Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-177 |
Improper Handling of URL Encoding (Hex Encoding)
The product does not properly handle when all or part of an input has been URL encoded. |
|
| CWE-228 |
Improper Handling of Syntactically Invalid Structure
The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification. |
|
| CWE-237 |
Improper Handling of Structural Elements
The product does not handle or incorrectly handles inputs that are related to complex structures. |
|
| CWE-1261 |
Improper Handling of Single Event Upsets
The hardware logic does not effectively handle when single-event upsets (SEUs) occur. |
|
| CWE-1384 |
Improper Handling of Physical or Environmental Conditions
The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced. |
|
| CWE-233 |
Improper Handling of Parameters
The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined. |
|
| CWE-1260 |
Improper Handling of Overlap Between Protected Memory Ranges
The product allows address regions to overlap, which can result in the bypassing of intended memory protection. |
|
| CWE-175 |
Improper Handling of Mixed Encoding
The product does not properly handle when the same input uses several different (mixed) encodings. |
|
| CWE-230 |
Improper Handling of Missing Values
The product does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null. |
|
| CWE-166 |
Improper Handling of Missing Special Element
The product receives input from an upstream component, but it does not handle or incorrectly handles when an expected special element is missing. |
|
| CWE-130 |
Improper Handling of Length Parameter Inconsistency
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data. |
|
| CWE-159 |
Improper Handling of Invalid Use of Special Elements
The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity. |
|
| CWE-274 |
Improper Handling of Insufficient Privileges
The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses. |
|
| CWE-280 |
Improper Handling of Insufficient Permissions or Privileges
The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. |
|
| CWE-333 |
Improper Handling of Insufficient Entropy in TRNG
True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block. |
|
| CWE-240 |
Improper Handling of Inconsistent Structural Elements
The product does not handle or incorrectly handles when two or more structural elements should be consistent, but are not. |
|
| CWE-168 |
Improper Handling of Inconsistent Special Elements
The product does not properly handle input in which an inconsistency exists between two or more special characters or reserved words. |
|
| CWE-238 |
Improper Handling of Incomplete Structural Elements
The product does not handle or incorrectly handles when a particular structural element is not completely specified. |
|
| CWE-409 |
Improper Handling of Highly Compressed Data (Data Amplification)
The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output. |
|
| CWE-1351 |
Improper Handling of Hardware Behavior in Exceptionally Cold Environments
A hardware device, or the firmware running on it, is missing or has incorrect protection features to maintain goals of security primitives when the device is cooled below standard operating temperatures. |