• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2019
  • September
  • 18
  • CWE Top 25 (2019) – List of Top 25 Most Dangerous Software Weakness that Developers Need to Focus

CWE Top 25 (2019) – List of Top 25 Most Dangerous Software Weakness that Developers Need to Focus

September 18, 2019 Comments Off on CWE Top 25 (2019) – List of Top 25 Most Dangerous Software Weakness that Developers Need to Focus
cwe vulns mitre top vulns top cwe vulnerabilities

MITRE has released a list of Top 25 Most Dangerous Software Errors (CWE Top 25) that are widely spread and leads to serious vulnerabilities. The list was generated based on the vulnerabilities published within the National Vulnerability Database.

These vulnerabilities are easily exploitable and allow an attacker to get complete control over the system. Attackers can steal sensitive data, crash the application, cause a DOS condition.

The CWE Top 25 list will be a useful resource for software developers, software testers, software customers, software project managers, security researchers, and educators to gain insights of the common security threats in Industry, MITRE said.

MITRE says that the list was generated based on the data-driven approach based on the CVE published NVD, as well as the CVSS scores associated with it.

“A scoring formula was then applied to determine the level of prevalence and danger each weakness presents. This data-driven approach can be used as a repeatable, scripted process to generate a CWE Top 25 list regularly with minimal effort,” MITRE says.

Also read: Simjacker Vulnerability – Attackers take Control Over Mobile Phones via an SMS Message

2019 list is the latest release since 2011 CWE/SANS Top 25, “the 2011 CWE/SANS Top 25 was constructed using surveys and personal interviews with developers, top security analysts, researchers, and vendors, but the 2019 list was based on real-world vulnerabilities.” MITRE said.

CWE Top 25 List

MITRE provided a list of vulnerabilities with overall CVSS score and description for each of them with examples.

Rank ID Name Score
[1] CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer 75.56
[2] CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 45.69
[3] CWE-20 Improper Input Validation 43.61
[4] CWE-200 Information Exposure 32.12
[5] CWE-125 Out-of-bounds Read 26.53
[6] CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 24.54
[7] CWE-416 Use After Free 17.94
[8] CWE-190 Integer Overflow or Wraparound 17.35
[9] CWE-352 Cross-Site Request Forgery (CSRF) 15.54
[10] CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 14.10
[11] CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) 11.47
[12] CWE-787 Out-of-bounds Write 11.08
[13] CWE-287 Improper Authentication 10.78
[14] CWE-476 NULL Pointer Dereference 9.74
[15] CWE-732 Incorrect Permission Assignment for Critical Resource 6.33
[16] CWE-434 Unrestricted Upload of File with Dangerous Type 5.50
[17] CWE-611 Improper Restriction of XML External Entity Reference 5.48
[18] CWE-94 Improper Control of Generation of Code (‘Code Injection’) 5.36
[19] CWE-798 Use of Hard-coded Credentials 5.12
[20] CWE-400 Uncontrolled Resource Consumption 5.04
[21] CWE-772 Missing Release of Resource after Effective Lifetime 5.04
[22] CWE-426 Untrusted Search Path 4.40
[23] CWE-502 Deserialization of Untrusted Data 4.30
[24] CWE-269 Improper Privilege Management 4.23
[25] CWE-295 Improper Certificate Validation 4.06

The CWE’s calculated by MITRE, based on a scoring formula, the vulnerabilities that are common and cause high impact will receive a high score.

Post navigation

Aura Botnet – A Portable Botnet Framework with a Django-based C2 server
U.S Files Lawsuit Against Edward Snowden for Publishing his Book

Related Articles

CVE-2021-21972

CVE-2021-21972, CVE-2021-21974: VMware vCenter Server and ESXI Vulnerabilities Alert

- News
February 24, 2021
Australian Man Sentenced for Selling Ecstasy on the Darkweb

Australian Man Sentenced for Selling Ecstasy on the Darkweb

- Dark Web News
February 23, 2021
Brave Browser Leaked DNS Queries for Onion Services

Brave Browser Leaked DNS Queries for Onion Services

- Dark Web News
February 21, 2021
hacker gadgets
hacker phone covers

Recent Posts

BugBountyScanner - A Bash Script And Docker Image For Bug Bounty Reconnaissance

BugBountyScanner – A Bash Script And Docker Image For Bug Bounty Reconnaissance

February 24, 2021
CVE-2021-21972

CVE-2021-21972, CVE-2021-21974: VMware vCenter Server and ESXI Vulnerabilities Alert

February 24, 2021
onionshare v2.3.1 releases: Securely and anonymously share file

onionshare v2.3.1 releases: Securely and anonymously share file

February 24, 2021
conjur

conjur v1.11.3 releases: secures secrets used by privileged users and machine identities

February 24, 2021
HaE: BurpSuite Highlighter and Extractor

HaE – BurpSuite Highlighter And Extractor

February 23, 2021
Australian Man Sentenced for Selling Ecstasy on the Darkweb

Australian Man Sentenced for Selling Ecstasy on the Darkweb

February 23, 2021

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs
ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook
Twitter
Google-plus
Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW