Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-615 |
Inclusion of Sensitive Information in Source Code Comments
While adding general comments is very useful, some programmers tend to leave important data, such as: filenames related to the web application, old links or links which were not meant to be browsed by users, old code fragments, etc. |
|
| CWE-540 |
Inclusion of Sensitive Information in Source Code
Source code on a web server or repository often contains sensitive information and should generally not be accessible to users. |
|
| CWE-829 |
Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
|
| CWE-1114 |
Inappropriate Whitespace Style
The source code contains whitespace that is inconsistent across the code or does not follow expected standards for the product. |
|
| CWE-1078 |
Inappropriate Source Code Style or Formatting
The source code does not follow desired style or formatting for indentation, white space, comments, etc. |
|
| CWE-838 |
Inappropriate Encoding for Output Context
The product uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component. |
|
| CWE-1113 |
Inappropriate Comment Style
The source code uses comment styles or formats that are inconsistent or do not follow expected standards for the product. |
|
| CWE-326 |
Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. |
|
| CWE-1039 |
Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism
The product uses an automated mechanism such as machine learning to recognize complex data inputs (e.g. image or audio) as a particular concept or category, but it does not properly detect or handle inputs that have been modified or constructed in a way that causes the mechanism to detect a different, incorrect concept. |
|
| CWE-1116 |
Inaccurate Source Code Comments
The source code contains comments that do not accurately describe or explain aspects of the portion of the code with which the comment is associated. |
|
| CWE-1304 |
Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
The product performs a power save/restore operation, but it does not ensure that the integrity of the configuration state is maintained and/or verified between the beginning and ending of the operation. |
|
| CWE-358 |
Improperly Implemented Security Check for Standard
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique. |
|
| CWE-1325 |
Improperly Controlled Sequential Memory Allocation
The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects. |
|
| CWE-1321 |
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. |
|
| CWE-915 |
Improperly Controlled Modification of Dynamically-Determined Object Attributes
The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified. |
|
| CWE-1239 |
Improper Zeroization of Hardware Register
The hardware product does not properly clear sensitive information from built-in registers when the user of the hardware block changes. |
|
| CWE-1246 |
Improper Write Handling in Limited-write Non-Volatile Memories
The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories. |
|
| CWE-940 |
Improper Verification of Source of a Communication Channel
The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. |
|
| CWE-925 |
Improper Verification of Intent by Broadcast Receiver
The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source. |
|
| CWE-347 |
Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data. |