CWE-1416: Comprehensive Categorization: Resource Lifecycle Management
ID
CWE-1416
Status
Incomplete
Weaknesses in this category are related to resource lifecycle management.
Relationships
| View | Weakness | ||||||
|---|---|---|---|---|---|---|---|
| # ID | Name | # ID | Name | Abstraction | Structure | Status | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-98 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-118 | Incorrect Access of Indexable Resource ('Range Error') | Class | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-178 | Improper Handling of Case Sensitivity | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-192 | Integer Coercion Error | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-194 | Unexpected Sign Extension | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-195 | Signed to Unsigned Conversion Error | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-196 | Unsigned to Signed Conversion Error | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-197 | Numeric Truncation Error | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-212 | Improper Removal of Sensitive Information Before Storage or Transfer | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-221 | Information Loss or Omission | Class | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-226 | Sensitive Information in Resource Not Removed Before Reuse | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-243 | Creation of chroot Jail Without Changing Working Directory | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-372 | Incomplete Internal State Distinction | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-386 | Symbolic Name not Mapping to Correct Object | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-400 | Uncontrolled Resource Consumption | Class | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-404 | Improper Resource Shutdown or Release | Class | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-405 | Asymmetric Resource Consumption (Amplification) | Class | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-406 | Insufficient Control of Network Message Volume (Network Amplification) | Class | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-407 | Inefficient Algorithmic Complexity | Class | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-409 | Improper Handling of Highly Compressed Data (Data Amplification) | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-410 | Insufficient Resource Pool | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-434 | Unrestricted Upload of File with Dangerous Type | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-453 | Insecure Default Variable Initialization | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-454 | External Initialization of Trusted Variables or Data Stores | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-456 | Missing Initialization of a Variable | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-457 | Use of Uninitialized Variable | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-459 | Incomplete Cleanup | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-460 | Improper Cleanup on Thrown Exception | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-471 | Modification of Assumed-Immutable Data (MAID) | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-487 | Reliance on Package-level Scope | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-495 | Private Data Structure Returned From A Public Method | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-496 | Public Data Assigned to Private Array-Typed Field | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-501 | Trust Boundary Violation | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-568 | finalize() Method Without super.finalize() | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-580 | clone() Method Without super.clone() | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-588 | Attempt to Access Child of a Non-structure Pointer | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-607 | Public Static Final Field References Mutable Object | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-610 | Externally Controlled Reference to a Resource in Another Sphere | Class | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-618 | Exposed Unsafe ActiveX Method | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-662 | Improper Synchronization | Class | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-664 | Improper Control of a Resource Through its Lifetime | Pillar | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-665 | Improper Initialization | Class | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-666 | Operation on Resource in Wrong Phase of Lifetime | Class | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-669 | Incorrect Resource Transfer Between Spheres | Class | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-673 | External Influence of Sphere Definition | Class | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-681 | Incorrect Conversion between Numeric Types | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-704 | Incorrect Type Conversion or Cast | Class | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-706 | Use of Incorrectly-Resolved Name or Reference | Class | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-749 | Exposed Dangerous Method or Function | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-770 | Allocation of Resources Without Limits or Throttling | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-771 | Missing Reference to Active Allocated Resource | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-772 | Missing Release of Resource after Effective Lifetime | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-773 | Missing Reference to Active File Descriptor or Handle | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-774 | Allocation of File Descriptors or Handles Without Limits or Throttling | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-775 | Missing Release of File Descriptor or Handle after Effective Lifetime | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-776 | Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-779 | Logging of Excessive Data | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-782 | Exposed IOCTL with Insufficient Access Control | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-827 | Improper Control of Document Type Definition | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-829 | Inclusion of Functionality from Untrusted Control Sphere | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-830 | Inclusion of Web Functionality from an Untrusted Source | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-843 | Access of Resource Using Incompatible Type ('Type Confusion') | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-908 | Use of Uninitialized Resource | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-909 | Missing Initialization of Resource | Class | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-911 | Improper Update of Reference Count | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-913 | Improper Control of Dynamically-Managed Code Resources | Class | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-920 | Improper Restriction of Power Consumption | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-922 | Insecure Storage of Sensitive Information | Class | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1042 | Static Member Data Element outside of a Singleton Class Element | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1046 | Creation of Immutable Text Using String Concatenation | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1049 | Excessive Data Query Operations in a Large Data Table | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1050 | Excessive Platform Resource Consumption within a Loop | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1051 | Initialization with Hard-Coded Network Resource Configuration Data | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1052 | Excessive Use of Hard-Coded Literals in Initialization | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1063 | Creation of Class Instance within a Static Code Block | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1067 | Excessive Execution of Sequential Searches of Data Resource | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1072 | Data Resource Access without Use of Connection Pooling | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1073 | Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1084 | Invokable Control Element with Excessive File or Data Access Operations | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1089 | Large Data Table with Excessive Number of Indices | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1091 | Use of Object without Invoking Destructor Method | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1094 | Excessive Index Range Scan for a Data Resource | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1176 | Inefficient CPU Computation | Class | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1188 | Initialization of a Resource with an Insecure Default | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1221 | Incorrect Register Defaults or Module Parameters | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1229 | Creation of Emergent Resource | Class | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1235 | Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1239 | Improper Zeroization of Hardware Register | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1246 | Improper Write Handling in Limited-write Non-Volatile Memories | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1250 | Improper Preservation of Consistency Between Independent Representations of Shared State | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1258 | Exposure of Sensitive System Information Due to Uncleared Debug Information | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1266 | Improper Scrubbing of Sensitive Data from Decommissioned Device | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1271 | Uninitialized Value on Reset for Registers Holding Security Settings | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1272 | Sensitive Information Uncleared Before Debug/Power State Transition | Base | Simple | Stable | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1279 | Cryptographic Operations are run Before Supporting Units are Ready | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1301 | Insufficient or Incomplete Data Removal within Hardware Component | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1325 | Improperly Controlled Sequential Memory Allocation | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1330 | Remanent Data Readable after Memory Erase | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1333 | Inefficient Regular Expression Complexity | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1342 | Information Exposure through Microarchitectural State after Transient Execution | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1386 | Insecure Operation on Windows Junction / Mount Point | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1389 | Incorrect Parsing of Numbers with Different Radices | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1419 | Incorrect Initialization of Resource | Class | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1420 | Exposure of Sensitive Information during Transient Execution | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1421 | Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1422 | Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1423 | Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution | Base | Simple | Incomplete | |
Loading...