Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-1048 |
Invokable Control Element with Large Number of Outward Calls
The code contains callable control elements that contain an excessively large number of references to other application objects external to the context of the callable, i.e. a Fan-Out value that is excessively large. |
|
| CWE-1085 |
Invokable Control Element with Excessive Volume of Commented-out Code
A function, method, procedure, etc. contains an excessive amount of code that has been commented out within its body. |
|
| CWE-1084 |
Invokable Control Element with Excessive File or Data Access Operations
A function or method contains too many operations that utilize a data manager or file resource. |
|
| CWE-1058 |
Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element
The code contains a function or method that operates in a multi-threaded environment but owns an unsafe non-final static storable or member data element. |
|
| CWE-1054 |
Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer
The code at one architectural layer invokes code that resides at a deeper layer than the adjacent layer, i.e., the invocation skips at least one layer, and the invoked code is not part of a vertical utility layer that can be referenced from any horizontal layer. |
|
| CWE-214 |
Invocation of Process Using Visible Sensitive Information
A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system. |
|
| CWE-436 |
Interpretation Conflict
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state. |
|
| CWE-1244 |
Internal Asset Exposed to Unsafe Debug Access Level or State
The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents. |
|
| CWE-191 |
Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
|
| CWE-680 |
Integer Overflow to Buffer Overflow
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow. |
|
| CWE-190 |
Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
|
| CWE-192 |
Integer Coercion Error
Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types. |
|
| CWE-522 |
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
|
| CWE-1301 |
Insufficient or Incomplete Data Removal within Hardware Component
The product's data removal process does not completely delete all data and potentially sensitive information within hardware components. |
|
| CWE-1007 |
Insufficient Visual Distinction of Homoglyphs Presented to User
The product displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar or identical glyphs (homoglyphs), which may cause the user to misinterpret a glyph and perform an unintended, insecure action. |
|
| CWE-345 |
Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
|
| CWE-1106 |
Insufficient Use of Symbolic Constants
The source code uses literal constants that may need to change or evolve over time, instead of using symbolic constants. |
|
| CWE-357 |
Insufficient UI Warning of Dangerous Operations
The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention. |
|
| CWE-351 |
Insufficient Type Distinction
The product does not properly distinguish between different types of elements in a way that leads to insecure behavior. |
|
| CWE-1059 |
Insufficient Technical Documentation
The product does not contain sufficient technical or engineering documentation (whether on paper or in electronic form) that contains descriptions of all the relevant software/hardware elements of the product, such as its usage, structure, architectural components, interfaces, design, implementation, configuration, operation, etc. |