CWE-201 – Insertion of Sensitive Information Into Sent Data
Description The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor....
CWE-200 – Exposure of Sensitive Information to an Unauthorized Actor
Description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Modes of Introduction: - Architecture...
CWE-20 – Improper Input Validation
Description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to...
CWE-198 – Use of Incorrect Byte Ordering
Description The software receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input,...
CWE-197 – Numeric Truncation Error
Description Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. When a...
CWE-196 – Unsigned to Signed Conversion Error
Description The software uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of...
CWE-195 – Signed to Unsigned Conversion Error
Description The software uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of...
CWE-194 – Unexpected Sign Extension
Description The software performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type....
CWE-193 – Off-by-one Error
Description A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value. Modes of...
CWE-192 – Integer Coercion Error
Description Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types. Several flaws fall under...
