https://wiki.ixheim.de/index.php?action=history&feed=atom&title=CWEs 2026-05-15T06:42:41Z Versionsgeschichte dieser Seite in Xinux Wiki MediaWiki 1.35.1 https://wiki.ixheim.de/index.php?title=CWEs&diff=37767&oldid=prev 2022-11-06T18:15:02Z

<p>Die Seite wurde neu angelegt: „*<a href="/index.php/Die_Common_Weakness_Enumeration_(CWE)" title="Die Common Weakness Enumeration (CWE)">Die Common Weakness Enumeration (CWE)</a> =Basics= *Das Common Weakness Enumeration-Projekt hat die Liste für das Jahr 2022 der 25 gefährlichsten Softwares…“</p> <p><b>Neue Seite</b></p><div>*[[Die Common Weakness Enumeration (CWE)]]<br /> <br /> =Basics=<br /> *Das Common Weakness Enumeration-Projekt hat die Liste für das Jahr 2022 der 25 gefährlichsten Softwareschwachstellen zusammengestellt.<br /> *Die Liste soll die derzeit am meisten vorkommenden Lücken mit den gravierendsten Auswirkungen aufführen. <br /> *Sie soll helfen Risiken einzudämmen. <br /> *Sie wendet sich an Softwarearchitekte, Designer, Entwickler, Tester, Nutzer, Projektmanager, Sicherheitsforscher, Ausbilder.<br /> =Schwachstellen=<br /> {| class=&quot;wikitable&quot;<br /> |-<br /> ! Platz<br /> ! ID<br /> ! Beschreibung<br /> |-<br /> | 1<br /> | [https://cwe.mitre.org/data/definitions/787.html CWE-787]<br /> | [[Out-of-bounds Write]] ([[Buffer-Overflow]])<br /> |-<br /> | 2<br /> | [https://cwe.mitre.org/data/definitions/79.html CWE-79]<br /> | Improper Neutralization of Input During Web Page Generation ([[Cross-Site-Scripting]])<br /> |-<br /> | 3<br /> | [https://cwe.mitre.org/data/definitions/89.html CWE-89]<br /> | Improper Neutralization of Special Elements used in an SQL Command ([[SQL Injection]])<br /> |-<br /> | 4<br /> | [https://cwe.mitre.org/data/definitions/20.html CWE-20]<br /> | Improper Input Validation ([[Command Execution]])<br /> |-<br /> | 5<br /> | [https://cwe.mitre.org/data/definitions/125.html CWE-125]<br /> | [[Out-of-bounds Read]]<br /> |-<br /> | 6<br /> | [https://cwe.mitre.org/data/definitions/78.html CWE-78]<br /> | Improper Neutralization of Special Elements used in an OS Command ('OS [[Command Execution]]')<br /> |-<br /> | 7<br /> | [https://cwe.mitre.org/data/definitions/416.html CWE-416]<br /> | Use After Free<br /> |-<br /> | 8<br /> | [https://cwe.mitre.org/data/definitions/22.html CWE-22]<br /> | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')<br /> |-<br /> | 9<br /> | [https://cwe.mitre.org/data/definitions/352.html CWE-352]<br /> | Cross-Site Request Forgery (CSRF)<br /> |-<br /> | 10<br /> | [https://cwe.mitre.org/data/definitions/434.html CWE-434]<br /> | Unrestricted Upload of File with Dangerous Type ([[File Inclusion]])<br /> |-<br /> | 11<br /> | [https://cwe.mitre.org/data/definitions/476.html CWE-476]<br /> | [[NULL Pointer Dereference]]<br /> |-<br /> | 12<br /> | [https://cwe.mitre.org/data/definitions/502.html CWE-502]<br /> | Deserialization of Untrusted Data<br /> |-<br /> | 13<br /> | [https://cwe.mitre.org/data/definitions/190.html CWE-190]<br /> | Integer Overflow or Wraparound<br /> |-<br /> | 14<br /> | [https://cwe.mitre.org/data/definitions/287.html CWE-287]<br /> | [[Improper Authentication]]<br /> |-<br /> | 15<br /> | [https://cwe.mitre.org/data/definitions/798.html CWE-798]<br /> | Use of Hard-coded Credentials<br /> |-<br /> | 16<br /> | [https://cwe.mitre.org/data/definitions/862.html CWE-862]<br /> | [[Missing Authorization]]<br /> |-<br /> | 17<br /> | [https://cwe.mitre.org/data/definitions/77.html CWE-77]<br /> | Improper Neutralization of Special Elements used in a Command ('Command Injection')<br /> |-<br /> | 18<br /> | [https://cwe.mitre.org/data/definitions/306.html CWE-306]<br /> | Missing Authentication for Critical Function<br /> |-<br /> | 19<br /> | [https://cwe.mitre.org/data/definitions/119.html CWE-119]<br /> | Improper Restriction of Operations within the Bounds of a Memory Buffer<br /> |-<br /> | 20<br /> | [https://cwe.mitre.org/data/definitions/276.html CWE-276]<br /> | Incorrect Default Permissions<br /> |-<br /> | 21<br /> | [https://cwe.mitre.org/data/definitions/918.html CWE-918]<br /> | Server-Side Request Forgery (SSRF)<br /> |-<br /> | 22<br /> | [https://cwe.mitre.org/data/definitions/362.html CWE-362]<br /> | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')<br /> |-<br /> | 23<br /> | [https://cwe.mitre.org/data/definitions/400.html CWE-400]<br /> | Uncontrolled Resource Consumption<br /> |-<br /> | 24<br /> | [https://cwe.mitre.org/data/definitions/611.html CWE-611]<br /> | Improper Restriction of XML External Entity Reference<br /> |-<br /> | 25<br /> | [https://cwe.mitre.org/data/definitions/94.html CWE-94]<br /> | Improper Control of Generation of Code ('Code Injection')<br /> |}<br /> <br /> =Quellen=<br /> *https://cwe.mitre.org/index.html<br /> *https://www.heise.de/news/Top-25-der-gefaehrlichsten-Software-Schwachstellen-2022-7158261.html</div>

Thomas.will