CWE Archives - Page 23 of 96 - Cyber Security News

CWE-481 – Assigning instead of Comparing

Description The code uses an operator for assignment when the intention was to perform a comparison. In many languages the compare statement is very close...

rocco

May 26, 2022May 26, 2022

CWE

CWE-482 – Comparing instead of Assigning

Description The code uses an operator for comparison when the intention was to perform an assignment. In many languages, the compare statement is very close...

rocco

May 26, 2022May 26, 2022

CWE

CWE-443 – DEPRECATED: HTTP response splitting

Description This weakness can be found at CWE-113. Modes of Introduction: Related Weaknesses Consequences Potential Mitigations CVE References

rocco

May 26, 2022

CWE

CWE-444 – Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)

Description When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server,...

rocco

May 26, 2022May 26, 2022

CWE

CWE-446 – UI Discrepancy for Security Feature

Description The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that...

rocco

May 26, 2022May 26, 2022

CWE

CWE-447 – Unimplemented or Unsupported Feature in UI

Description A UI function for a security feature appears to be supported and gives feedback to the user that suggests that it is supported, but...

rocco

May 26, 2022May 26, 2022

CWE

CWE-448 – Obsolete Feature in UI

Description A UI function is obsolete and the product does not warn the user. Modes of Introduction: - Implementation Related Weaknesses CWE-446 ...

rocco

May 26, 2022May 26, 2022

CWE

CWE-449 – The UI Performs the Wrong Action

Description The UI performs the wrong action with respect to the user's request. Modes of Introduction: - Implementation Related Weaknesses CWE-446 Consequences...

rocco

May 26, 2022May 26, 2022

CWE

CWE-45 – Path Equivalence: ‘file…name’ (Multiple Internal Dot)

Description A software system that accepts path input in the form of multiple internal dot ('file...dir') without appropriate validation can lead to ambiguous path resolution...

rocco

May 26, 2022May 26, 2022

CWE

CWE-450 – Multiple Interpretations of UI Input

Description The UI has multiple interpretations of user input but does not prompt the user when it selects the less secure interpretation. Modes of Introduction:...

rocco

May 26, 2022May 26, 2022

Sitting Ducks DNS Attacks Put Global Domains at Risk

Microsoft Power Pages Misconfiguration Leads to Data Exposure

ShrinkLocker ransomware: what you need to know

Massive Telecom Hack Exposes US Officials to Chinese Espionage

IT specialist Jack Teixeira jailed for 15 years after leaking classified military documents on Discord

New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones

API Security in Peril as 83% of Firms Suffer Incidents

Bank of England U-turns on Vulnerability Disclosure Rules

LevelBlue Cybersecurity Awareness Month Recap

Category: CWE

CWE-481 – Assigning instead of Comparing

CWE-482 – Comparing instead of Assigning

CWE-443 – DEPRECATED: HTTP response splitting

CWE-444 – Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)

CWE-446 – UI Discrepancy for Security Feature

CWE-447 – Unimplemented or Unsupported Feature in UI

CWE-448 – Obsolete Feature in UI

CWE-449 – The UI Performs the Wrong Action

CWE-45 – Path Equivalence: ‘file…name’ (Multiple Internal Dot)

CWE-450 – Multiple Interpretations of UI Input