Top 25 der gefährlichsten Software-Schwachstellen 2022: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 17: | Zeile 17: | ||
| 2 | | 2 | ||
| CWE-79 | | CWE-79 | ||
| − | | Improper Neutralization of Input During Web Page Generation ( | + | | Improper Neutralization of Input During Web Page Generation ([[Cross-Site-Scripting]]) |
|- | |- | ||
| 3 | | 3 | ||
| CWE-89 | | CWE-89 | ||
| − | | Improper Neutralization of Special Elements used in an SQL Command ( | + | | Improper Neutralization of Special Elements used in an SQL Command ([[SQL Injection]]) |
|- | |- | ||
| 4 | | 4 | ||
| CWE-20 | | CWE-20 | ||
| − | | Improper Input Validation ( | + | | Improper Input Validation ([[Command Execution]]) |
|- | |- | ||
| 5 | | 5 | ||
| Zeile 49: | Zeile 49: | ||
| 10 | | 10 | ||
| CWE-434 | | CWE-434 | ||
| − | | Unrestricted Upload of File with Dangerous Type | + | | Unrestricted Upload of File with Dangerous Type ([[File Inclusion]]) |
|- | |- | ||
| 11 | | 11 | ||
Version vom 9. Oktober 2022, 09:09 Uhr
Basisc
- Das Common Weakness Enumeration-Projekt hat die Liste für das Jahr 2022 der 25 gefährlichsten Softwareschwachstellen zusammengestellt.
- Die Liste soll die derzeit am meisten vorkommenden Lücken mit den gravierendsten Auswirkungen aufführen.
- Sie soll helfen Risiken einzudämmen.
- Sie wendet sich an Softwarearchitekte, Designer, Entwickler, Tester, Nutzer, Projektmanager, Sicherheitsforscher, Ausbilder.
Schwachstellen
| Platz | ID | Beschreibung |
|---|---|---|
| 1 | CWE-787 | Out-of-bounds Write |
| 2 | CWE-79 | Improper Neutralization of Input During Web Page Generation (Cross-Site-Scripting) |
| 3 | CWE-89 | Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) |
| 4 | CWE-20 | Improper Input Validation (Command Execution) |
| 5 | CWE-125 | Out-of-bounds Read |
| 6 | CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| 7 | CWE-416 | Use After Free |
| 8 | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| 9 | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 10 | CWE-434 | Unrestricted Upload of File with Dangerous Type (File Inclusion) |
| 11 | CWE-476 | NULL Pointer Dereference |
| 12 | CWE-502 | Deserialization of Untrusted Data |
| 13 | CWE-190 | Integer Overflow or Wraparound |
| 14 | CWE-287 | Improper Authentication |
| 15 | CWE-798 | Use of Hard-coded Credentials |
| 16 | CWE-862 | Missing Authorization |
| 17 | CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| 18 | CWE-306 | Missing Authentication for Critical Function |
| 19 | CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| 20 | CWE-276 | Incorrect Default Permissions |
| 21 | CWE-918 | Server-Side Request Forgery (SSRF) |
| 22 | CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
| 23 | CWE-400 | Uncontrolled Resource Consumption |
| 24 | CWE-611 | Improper Restriction of XML External Entity Reference |
| 25 | CWE-94 | Improper Control of Generation of Code ('Code Injection') |