2023 CWE Top 25 Vulnerabilidades de Software Mais Perigosas

0 0

1.  Out-of-bounds Write
   CWE-787CVEs in KEV: 70Rank Last Year: 1
2.  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
   CWE-79CVEs in KEV: 4Rank Last Year: 2
3.  Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
   CWE-89CVEs in KEV: 6Rank Last Year: 3
4.  Use After Free
   CWE-416CVEs in KEV: 44Rank Last Year: 7 (up 3) 
5.  Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
   CWE-78CVEs in KEV: 23Rank Last Year: 6 (up 1) 
6.  Improper Input Validation
   CWE-20CVEs in KEV: 35Rank Last Year: 4 (down 2) 
7.  Out-of-bounds Read
   CWE-125CVEs in KEV: 2Rank Last Year: 5 (down 2) 
8.  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
   CWE-22CVEs in KEV: 16Rank Last Year: 8
9.  Cross-Site Request Forgery (CSRF)
   CWE-352CVEs in KEV: 0Rank Last Year: 9
10.  Unrestricted Upload of File with Dangerous Type
    CWE-434CVEs in KEV: 5Rank Last Year: 10
11.  Missing Authorization
    CWE-862CVEs in KEV: 0Rank Last Year: 16 (up 5) 
12.  NULL Pointer Dereference
    CWE-476CVEs in KEV: 0Rank Last Year: 11 (down 1) 
13.  Improper Authentication
    CWE-287CVEs in KEV: 10Rank Last Year: 14 (up 1) 
14.  Integer Overflow or Wraparound
    CWE-190CVEs in KEV: 4Rank Last Year: 13 (down 1) 
15.  Deserialization of Untrusted Data
    CWE-502CVEs in KEV: 14Rank Last Year: 12 (down 3) 
16.  Improper Neutralization of Special Elements used in a Command (‘Command Injection’)
    CWE-77CVEs in KEV: 4Rank Last Year: 17 (up 1) 
17.  Improper Restriction of Operations within the Bounds of a Memory Buffer
    CWE-119CVEs in KEV: 7Rank Last Year: 19 (up 2) 
18.  Use of Hard-coded Credentials
    CWE-798CVEs in KEV: 2Rank Last Year: 15 (down 3) 
19.  Server-Side Request Forgery (SSRF)
    CWE-918CVEs in KEV: 16Rank Last Year: 21 (up 2) 
20.  Missing Authentication for Critical Function
    CWE-306CVEs in KEV: 8Rank Last Year: 18 (down 2) 
21.  Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
    CWE-362CVEs in KEV: 8Rank Last Year: 22 (up 1) 
22.  Improper Privilege Management
    CWE-269CVEs in KEV: 5Rank Last Year: 29 (up 7) 
23.  Improper Control of Generation of Code (‘Code Injection’)
    CWE-94CVEs in KEV: 6Rank Last Year: 25 (up 2) 
24.  Incorrect Authorization
    CWE-863CVEs in KEV: 0Rank Last Year: 28 (up 4) 
25.  Incorrect Default Permissions
    CWE-276CVEs in KEV: 0Rank Last Year: 20 (down 5) 

FONTE: MITRE