Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-588 |
Attempt to Access Child of a Non-structure Pointer
Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption. |
|
| CWE-405 |
Asymmetric Resource Consumption (Amplification)
The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric." |
|
| CWE-1282 |
Assumed-Immutable Data is Stored in Writable Memory
Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-programmed or updated in the field. |
|
| CWE-563 |
Assignment to Variable without Use
The variable's value is assigned but never used, making it a dead store. |
|
| CWE-587 |
Assignment of a Fixed Address to a Pointer
The product sets a pointer to a specific address other than NULL or 0. |
|
| CWE-481 |
Assigning instead of Comparing
The code uses an operator for assignment when the intention was to perform a comparison. |
|
| CWE-582 |
Array Declared Public, Final, and Static
The product declares an array public, final, and static, which is not sufficient to prevent the array's contents from being modified. |
|
| CWE-1044 |
Architecture with Number of Horizontal Layers Outside of Expected Range
The product's architecture contains too many - or too few - horizontal layers. |
|
| CWE-1249 |
Application-Level Admin Tool with Inconsistent View of Underlying Operating System
The product provides an application for administrators to manage parts of the underlying operating system, but the application does not accurately identify all of the relevant entities or resources that exist in the OS; that is, the application's model of the OS's state is inconsistent with the OS's actual state. |
|
| CWE-670 |
Always-Incorrect Control Flow Implementation
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated. |
|
| CWE-770 |
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
|
| CWE-774 |
Allocation of File Descriptors or Handles Without Limits or Throttling
The product allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for that actor. |
|
| CWE-464 |
Addition of Data Structure Sentinel
The accidental addition of a data-structure sentinel can cause serious programming logic problems. |
|
| CWE-489 |
Active Debug Code
The product is released with debugging code still enabled or active. |
|
| CWE-767 |
Access to Critical Private Variable via Public Method
The product defines a public method that reads or modifies a private variable. |
|
| CWE-824 |
Access of Uninitialized Pointer
The product accesses or uses a pointer that has not been initialized. |
|
| CWE-843 |
Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. |
|
| CWE-786 |
Access of Memory Location Before Start of Buffer
The product reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. |
|
| CWE-788 |
Access of Memory Location After End of Buffer
The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer. |
|
| CWE-1280 |
Access Control Check Implemented After Asset is Accessed
A product's hardware-based access control check occurs after the asset has been accessed. |