Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-1303 |
Non-Transparent Sharing of Microarchitectural Resources
Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts. |
|
| CWE-1073 |
Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
The product contains a client with a function or method that contains a large number of data accesses/queries that are sent through a data manager, i.e., does not use efficient database capabilities. |
|
| CWE-508 |
Non-Replicating Malicious Code
Non-replicating malicious code only resides on the target system or product that is attacked; it does not attempt to spread to other systems. |
|
| CWE-476 |
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL. |
|
| CWE-1283 |
Mutable Attestation or Measurement Reporting Data
The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary. |
|
| CWE-765 |
Multiple Unlocks of a Critical Resource
The product unlocks a critical resource more times than intended, leading to an unexpected state in the system. |
|
| CWE-1341 |
Multiple Releases of Same Resource or Handle
The product attempts to close or release a resource or handle more than once, without any successful open between the close operations. |
|
| CWE-675 |
Multiple Operations on Resource in Single-Operation Context
The product performs the same operation on a resource two or more times, when the operation should only be applied once. |
|
| CWE-764 |
Multiple Locks of a Critical Resource
The product locks a critical resource more times than intended, leading to an unexpected state in the system. |
|
| CWE-450 |
Multiple Interpretations of UI Input
The UI has multiple interpretations of user input but does not prompt the user when it selects the less secure interpretation. |
|
| CWE-1055 |
Multiple Inheritance from Concrete Classes
The product contains a class with inheritance from more than one concrete class. |
|
| CWE-605 |
Multiple Binds to the Same Port
When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed. |
|
| CWE-1047 |
Modules with Circular Dependencies
The product contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies. |
|
| CWE-471 |
Modification of Assumed-Immutable Data (MAID)
The product does not properly protect an assumed-immutable element from being modified by an attacker. |
|
| CWE-112 |
Missing XML Validation
The product accepts XML from an untrusted source but does not validate the XML against the proper schema. |
|
| CWE-1314 |
Missing Write Protection for Parametric Data Values
The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result and potentially damage hardware or cause operational failure. |
|
| CWE-599 |
Missing Validation of OpenSSL Certificate
The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements. |
|
| CWE-820 |
Missing Synchronization
The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource. |
|
| CWE-1318 |
Missing Support for Security Features in On-chip Fabrics or Buses
On-chip fabrics or buses either do not support or are not configured to support privilege separation or other security features, such as access control. |
|
| CWE-353 |
Missing Support for Integrity Check
The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum. |