Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-1289 |
Improper Validation of Unsafe Equivalence in Input
The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value. |
|
| CWE-1286 |
Improper Validation of Syntactic Correctness of Input
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax. |
|
| CWE-1287 |
Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
|
| CWE-1284 |
Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
|
| CWE-1285 |
Improper Validation of Specified Index, Position, or Offset in Input
The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties. |
|
| CWE-354 |
Improper Validation of Integrity Check Value
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission. |
|
| CWE-1426 |
Improper Validation of Generative AI Output
The product invokes a generative AI/ML component whose behaviors and outputs cannot be directly controlled, but the product does not validate or insufficiently validates the outputs to ensure that they align with the intended security, content, or privacy policy. |
|
| CWE-622 |
Improper Validation of Function Hook Arguments
The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities. |
|
| CWE-1288 |
Improper Validation of Consistency within Input
The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent. |
|
| CWE-297 |
Improper Validation of Certificate with Host Mismatch
The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host. |
|
| CWE-298 |
Improper Validation of Certificate Expiration
A certificate expiration is not validated or is incorrectly validated. |
|
| CWE-129 |
Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. |
|
| CWE-1173 |
Improper Use of Validation Framework
The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library. |
|
| CWE-911 |
Improper Update of Reference Count
The product uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count. |
|
| CWE-1311 |
Improper Translation of Security Attributes by Fabric Bridge
The bridge incorrectly translates security attributes from either trusted to untrusted or from untrusted to trusted when converting from one fabric protocol to another. |
|
| CWE-662 |
Improper Synchronization
The product utilizes multiple threads, processes, components, or systems to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes. |
|
| CWE-1315 |
Improper Setting of Bus Controlling Capability in Fabric End-point
The bus controller enables bits in the fabric end-point to allow responder devices to control transactions on the fabric. |
|
| CWE-1266 |
Improper Scrubbing of Sensitive Data from Decommissioned Device
The product does not properly provide a capability for the product administrator to remove sensitive data at the time the product is decommissioned. A scrubbing capability could be missing, insufficient, or incorrect. |
|
| CWE-611 |
Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. |
|
| CWE-1224 |
Improper Restriction of Write-Once Bit Fields
The hardware design control register "sticky bits" or write-once bit fields are improperly implemented, such that they can be reprogrammed by software. |