CWE-231 – Improper Handling of Extra Values
Description The software does not handle or incorrectly handles when more values are provided than expected. Modes of Introduction: - Implementation Related Weaknesses...
CWE-230 – Improper Handling of Missing Values
Description The software does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e....
CWE-23 – Relative Path Traversal
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such...
CWE-229 – Improper Handling of Values
Description The software does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if...
CWE-228 – Improper Handling of Syntactically Invalid Structure
Description The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification. Modes of Introduction: -...
CWE-226 – Sensitive Information in Resource Not Removed Before Reuse
Description The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not...
CWE-225 – DEPRECATED: General Information Management Problems
Description This weakness can be found at CWE-199. Modes of Introduction: Related Weaknesses Consequences Potential Mitigations CVE References
CWE-224 – Obscured Security-relevant Information by Alternate Name
Description The software records security-relevant information according to an alternate name of the affected entity, instead of the canonical name. Modes of Introduction: - Architecture...
CWE-223 – Omission of Security-relevant Information
Description The application does not record or display information that would be important for identifying the source or nature of an attack, or determining if...
CWE-222 – Truncation of Security-relevant Information
Description The application truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack....