Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-572 |
Call to Thread run() instead of start()
The product calls a thread's run() method instead of calling start(), which causes the code to run in the thread of the caller instead of the callee. |
|
| CWE-589 |
Call to Non-ubiquitous API
The product uses an API function that does not exist on all versions of the target platform. This could cause portability problems or inconsistencies that allow denial of service or other consequences. |
|
| CWE-1252 |
CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
The CPU is not configured to provide hardware support for exclusivity of write and execute operations on memory. This allows an attacker to execute data from all of memory. |
|
| CWE-124 |
Buffer Underwrite ('Buffer Underflow')
The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. |
|
| CWE-127 |
Buffer Under-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer. |
|
| CWE-126 |
Buffer Over-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
|
| CWE-120 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
|
| CWE-805 |
Buffer Access with Incorrect Length Value
The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. |
|
| CWE-806 |
Buffer Access Using Size of Source Buffer
The product uses the size of a source buffer when reading from or writing to a destination buffer, which may cause it to access memory that is outside of the bounds of the buffer. |
|
| CWE-1327 |
Binding to an Unrestricted IP Address
The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely. |
|
| CWE-439 |
Behavioral Change in New Version or Environment
A's behavior or functionality changes with a new version of A, or a new environment, which is not known (or manageable) by B. |
|
| CWE-566 |
Authorization Bypass Through User-Controlled SQL Primary Key
The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor. |
|
| CWE-639 |
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
|
| CWE-593 |
Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
The product modifies the SSL context after connection creation has begun. |
|
| CWE-290 |
Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
|
| CWE-305 |
Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. |
|
| CWE-294 |
Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). |
|
| CWE-302 |
Authentication Bypass by Assumed-Immutable Data
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker. |
|
| CWE-289 |
Authentication Bypass by Alternate Name
The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor. |
|
| CWE-288 |
Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication. |