Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-431 |
Missing Handler
A handler is not available or implemented. |
|
| CWE-311 |
Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission. |
|
| CWE-1053 |
Missing Documentation for Design
The product does not have documentation that represents how it is designed. |
|
| CWE-478 |
Missing Default Case in Multiple Condition Expression
The code does not have a default case in an expression with multiple conditions, such as a switch statement. |
|
| CWE-756 |
Missing Custom Error Page
The product does not return custom error pages to the user, possibly exposing sensitive information. |
|
| CWE-325 |
Missing Cryptographic Step
The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm. |
|
| CWE-304 |
Missing Critical Step in Authentication
The product implements an authentication technique, but it skips a step that weakens the technique. |
|
| CWE-370 |
Missing Check for Certificate Revocation after Initial Check
The product does not check the revocation status of a certificate after its initial revocation check, which can cause the product to perform privileged actions even after the certificate is revoked at a later time. |
|
| CWE-862 |
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
|
| CWE-306 |
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
|
| CWE-1310 |
Missing Ability to Patch ROM Code
Missing an ability to patch ROM code may leave a System or System-on-Chip (SoC) in a vulnerable state. |
|
| CWE-762 |
Mismatched Memory Management Routines
The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource. |
|
| CWE-115 |
Misinterpretation of Input
The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion. |
|
| CWE-1251 |
Mirrored Regions with Different Values
The product's architecture mirrors regions without ensuring that their contents always stay in sync. |
|
| CWE-1090 |
Method Containing Access of a Member Element from Another Class
A method for a class performs an operation that directly accesses a member element from another class. |
|
| CWE-789 |
Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
|
| CWE-835 |
Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. |
|
| CWE-1095 |
Loop Condition Value Update within the Loop
The product uses a loop with a control flow condition based on a value that is updated within the body of the loop. |
|
| CWE-511 |
Logic/Time Bomb
The product contains code that is designed to disrupt the legitimate operation of the product (or its environment) when a certain time passes, or when a certain logical condition is met. |
|
| CWE-779 |
Logging of Excessive Data
The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack. |