CWE-990 focuses on detecting Software Fault Patterns (SFPs) related to the Tainted Input to Command cluster. Explore different weaknesses like 'Injection', 'Command Injection', 'OS Command Injection', 'Cross-site Scripting', and more.

CWE-896: Tainted Input Cluster and Software Fault Patterns

CWE-74: Injection

CWE-75: Injection

CWE-76: SFP Secondary Cluster - Tainted Input to Command

CWE-77: Weaknesses in Injection Flaws

CWE-78: OS Command Injection

CWE-79: Weaknesses Originally Used by NVD from 2008 to 2016

CWE-80: Injection

CWE-81: SFP Secondary Cluster - Tainted Input to Command

CWE-82: SFP Secondary Cluster - Tainted Input to Command

CWE-83: Injection to Command Secondary Cluster

CWE-84: XSS using Encoded URI Schemes

CWE-85: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-86: Injection to Bypass Encoding Protection Mechanisms

CWE-87: SFP Secondary Cluster - Tainted Input to Command

CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CWE-89: SQL Injection

CWE-90: Injection

CWE-91: Input Validation Issues

CWE-93: CRLF Injection

CWE-95: Remote File Inclusion

CWE-96: Implement Input Validation to Avoid Injection

CWE-97: SFP Secondary Cluster - Tainted Input to Command

CWE-99: OWASP Top Ten 2010 Category A4 - Insecure Direct Object References

CWE-102: Unvalidated Input Leading to Injection

CWE-103: Unvalidated Input

CWE-104: Unvalidated Input

CWE-105: SFP Secondary Cluster - Tainted Input to Command

CWE-106: Improper Input Validation

CWE-107: SFP Secondary Cluster - Tainted Input to Command

CWE-108: Improper Validation of Input to Command

CWE-109: Improper Input Validation

CWE-110: SFP Secondary Cluster: Tainted Input to Command

CWE-112: XML Input Validation

CWE-113: CWE Cross-section

CWE-130: SFP Secondary Cluster - Tainted Input to Command

CWE-134: Format String Vulnerability

CWE-138: Improper Neutralization of Special Elements

CWE-140: Improper Input Validation

CWE-141: Tainted Input to Command - Improper Neutralization

CWE-142: SFP Secondary Cluster: Tainted Input to Command

CWE-143: Tainted Input Handling

CWE-144: Improper Neutralization of Line Delimiters in an HTTP Header

CWE-145: SFP Secondary Cluster - Tainted Input to Command

CWE-146: Improper Neutralization of Expression/Command Delimiters

CWE-147: Improper Neutralization of Input Terminators

CWE-148: Improper Validation of Input Data

CWE-149: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-150: Input Validation and Data Sanitization

CWE-151: Tainted Input to Command

CWE-152: Tainted Input to Command

CWE-153: Command Input Tainted Input Vulnerability

CWE-154: SFP Secondary Cluster - Tainted Input to Command

CWE-155: SFP Secondary Cluster - Tainted Input to Command

CWE-156: SFP Secondary Cluster - Tainted Input to Command

CWE-157: Tainted Input to Command

CWE-158: Improper Validation of Input

CWE-159: SFP Secondary Cluster - Tainted Input to Command

CWE-160: SFP Secondary Cluster - Tainted Input to Command

CWE-161: SFP Secondary Cluster: Tainted Input to Command

CWE-162: SFP Secondary Cluster - Tainted Input to Command

CWE-163: SFP Secondary Cluster - Tainted Input to Command

CWE-164: Improper Input Validation

CWE-165: Input Validation and Neutralization Techniques

CWE-183: Denylist

CWE-184: SFP Secondary Cluster - Tainted Input to Command

CWE-185: Refactoring Regular Expressions

CWE-186: Regular Expression Tainted Input Vulnerability

CWE-444: SFP Secondary Cluster - Tainted Input to Command

CWE-553: SFP Secondary Cluster - Tainted Input to Command

CWE-554: ASP.NET Input Validation Vulnerability

CWE-564: SQL Injection: Sensitive Data Exposure

CWE-601: ICS Operations (& Maintenance): Emerging Energy Technologies

CWE-611: Improper Restriction of XML External Entity Reference ('XXE')

CWE-619: SFP Secondary Cluster: Tainted Input to Command

CWE-621: Comprehensive Categorization: Injection

CWE-624: SFP Secondary Cluster - Tainted Input to Command

CWE-625: Missing Regular Expression Anchor Characters

CWE-626: SFP Secondary Cluster - Tainted Input to Command

CWE-627: Comprehensive Categorization: Injection

CWE-641: SFP Secondary Cluster: Tainted Input to Command

CWE-643: XPath Injection

CWE-644: Improper Neutralization

CWE-646: SFP Secondary Cluster - Tainted Input to Command

CWE-652: Failure to Sanitize Data within XQuery Expressions

CWE-687: Manual Static Analysis for Program Behavior Accuracy

CWE-707: Abstraction Theory and Advanced Levels

Learn about CWE-990 which focuses on detecting Software Fault Patterns (SFPs) related to the Tainted Input to Command cluster. Discover vulnerabilities like 'Injection', 'Command Injection', 'OS Command Injection' and more.

CWE-990: Detecting Software Fault Patterns (SFPs)

SFP24 focuses on detecting Software Fault Patterns (SFPs) related to the Tainted Input to Command cluster.

CWE-990: Detection of Tainted Input to Command Cluster

CWE-990: Detection of Tainted Input to Command Cluster

Summary

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CWE-990: Detection of Tainted Input to Command Cluster

Summary

Is your System Free of Underlying Vulnerabilities? Find Out Now

Is your System Free of Underlying Vulnerabilities?
Find Out Now