Cross Site Identification(CAPEC-467)

Cross Site Request Forgery(CAPEC-62)

Cross-Site Request Forgery (CSRF)(CWE-352)

Cross-Site Scripting (XSS)(CAPEC-63)

Cross-site Scripting (XSS) - DOM(CWE-79)

Cross-site Scripting (XSS) - Generic(CWE-79)

Cross-site Scripting (XSS) - Reflected(CWE-79)

Cross-site Scripting (XSS) - Stored(CWE-79)

Cross Site Tracing(CAPEC-107)

Cross Zone Scripting(CAPEC-104)

Cryptanalysis(CAPEC-97)
Cryptanalysis of Cellular Encryption(CAPEC-608)

Cryptographic Issues - Generic(CWE-310)

Cryptographic Operations are run Before Supporting Units are Ready(CWE-1279)

Dangerous Signal Handler not Disabled During Sensitive Operations(CWE-432)

Dangling Database Cursor ('Cursor Injection')(CWE-619)

Data Access from Outside Expected Data Manager Component(CWE-1083)

Data Access Operations Outside of Expected Data Manager Component(CWE-1057)

Data Element Aggregating an Excessively Large Number of Non-Primitive Elements(CWE-

1043)

Data Element containing Pointer Item without Proper Copy Control Element(CWE-1098)

Data Injected During Configuration(CAPEC-536)

Data Interchange Protocol Manipulation(CAPEC-277)

Data Resource Access without Use of Connection Pooling(CWE-1072)

Data Serialization External Entities Blowup(CAPEC-221)

Dead Code(CWE-561)

Deadlock(CWE-833)

Debug Messages Revealing Unnecessary Information(CWE-1295)

Declaration of Catch for Generic Exception(CWE-396)

Declaration of Throws for Generic Exception(CWE-397)

Declaration of Variable with Unnecessarily Wide Scope(CWE-1126)

Deletion of Data Structure Sentinel(CWE-463)

Uncontrolled Resource Consumption(CWE-400)

Dependency on Vulnerable Third-Party Component(CWE-1395)

Deployment of Wrong Handler(CWE-430)

DEPRECATED: Abuse of Transaction Data Structure(CAPEC-257)

DEPRECATED: Apple '.DS_Store'(CWE-71)

DEPRECATED: Authentication Bypass Issues(CWE-592)

DEPRECATED: Bypassing Card or Badge-Based Systems(CAPEC-396)

DEPRECATED: Catching exception throw/signal from privileged block(CAPEC-236)

DEPRECATED: Code Injection(CAPEC-241)

DEPRECATED: Containment Errors (Container Errors)(CWE-216)

DEPRECATED: Covert Timing Channel(CWE-516)

DEPRECATED: Degradation(CAPEC-602)

DEPRECATED: Directory Traversal(CAPEC-213)

DEPRECATED: DTD Injection in a SOAP Message(CAPEC-254)

DEPRECATED: Dump Password Hashes(CAPEC-566)

DEPRECATED: Environment Variable Manipulation(CAPEC-264)

DEPRECATED: Failure to Protect Stored Data from Modification(CWE-217)

DEPRECATED: Failure to provide confidentiality for stored data(CWE-218)

DEPRECATED: Fuzzing for garnering J2EE/.NET-based stack traces, for application

mapping(CAPEC-214)

DEPRECATED: General Information Management Problems(CWE-225)

DEPRECATED: Global variable manipulation(CAPEC-265)

DEPRECATED: HTTP response splitting(CWE-443)

DEPRECATED: ICMP Echo Request Ping(CAPEC-288)

DEPRECATED: ICMP Fingerprinting Probes(CAPEC-316)

DEPRECATED: Implementing a callback to system routine (old AWT Queue)(CAPEC-235)

DEPRECATED: Improper Sanitization of Custom Special Characters(CWE-92)

DEPRECATED: Incorrect Initialization(CWE-458)

DEPRECATED: Incorrect Semantic Object Comparison(CWE-596)

DEPRECATED: Information Exposure Through Cleanup Log Files(CWE-542)

DEPRECATED: Information Exposure Through Debug Log Files(CWE-534)

DEPRECATED: Information Exposure Through Server Log Files(CWE-533)

DEPRECATED: Information Gathering from Non-Traditional Sources(CAPEC-409)

DEPRECATED: Information Gathering from Traditional Sources(CAPEC-408)

DEPRECATED: Infrastructure-based footprinting(CAPEC-289)

DEPRECATED: IP Fingerprinting Probes(CAPEC-314)

DEPRECATED: Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change

application behavior(CAPEC-211)

DEPRECATED: Lifting credential(s)/key material embedded in client distributions

(thick or thin)(CAPEC-205)
DEPRECATED: Linux Terminal Injection(CAPEC-249)

DEPRECATED: Malicious Logic Insertion via Counterfeit Hardware(CAPEC-453)

DEPRECATED: Malicious Logic Insertion via Inclusion of Counterfeit Hardware

Components(CAPEC-455)

DEPRECATED: Malware Propagation via Infected Peripheral Device(CAPEC-451)

DEPRECATED: Malware Propagation via USB Stick(CAPEC-449)

DEPRECATED: Malware Propagation via USB U3 Autorun(CAPEC-450)

DEPRECATED: Manipulate Canonicalization(CAPEC-266)

DEPRECATED: Miscalculated Null Termination(CWE-132)

DEPRECATED: Modification of Existing Components with Counterfeit Hardware(CAPEC-

454)

DEPRECATED: Obtain Data via Utilities(CAPEC-567)

DEPRECATED: Often Misused: Path Manipulation(CWE-249)

DEPRECATED: OS Fingerprinting(CAPEC-311)

DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an

Authorized Client During Dynamic Update(CAPEC-258)

DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an

Authorized Client During Initial Distribution(CAPEC-260)

DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an

Authorized Client During Patching(CAPEC-259)

DEPRECATED: Pretexting(CAPEC-411)

DEPRECATED: Proxied Trusted Channel(CWE-423)

DEPRECATED: Race Condition in Switch(CWE-365)

DEPRECATED: Registry Manipulation(CAPEC-269)

DEPRECATED: Reliance on DNS Lookups in a Security Decision(CWE-247)

DEPRECATED: Removing/short-circuiting 'guard logic'(CAPEC-56)

DEPRECATED: Schedule Software To Run(CAPEC-557)

DEPRECATED: Signature-Based Avoidance(CAPEC-570)

DEPRECATED: SOAP Parameter Tampering(CAPEC-280)

DEPRECATED: Social Information Gathering Attacks(CAPEC-404)

DEPRECATED: Social Information Gathering via Research(CAPEC-405)

DEPRECATED: State Synchronization Error(CWE-373)

DEPRECATED: Subversion of Authorization Checks: Cache Filtering, Programmatic
Security, etc.(CAPEC-239)

DEPRECATED: Target Influence via Micro-Expressions(CAPEC-430)

DEPRECATED: Target Influence via Neuro-Linguistic Programming (NLP)(CAPEC-431)

DEPRECATED: Target Influence via Perception of Concession(CAPEC-419)

DEPRECATED: Target Influence via Voice in NLP(CAPEC-432)

DEPRECATED: TCP/IP Fingerprinting Probes(CAPEC-315)

DEPRECATED: Trusting Self-reported DNS Name(CWE-292)

DEPRECATED: Uncontrolled File Descriptor Consumption(CWE-769)

DEPRECATED: Use of Dynamic Class Loading(CWE-545)

DEPRECATED: Use of Uninitialized Resource(CWE-1187)

DEPRECATED: Using URL/codebase / G.A.C. (code source) to convince sandbox of

privilege(CAPEC-238)

DEPRECATED: Variable Manipulation(CAPEC-171)

DEPRECATED: Violating Implicit Assumptions Regarding XML Content (aka XML Denial of
Service (XDoS))(CAPEC-82)

DEPRECATED: XML Client-Side Attack(CAPEC-484)

DEPRECATED: XML Parser Attack(CAPEC-99)

DEPRECATED: XSS in IMG Tags(CAPEC-91)

DEPRECATED: XSS through Log Files(CAPEC-106)

DEPRECATED: XSS Using Flash(CAPEC-246)

Deserialization of Untrusted Data(CWE-502)

Design Alteration(CAPEC-447)

Design for FPGA Maliciously Altered(CAPEC-674)

Detection of Error Condition Without Action(CWE-390)

Detect Unpublicized Web Pages(CAPEC-143)

Detect Unpublicized Web Services(CAPEC-144)

Developer Signing Maliciously Altered Software(CAPEC-673)

Development Alteration(CAPEC-444)

Device Unlock Credential Sharing(CWE-1273)

DHCP Spoofing(CAPEC-697)
Dictionary-based Password Attack(CAPEC-16)

Directory Indexing(CAPEC-127)

Direct Use of Unsafe JNI(CWE-111)

Disable Security Software(CAPEC-578)

Disabling Network Hardware(CAPEC-583)

Divide By Zero(CWE-369)

DLL Side-Loading(CAPEC-641)

DMA Device Enabled Too Early in Boot Phase(CWE-1190)

DNS Blocking(CAPEC-589)

DNS Cache Poisoning(CAPEC-142)

DNS Domain Seizure(CAPEC-585)

DNS Rebinding(CAPEC-275)

DNS Spoofing(CAPEC-598)

DNS Zone Transfers(CAPEC-291)

Documentation Alteration to Cause Errors in System Design(CAPEC-519)

Documentation Alteration to Circumvent Dial-down(CAPEC-517)

Documentation Alteration to Produce Under-performing Systems(CAPEC-518)

DOM-Based XSS(CAPEC-588)

Double-Checked Locking(CWE-609)

Doubled Character XSS Manipulations(CWE-85)

Double Decoding of the Same Data(CWE-174)

Double Encoding(CAPEC-120)

Double Free(CWE-415)

Download of Code Without Integrity Check(CWE-494)

Drop Encryption Level(CAPEC-620)

DTD Injection(CAPEC-228)

Dumpster Diving(CAPEC-406)

Duplicate Key in Associative List (Alist)(CWE-462)

Dynamic Variable Evaluation(CWE-627)

Eavesdropping(CAPEC-651)

Eavesdropping on a Monitor(CAPEC-699)

EJB Bad Practices: Use of AWT Swing(CWE-575)

EJB Bad Practices: Use of Class Loader(CWE-578)

EJB Bad Practices: Use of Java I/O(CWE-576)

EJB Bad Practices: Use of Sockets(CWE-577)

EJB Bad Practices: Use of Synchronization Primitives(CWE-574)

Electromagnetic Side-Channel Attack(CAPEC-622)

Email Injection(CAPEC-134)

Embedded Malicious Code(CWE-506)

Embedding NULL Bytes(CAPEC-52)

Embedding Scripts within Scripts(CAPEC-19)

Embed Virus into DLL(CAPEC-448)

Empty Code Block(CWE-1071)

Empty Exception Block(CWE-1069)

Empty Password in Configuration File(CWE-258)

Empty Synchronized Block(CWE-585)

Encoding Error(CWE-172)

Encryption Brute Forcing(CAPEC-20)

Enumerate Mail Exchange (MX) Records(CAPEC-290)

Escaping a Sandbox by Calling Code in Another Language(CAPEC-237)

Escaping Virtualization(CAPEC-480)

Establish Rogue Location(CAPEC-616)

Evercookie(CAPEC-464)

Evil Twin Wi-Fi Attack(CAPEC-615)

Excavation(CAPEC-116)

Excessive Allocation(CAPEC-130)

Excessive Attack Surface(CWE-1125)

Excessive Code Complexity(CWE-1120)

Excessive Data Query Operations in a Large Data Table(CWE-1049)

Excessive Execution of Sequential Searches of Data Resource(CWE-1067)

Excessive Halstead Complexity(CWE-1122)

Excessive Index Range Scan for a Data Resource(CWE-1094)

Excessive Iteration(CWE-834)

Excessively Complex Data Representation(CWE-1093)

Excessively Deep Nesting(CWE-1124)

Excessive McCabe Cyclomatic Complexity(CWE-1121)

Excessive Number of Inefficient Server-Side Data Accesses(CWE-1060)

Excessive Platform Resource Consumption within a Loop(CWE-1050)

Excessive Reliance on Global Variables(CWE-1108)

Excessive Use of Hard-Coded Literals in Initialization(CWE-1052)

Excessive Use of Self-Modifying Code(CWE-1123)

Excessive Use of Unconditional Branching(CWE-1119)

Executable Regular Expression Error(CWE-624)

Execution After Redirect (EAR)(CWE-698)

Execution with Unnecessary Privileges(CWE-250)

Expanding Control over the Operating System from the Database(CAPEC-470)

Expected Behavior Violation(CWE-440)

Expired Pointer Dereference(CWE-825)

Explicit Call to Finalize()(CWE-586)

Exploitation of Firmware or ROM Code with Unpatchable Vulnerabilities(CAPEC-682)

Exploitation of Improperly Configured or Implemented Memory Protections(CAPEC-679)

Exploitation of Improperly Controlled Hardware Security Identifiers(CAPEC-681)

Exploitation of Improperly Controlled Registers(CAPEC-680)

Exploitation of Thunderbolt Protection Flaws(CAPEC-665)

Exploitation of Transient Instruction Execution(CAPEC-663)

Exploitation of Trusted Identifiers(CAPEC-21)

Exploiting Incorrect Chaining or Granularity of Hardware Debug Components(CAPEC-

702)

Exploiting Incorrectly Configured Access Control Security Levels(CAPEC-180)

Exploiting Incorrectly Configured SSL/TLS(CAPEC-217)

Exploiting Multiple Input Interpretation Layers(CAPEC-43)

Exploiting Trust in Client(CAPEC-22)

Exploit Non-Production Interfaces(CAPEC-121)

Exploit Script-Based APIs(CAPEC-160)

Explore for Predictable Temporary File Names(CAPEC-149)

Exponential Data Expansion(CAPEC-197)

Exposed Dangerous Method or Function(CWE-749)

Exposed IOCTL with Insufficient Access Control(CWE-782)

Exposed Unsafe ActiveX Method(CWE-618)

Exposure of Access Control List Files to an Unauthorized Control Sphere(CWE-529)

Exposure of Backup File to an Unauthorized Control Sphere(CWE-530)

Exposure of Core Dump File to an Unauthorized Control Sphere(CWE-528)

Exposure of Data Element to Wrong Session(CWE-488)

Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')

(CWE-403)

Exposure of Information Through Shell Error Message(CWE-535)

Exposure of Resource to Wrong Sphere(CWE-668)

Exposure of Sensitive Information Due to Incompatible Policies(CWE-213)

Exposure of Sensitive Information Through Data Queries(CWE-202)

Exposure of Sensitive Information Through Environmental Variables(CWE-526)

Exposure of Sensitive Information Through Metadata(CWE-1230)

Exposure of Sensitive System Information Due to Uncleared Debug Information(CWE-

1258)

Exposure of Sensitive System Information to an Unauthorized Control Sphere(CWE-497)

Exposure of Version-Control Repository to an Unauthorized Control Sphere(CWE-527)

Exposure of WSDL File Containing Sensitive Information(CWE-651)

Expression is Always False(CWE-570)

Expression is Always True(CWE-571)

External Control of Assumed-Immutable Web Parameter(CWE-472)

External Control of Critical State Data(CWE-642)

External Control of File Name or Path(CWE-73)

External Control of System or Configuration Setting(CWE-15)

External Influence of Sphere Definition(CWE-673)

External Initialization of Trusted Variables or Data Stores(CWE-454)

Externally Controlled Reference to a Resource in Another Sphere(CWE-610)

Externally-Generated Error Message Containing Sensitive Information(CWE-211)

Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and

Unprotected Ranges(CWE-1316)

Failure to Disable Reserved Bits(CWE-1209)

Failure to Handle Incomplete Element(CWE-239)

Failure to Handle Missing Parameter(CWE-234)

Failure to Sanitize Paired Delimiters(CWE-157)

Failure to Sanitize Special Elements into a Different Plane (Special Element

Injection)(CWE-75)

Fake the Source of Data(CAPEC-194)

File and Directory Information Exposure(CWE-538)

File Content Injection(CAPEC-23)

File Discovery(CAPEC-497)

File Manipulation(CAPEC-165)

Files or Directories Accessible to External Parties(CWE-552)

Filter Failure through Buffer Overflow(CAPEC-24)

finalize() Method Declared Public(CWE-583)

finalize() Method Without super.finalize()(CWE-568)

Fingerprinting(CAPEC-224)

Firmware Not Updateable(CWE-1277)

Flash File Overlay(CAPEC-181)

Flash Injection(CAPEC-182)

Flash Memory Attacks(CAPEC-458)

Flash Parameter Injection(CAPEC-174)

Floating Point Comparison with Incorrect Operator(CWE-1077)

Flooding(CAPEC-125)

Footprinting(CAPEC-169)

Forced Browsing(CWE-425)

Forced Deadlock(CAPEC-25)

Forced Integer Overflow(CAPEC-92)

Forceful Browsing(CAPEC-87)

Force the System to Reset Values(CAPEC-166)

Force Use of Corrupted Files(CAPEC-263)

Format String Injection(CAPEC-135)

Free of Memory not on the Heap(CWE-590)

Free of Pointer not at Start of Buffer(CWE-761)

Functionality Bypass(CAPEC-554)

Functionality Misuse(CAPEC-212)

Function Call With Incorrect Argument Type(CWE-686)

Function Call with Incorrectly Specified Arguments(CWE-628)

Function Call With Incorrectly Specified Argument Value(CWE-687)

Function Call With Incorrect Number of Arguments(CWE-685)

Function Call With Incorrect Order of Arguments(CWE-683)

Function Call With Incorrect Variable or Reference as Argument(CWE-688)

Fuzzing(CAPEC-28)

Fuzzing for application mapping(CAPEC-215)

Fuzzing for garnering other adjacent user/sensitive data(CAPEC-261)

Generation of Incorrect Security Tokens(CWE-1270)

Generation of Predictable IV with CBC Mode(CWE-329)

Generation of Predictable Numbers or Identifiers(CWE-340)

Generation of Weak Initialization Vector (IV)(CWE-1204)

Generic Cross-Browser Cross-Domain Theft(CAPEC-468)

Group Permission Footprinting(CAPEC-576)

Guessable CAPTCHA(CWE-804)
Hardware Allows Activation of Test or Debug Logic at Runtime(CWE-1313)

Hardware Child Block Incorrectly Connected to Parent System(CWE-1276)

Hardware Component Substitution(CAPEC-531)

Hardware Component Substitution During Baselining(CAPEC-516)

Hardware Design Specifications Are Altered(CAPEC-521)

Hardware Fault Injection(CAPEC-624)

Hardware Integrity Attack(CAPEC-440)

Hardware Internal or Debug Modes Allow Override of Locks(CWE-1234)

Hardware Logic Contains Race Conditions(CWE-1298)

Hardware Logic with Insecure De-Synchronization between Control and Data

Channels(CWE-1264)

Harvesting Information via API Event Monitoring(CAPEC-383)

Heap Overflow(CWE-122)

Hidden Functionality(CWE-912)

Hiding Malicious Data or Code within Files(CAPEC-636)

Hijacking a privileged process(CAPEC-234)

Hijacking a Privileged Thread of Execution(CAPEC-30)

Homograph Attack via Homoglyphs(CAPEC-632)

Host Discovery(CAPEC-292)

HTTP DoS(CAPEC-469)

HTTP Flood(CAPEC-488)

HTTP Parameter Pollution (HPP)(CAPEC-460)

HTTP Request Smuggling(CWE-444)

HTTP Request Smuggling(CAPEC-33)

HTTP Request Splitting(CAPEC-105)

HTTP Response Smuggling(CAPEC-273)

HTTP Response Splitting(CWE-113)

HTTP Response Splitting(CAPEC-34)

HTTP Verb Tampering(CAPEC-274)

ICMP Address Mask Request(CAPEC-294)

ICMP Echo Request Ping(CAPEC-285)

ICMP Error Message Echoing Integrity Probe(CAPEC-330)

ICMP Error Message Quoting Probe(CAPEC-329)

ICMP Flood(CAPEC-487)

ICMP Fragmentation(CAPEC-496)

ICMP Information Request(CAPEC-296)

ICMP IP 'ID' Field Error Message Probe(CAPEC-332)

ICMP IP Total Length Field Probe(CAPEC-331)

Identify Shared Files/Directories on System(CAPEC-643)

Identity Spoofing(CAPEC-151)

iFrame Overlay(CAPEC-222)

IMAP/SMTP Command Injection(CAPEC-183)

Improper Access Control Applied to Mirrored or Aliased Memory Regions(CWE-1257)

Improper Access Control for Register Interface(CWE-1262)

Improper Access Control for Volatile Memory Containing Boot Code(CWE-1274)

Improper Access Control - Generic(CWE-284)

Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code(CWE-781)

Improper Adherence to Coding Standards(CWE-710)

Improper Authentication - Generic(CWE-287)

Improper Authorization(CWE-285)

Improper Authorization in Handler for Custom URL Scheme(CWE-939)

Improper Authorization of Index Containing Sensitive Information(CWE-612)

Improper Certificate Validation(CWE-295)

Improper Check for Certificate Revocation(CWE-299)

Improper Check for Dropped Privileges(CWE-273)

Improper Check for Unusual or Exceptional Conditions(CWE-754)

Improper Check or Handling of Exceptional Conditions(CWE-703)

Improper Cleanup on Thrown Exception(CWE-460)

Improper Clearing of Heap Memory Before Release ('Heap Inspection')(CWE-244)

Improper Control of a Resource Through its Lifetime(CWE-664)

Improper Control of Document Type Definition(CWE-827)

Improper Control of Dynamically-Identified Variables(CWE-914)

Improper Control of Dynamically-Managed Code Resources(CWE-913)

Improper Control of Interaction Frequency(CWE-799)

Improper Encoding or Escaping of Output(CWE-116)

Improper Enforcement of a Single, Unique Action(CWE-837)

Improper Enforcement of Behavioral Workflow(CWE-841)

Improper Enforcement of Message Integrity During Transmission in a Communication

Channel(CWE-924)

Improper Export of Android Application Components(CWE-926)

Improper Filtering of Special Elements(CWE-790)

Improper Finite State Machines (FSMs) in Hardware Logic(CWE-1245)

Improper Following of a Certificate's Chain of Trust(CWE-296)

Improper Following of Specification by Caller(CWE-573)

Improper Handling of Additional Special Element(CWE-167)

Improper Handling of Alternate Encoding(CWE-173)

Improper Handling of Apple HFS+ Alternate Data Stream Path(CWE-72)

Improper Handling of Case Sensitivity(CWE-178)

Improper Handling of Exceptional Conditions(CWE-755)

Improper Handling of Extra Parameters(CWE-235)

Improper Handling of Extra Values(CWE-231)

Improper Handling of Faults that Lead to Instruction Skips(CWE-1332)

Improper Handling of File Names that Identify Virtual Resources(CWE-66)

Improper Handling of Hardware Behavior in Exceptionally Cold Environments(CWE-1351)

Improper Handling of Highly Compressed Data (Data Amplification)(CWE-409)

Improper Handling of Incomplete Structural Elements(CWE-238)

Improper Handling of Inconsistent Special Elements(CWE-168)

Improper Handling of Inconsistent Structural Elements(CWE-240)

Improper Handling of Insufficient Entropy in TRNG(CWE-333)

Improper Handling of Insufficient Permissions or Privileges(CWE-280)

Improper Handling of Insufficient Privileges(CWE-274)

Improper Handling of Invalid Use of Special Elements(CWE-159)

Improper Handling of Length Parameter Inconsistency(CWE-130)

Improper Handling of Missing Special Element(CWE-166)