Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-66 |
Improper Handling of File Names that Identify Virtual Resources
The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file. |
|
| CWE-1332 |
Improper Handling of Faults that Lead to Instruction Skips
The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur. |
|
| CWE-231 |
Improper Handling of Extra Values
The product does not handle or incorrectly handles when more values are provided than expected. |
|
| CWE-235 |
Improper Handling of Extra Parameters
The product does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount. |
|
| CWE-755 |
Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition. |
|
| CWE-178 |
Improper Handling of Case Sensitivity
The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results. |
|
| CWE-72 |
Improper Handling of Apple HFS+ Alternate Data Stream Path
The product does not properly handle special paths that may identify the data or resource fork of a file on the HFS+ file system. |
|
| CWE-173 |
Improper Handling of Alternate Encoding
The product does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent. |
|
| CWE-167 |
Improper Handling of Additional Special Element
The product receives input from an upstream component, but it does not handle or incorrectly handles when an additional unexpected special element is provided. |
|
| CWE-296 |
Improper Following of a Certificate's Chain of Trust
The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate. |
|
| CWE-573 |
Improper Following of Specification by Caller
The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform. |
|
| CWE-1245 |
Improper Finite State Machines (FSMs) in Hardware Logic
Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial of service (DoS) or gain privileges on the victim's system. |
|
| CWE-790 |
Improper Filtering of Special Elements
The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component. |
|
| CWE-926 |
Improper Export of Android Application Components
The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains. |
|
| CWE-837 |
Improper Enforcement of a Single, Unique Action
The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction. |
|
| CWE-924 |
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission. |
|
| CWE-841 |
Improper Enforcement of Behavioral Workflow
The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence. |
|
| CWE-116 |
Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. |
|
| CWE-664 |
Improper Control of a Resource Through its Lifetime
The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release. |
|
| CWE-99 |
Improper Control of Resource Identifiers ('Resource Injection')
The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. |