Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-215 |
Insertion of Sensitive Information Into Debugging Code
The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production. |
|
| CWE-377 |
Insecure Temporary File
Creating and using insecure temporary files can leave application and system data vulnerable to attack. |
|
| CWE-922 |
Insecure Storage of Sensitive Information
The product stores sensitive information without properly limiting read or write access by unauthorized actors. |
|
| CWE-1434 |
Insecure Setting of Generative AI/ML Model Inference Parameters
The product has a component that relies on a generative AI/ML model configured with inference parameters that produce an unacceptably high rate of erroneous or unexpected outputs. |
|
| CWE-1294 |
Insecure Security Identifier Mechanism
The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers are not correctly implemented. |
|
| CWE-278 |
Insecure Preserved Inherited Permissions
A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement. |
|
| CWE-1386 |
Insecure Operation on Windows Junction / Mount Point
The product opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere. |
|
| CWE-277 |
Insecure Inherited Permissions
A product defines a set of insecure permissions that are inherited by objects that are created by the program. |
|
| CWE-453 |
Insecure Default Variable Initialization
The product, by default, initializes an internal variable with an insecure or less secure value than is possible. |
|
| CWE-1038 |
Insecure Automated Optimizations
The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption. |
|
| CWE-1051 |
Initialization with Hard-Coded Network Resource Configuration Data
The product initializes data using hard-coded values that act as network resource identifiers. |
|
| CWE-1188 |
Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure. |
|
| CWE-221 |
Information Loss or Omission
The product does not record, or improperly records, security-relevant information that leads to an incorrect decision or hampers later analysis. |
|
| CWE-1342 |
Information Exposure through Microarchitectural State after Transient Execution
The processor does not properly clear microarchitectural state after incorrect microcode assists or speculative execution, resulting in transient execution. |
|
| CWE-1333 |
Inefficient Regular Expression Complexity
The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential. |
|
| CWE-1176 |
Inefficient CPU Computation
The product performs CPU computations using algorithms that are not as efficient as they could be for the needs of the developer, i.e., the computations can be optimized further. |
|
| CWE-407 |
Inefficient Algorithmic Complexity
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached. |
|
| CWE-941 |
Incorrectly Specified Destination in a Communication Channel
The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor. |
|
| CWE-286 |
Incorrect User Management
The product does not properly manage a user within its environment. |
|
| CWE-648 |
Incorrect Use of Privileged APIs
The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly. |