Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-1292 |
Incorrect Conversion of Security Identifiers
The product implements a conversion mechanism to map certain bus-transaction signals to security identifiers. However, if the conversion is incorrectly implemented, untrusted agents can gain unauthorized access to the asset. |
|
| CWE-681 |
Incorrect Conversion between Numeric Types
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur. |
|
| CWE-705 |
Incorrect Control Flow Scoping
The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition. |
|
| CWE-1254 |
Incorrect Comparison Logic Granularity
The product's comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one of these steps, the operation may be vulnerable to a timing attack that can result in the interception of the process for nefarious purposes. |
|
| CWE-697 |
Incorrect Comparison
The product compares two entities in a security-relevant context, but the comparison is incorrect. |
|
| CWE-253 |
Incorrect Check of Function Return Value
The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions. |
|
| CWE-1296 |
Incorrect Chaining or Granularity of Debug Components
The product's debug components contain incorrect chaining or granularity of debug components. |
|
| CWE-135 |
Incorrect Calculation of Multi-Byte String Length
The product does not correctly calculate the length of strings that can contain wide or multi-byte characters. |
|
| CWE-131 |
Incorrect Calculation of Buffer Size
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. |
|
| CWE-682 |
Incorrect Calculation
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management. |
|
| CWE-483 |
Incorrect Block Delimitation
The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error. |
|
| CWE-1335 |
Incorrect Bitwise Shift of Integer
An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected or indeterminate result. |
|
| CWE-181 |
Incorrect Behavior Order: Validate Before Filter
The product validates data before it has been filtered, which prevents the product from detecting data that becomes invalid after the filtering step. |
|
| CWE-180 |
Incorrect Behavior Order: Validate Before Canonicalize
The product validates input before it is canonicalized, which prevents the product from detecting data that becomes invalid after the canonicalization step. |
|
| CWE-179 |
Incorrect Behavior Order: Early Validation
The product validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs that only arise after the modification. |
|
| CWE-408 |
Incorrect Behavior Order: Early Amplification
The product allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place. |
|
| CWE-551 |
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
If a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to bypass authorization protection. |
|
| CWE-696 |
Incorrect Behavior Order
The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses. |
|
| CWE-863 |
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
|
| CWE-118 |
Incorrect Access of Indexable Resource ('Range Error')
The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files. |