Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-1235 |
Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations
The code uses boxed primitives, which may introduce inefficiencies into performance-critical operations. |
|
| CWE-335 |
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds. |
|
| CWE-704 |
Incorrect Type Conversion or Cast
The product does not correctly convert an object, resource, or structure from one type to a different type. |
|
| CWE-821 |
Incorrect Synchronization
The product utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource. |
|
| CWE-768 |
Incorrect Short Circuit Evaluation
The product contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead to an unexpected state in the program after the execution of the conditional, because short-circuiting logic may prevent the side effects from occurring. |
|
| CWE-1253 |
Incorrect Selection of Fuse Values
The logic level used to set a system to a secure state relies on a fuse being unblown. |
|
| CWE-669 |
Incorrect Resource Transfer Between Spheres
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource. |
|
| CWE-185 |
Incorrect Regular Expression
The product specifies a regular expression in a way that causes data to be improperly matched or compared. |
|
| CWE-1221 |
Incorrect Register Defaults or Module Parameters
Hardware description language code incorrectly defines register defaults or hardware Intellectual Property (IP) parameters to insecure values. |
|
| CWE-684 |
Incorrect Provision of Specified Functionality
The code does not function according to its published specifications, potentially leading to incorrect usage. |
|
| CWE-266 |
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
|
| CWE-468 |
Incorrect Pointer Scaling
In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled. |
|
| CWE-732 |
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
|
| CWE-1389 |
Incorrect Parsing of Numbers with Different Radices
The product parses numeric input assuming base 10 (decimal) values, but it does not account for inputs that use a different base number (radix). |
|
| CWE-708 |
Incorrect Ownership Assignment
The product assigns an owner to a resource, but the owner is outside of the intended control sphere. |
|
| CWE-1419 |
Incorrect Initialization of Resource
The product attempts to initialize a resource but does not correctly do so, which might leave the resource in an unexpected, incorrect, or insecure state when it is accessed. |
|
| CWE-303 |
Incorrect Implementation of Authentication Algorithm
The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect. |
|
| CWE-279 |
Incorrect Execution-Assigned Permissions
While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user. |
|
| CWE-276 |
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files. |
|
| CWE-1290 |
Incorrect Decoding of Security Identifiers
The product implements a decoding mechanism to decode certain bus-transaction signals to security identifiers. If the decoding is implemented incorrectly, then untrusted agents can now gain unauthorized access to the asset. |