CWE-701: Weaknesses Introduced During Design
ID
CWE-701
Type
Implicit
Status
Incomplete
Number of CVEs
9
This view (slice) lists weaknesses that can be introduced during design.
Relationships
| Type | # ID | Name | Abstraction | Structure | Status | |
|---|---|---|---|---|---|---|
| Weakness | CWE-20 | Improper Input Validation | Class | Simple | Stable | |
| Weakness | CWE-73 | External Control of File Name or Path | Base | Simple | Draft | |
| Weakness | CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') | Class | Simple | Draft | |
| Weakness | CWE-115 | Misinterpretation of Input | Base | Simple | Incomplete | |
| Weakness | CWE-184 | Incomplete List of Disallowed Inputs | Base | Simple | Draft | |
| Weakness | CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | Class | Simple | Draft | |
| Weakness | CWE-201 | Insertion of Sensitive Information Into Sent Data | Base | Simple | Draft | |
| Weakness | CWE-202 | Exposure of Sensitive Information Through Data Queries | Base | Simple | Draft | |
| Weakness | CWE-203 | Observable Discrepancy | Base | Simple | Incomplete | |
| Weakness | CWE-204 | Observable Response Discrepancy | Base | Simple | Incomplete | |
| Weakness | CWE-205 | Observable Behavioral Discrepancy | Base | Simple | Incomplete | |
| Weakness | CWE-208 | Observable Timing Discrepancy | Base | Simple | Incomplete | |
| Weakness | CWE-209 | Generation of Error Message Containing Sensitive Information | Base | Simple | Draft | |
| Weakness | CWE-210 | Self-generated Error Message Containing Sensitive Information | Base | Simple | Draft | |
| Weakness | CWE-211 | Externally-Generated Error Message Containing Sensitive Information | Base | Simple | Incomplete | |
| Weakness | CWE-212 | Improper Removal of Sensitive Information Before Storage or Transfer | Base | Simple | Incomplete | |
| Weakness | CWE-213 | Exposure of Sensitive Information Due to Incompatible Policies | Base | Simple | Draft | |
| Weakness | CWE-214 | Invocation of Process Using Visible Sensitive Information | Base | Simple | Incomplete | |
| Weakness | CWE-221 | Information Loss or Omission | Class | Simple | Incomplete | |
| Weakness | CWE-223 | Omission of Security-relevant Information | Base | Simple | Draft | |
| Weakness | CWE-250 | Execution with Unnecessary Privileges | Base | Simple | Draft | |
| Weakness | CWE-256 | Plaintext Storage of a Password | Base | Simple | Incomplete | |
| Weakness | CWE-257 | Storing Passwords in a Recoverable Format | Base | Simple | Incomplete | |
| Weakness | CWE-260 | Password in Configuration File | Base | Simple | Incomplete | |
| Weakness | CWE-261 | Weak Encoding for Password | Base | Simple | Incomplete | |
| Weakness | CWE-262 | Not Using Password Aging | Base | Simple | Draft | |
| Weakness | CWE-263 | Password Aging with Long Expiration | Base | Simple | Draft | |
| Weakness | CWE-267 | Privilege Defined With Unsafe Actions | Base | Simple | Incomplete | |
| Weakness | CWE-268 | Privilege Chaining | Base | Simple | Draft | |
| Weakness | CWE-269 | Improper Privilege Management | Class | Simple | Draft | |
| Weakness | CWE-270 | Privilege Context Switching Error | Base | Simple | Draft | |
| Weakness | CWE-271 | Privilege Dropping / Lowering Errors | Class | Simple | Incomplete | |
| Weakness | CWE-276 | Incorrect Default Permissions | Base | Simple | Draft | |
| Weakness | CWE-282 | Improper Ownership Management | Class | Simple | Draft | |
| Weakness | CWE-283 | Unverified Ownership | Base | Simple | Draft | |
| Weakness | CWE-285 | Improper Authorization | Class | Simple | Draft | |
| Weakness | CWE-286 | Incorrect User Management | Class | Simple | Incomplete | |
| Weakness | CWE-287 | Improper Authentication | Class | Simple | Draft | |
| Weakness | CWE-288 | Authentication Bypass Using an Alternate Path or Channel | Base | Simple | Incomplete | |
| Weakness | CWE-289 | Authentication Bypass by Alternate Name | Base | Simple | Incomplete | |
| Weakness | CWE-294 | Authentication Bypass by Capture-replay | Base | Simple | Incomplete | |
| Weakness | CWE-295 | Improper Certificate Validation | Base | Simple | Draft | |
| Weakness | CWE-300 | Channel Accessible by Non-Endpoint | Class | Simple | Draft | |
| Weakness | CWE-301 | Reflection Attack in an Authentication Protocol | Base | Simple | Draft | |
| Weakness | CWE-302 | Authentication Bypass by Assumed-Immutable Data | Base | Simple | Incomplete | |
| Weakness | CWE-306 | Missing Authentication for Critical Function | Base | Simple | Draft | |
| Weakness | CWE-307 | Improper Restriction of Excessive Authentication Attempts | Base | Simple | Draft | |
| Weakness | CWE-308 | Use of Single-factor Authentication | Base | Simple | Draft | |
| Weakness | CWE-309 | Use of Password System for Primary Authentication | Base | Simple | Draft | |
| Weakness | CWE-311 | Missing Encryption of Sensitive Data | Class | Simple | Draft | |
| Weakness | CWE-312 | Cleartext Storage of Sensitive Information | Base | Simple | Draft | |
| Weakness | CWE-319 | Cleartext Transmission of Sensitive Information | Base | Simple | Draft | |
| Weakness | CWE-322 | Key Exchange without Entity Authentication | Base | Simple | Draft | |
| Weakness | CWE-323 | Reusing a Nonce, Key Pair in Encryption | Base | Simple | Incomplete | |
| Weakness | CWE-324 | Use of a Key Past its Expiration Date | Base | Simple | Draft | |
| Weakness | CWE-326 | Inadequate Encryption Strength | Class | Simple | Draft | |
| Weakness | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm | Class | Simple | Draft | |
| Weakness | CWE-328 | Use of Weak Hash | Base | Simple | Draft | |
| Weakness | CWE-330 | Use of Insufficiently Random Values | Class | Simple | Stable | |
| Weakness | CWE-331 | Insufficient Entropy | Base | Simple | Draft | |
| Weakness | CWE-334 | Small Space of Random Values | Base | Simple | Draft | |
| Weakness | CWE-338 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | Base | Simple | Draft | |
| Weakness | CWE-340 | Generation of Predictable Numbers or Identifiers | Class | Simple | Incomplete | |
| Weakness | CWE-341 | Predictable from Observable State | Base | Simple | Draft | |
| Weakness | CWE-342 | Predictable Exact Value from Previous Values | Base | Simple | Draft | |
| Weakness | CWE-343 | Predictable Value Range from Previous Values | Base | Simple | Draft | |
| Weakness | CWE-344 | Use of Invariant Value in Dynamically Changing Context | Base | Simple | Draft | |
| Weakness | CWE-345 | Insufficient Verification of Data Authenticity | Class | Simple | Draft | |
| Weakness | CWE-346 | Origin Validation Error | Class | Simple | Draft | |
| Weakness | CWE-347 | Improper Verification of Cryptographic Signature | Base | Simple | Draft | |
| Weakness | CWE-348 | Use of Less Trusted Source | Base | Simple | Draft | |
| Weakness | CWE-353 | Missing Support for Integrity Check | Base | Simple | Draft | |
| Weakness | CWE-354 | Improper Validation of Integrity Check Value | Base | Simple | Draft | |
| Weakness | CWE-356 | Product UI does not Warn User of Unsafe Actions | Base | Simple | Incomplete | |
| Weakness | CWE-357 | Insufficient UI Warning of Dangerous Operations | Base | Simple | Draft | |
| Weakness | CWE-358 | Improperly Implemented Security Check for Standard | Base | Simple | Draft | |
| Weakness | CWE-359 | Exposure of Private Personal Information to an Unauthorized Actor | Base | Simple | Incomplete | |
| Weakness | CWE-360 | Trust of System Event Data | Base | Simple | Incomplete | |
| Weakness | CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | Class | Simple | Draft | |
| Weakness | CWE-363 | Race Condition Enabling Link Following | Base | Simple | Draft | |
| Weakness | CWE-368 | Context Switching Race Condition | Base | Simple | Draft | |
| Weakness | CWE-385 | Covert Timing Channel | Base | Simple | Incomplete | |
| Weakness | CWE-386 | Symbolic Name not Mapping to Correct Object | Base | Simple | Draft | |
| Weakness | CWE-400 | Uncontrolled Resource Consumption | Class | Simple | Draft | |
| Weakness | CWE-402 | Transmission of Private Resources into a New Sphere ('Resource Leak') | Class | Simple | Draft | |
| Weakness | CWE-405 | Asymmetric Resource Consumption (Amplification) | Class | Simple | Incomplete | |
| Weakness | CWE-406 | Insufficient Control of Network Message Volume (Network Amplification) | Class | Simple | Incomplete | |
| Weakness | CWE-407 | Inefficient Algorithmic Complexity | Class | Simple | Incomplete | |
| Weakness | CWE-408 | Incorrect Behavior Order: Early Amplification | Base | Simple | Draft | |
| Weakness | CWE-409 | Improper Handling of Highly Compressed Data (Data Amplification) | Base | Simple | Incomplete | |
| Weakness | CWE-410 | Insufficient Resource Pool | Base | Simple | Incomplete | |
| Weakness | CWE-412 | Unrestricted Externally Accessible Lock | Base | Simple | Incomplete | |
| Weakness | CWE-413 | Improper Resource Locking | Base | Simple | Draft | |
| Weakness | CWE-414 | Missing Lock Check | Base | Simple | Draft | |
| Weakness | CWE-419 | Unprotected Primary Channel | Base | Simple | Draft | |
| Weakness | CWE-420 | Unprotected Alternate Channel | Base | Simple | Draft | |
| Weakness | CWE-421 | Race Condition During Access to Alternate Channel | Base | Simple | Draft | |
| Weakness | CWE-424 | Improper Protection of Alternate Path | Class | Simple | Draft | |
| Weakness | CWE-434 | Unrestricted Upload of File with Dangerous Type | Base | Simple | Draft | |
| Weakness | CWE-436 | Interpretation Conflict | Class | Simple | Incomplete | |
| Weakness | CWE-437 | Incomplete Model of Endpoint Features | Base | Simple | Incomplete | |
| Weakness | CWE-439 | Behavioral Change in New Version or Environment | Base | Simple | Draft | |
| Weakness | CWE-440 | Expected Behavior Violation | Base | Simple | Draft | |
| Weakness | CWE-441 | Unintended Proxy or Intermediary ('Confused Deputy') | Class | Simple | Draft | |
| Weakness | CWE-446 | UI Discrepancy for Security Feature | Class | Simple | Incomplete | |
| Weakness | CWE-451 | User Interface (UI) Misrepresentation of Critical Information | Class | Simple | Draft | |
| Weakness | CWE-454 | External Initialization of Trusted Variables or Data Stores | Base | Simple | Draft | |
| Weakness | CWE-470 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | Base | Simple | Draft | |
| Weakness | CWE-471 | Modification of Assumed-Immutable Data (MAID) | Base | Simple | Draft | |
| Weakness | CWE-475 | Undefined Behavior for Input to API | Base | Simple | Incomplete | |
| Weakness | CWE-494 | Download of Code Without Integrity Check | Base | Simple | Draft | |
| Weakness | CWE-501 | Trust Boundary Violation | Base | Simple | Draft | |
| Weakness | CWE-502 | Deserialization of Untrusted Data | Base | Simple | Draft | |
| Weakness | CWE-510 | Trapdoor | Base | Simple | Incomplete | |
| Weakness | CWE-511 | Logic/Time Bomb | Base | Simple | Incomplete | |
| Weakness | CWE-512 | Spyware | Base | Simple | Incomplete | |
| Weakness | CWE-521 | Weak Password Requirements | Base | Simple | Draft | |
| Weakness | CWE-522 | Insufficiently Protected Credentials | Class | Simple | Incomplete | |
| Weakness | CWE-523 | Unprotected Transport of Credentials | Base | Simple | Incomplete | |
| Weakness | CWE-532 | Insertion of Sensitive Information into Log File | Base | Simple | Incomplete | |
| Weakness | CWE-544 | Missing Standardized Error Handling Mechanism | Base | Simple | Draft | |
| Weakness | CWE-552 | Files or Directories Accessible to External Parties | Base | Simple | Draft | |
| Weakness | CWE-565 | Reliance on Cookies without Validation and Integrity Checking | Base | Simple | Incomplete | |
| Weakness | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') | Base | Simple | Draft | |
| Weakness | CWE-602 | Client-Side Enforcement of Server-Side Security | Class | Simple | Draft | |
| Weakness | CWE-603 | Use of Client-Side Authentication | Base | Simple | Draft | |
| Weakness | CWE-610 | Externally Controlled Reference to a Resource in Another Sphere | Class | Simple | Draft | |
| Weakness | CWE-612 | Improper Authorization of Index Containing Sensitive Information | Base | Simple | Draft | |
| Weakness | CWE-613 | Insufficient Session Expiration | Base | Simple | Incomplete | |
| Weakness | CWE-620 | Unverified Password Change | Base | Simple | Draft | |
| Weakness | CWE-636 | Not Failing Securely ('Failing Open') | Class | Simple | Draft | |
| Weakness | CWE-637 | Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') | Class | Simple | Draft | |
| Weakness | CWE-639 | Authorization Bypass Through User-Controlled Key | Base | Simple | Incomplete | |
| Weakness | CWE-640 | Weak Password Recovery Mechanism for Forgotten Password | Base | Simple | Incomplete | |
| Weakness | CWE-641 | Improper Restriction of Names for Files and Other Resources | Base | Simple | Incomplete | |
| Weakness | CWE-642 | External Control of Critical State Data | Class | Simple | Draft | |
| Weakness | CWE-645 | Overly Restrictive Account Lockout Mechanism | Base | Simple | Incomplete | |
| Weakness | CWE-648 | Incorrect Use of Privileged APIs | Base | Simple | Incomplete | |
| Weakness | CWE-649 | Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking | Base | Simple | Incomplete | |
| Weakness | CWE-653 | Improper Isolation or Compartmentalization | Class | Simple | Draft | |
| Weakness | CWE-654 | Reliance on a Single Factor in a Security Decision | Base | Simple | Draft | |
| Weakness | CWE-655 | Insufficient Psychological Acceptability | Class | Simple | Draft | |
| Weakness | CWE-656 | Reliance on Security Through Obscurity | Class | Simple | Draft | |
| Weakness | CWE-657 | Violation of Secure Design Principles | Class | Simple | Draft | |
| Weakness | CWE-662 | Improper Synchronization | Class | Simple | Draft | |
| Weakness | CWE-667 | Improper Locking | Class | Simple | Draft | |
| Weakness | CWE-668 | Exposure of Resource to Wrong Sphere | Class | Simple | Draft | |
| Weakness | CWE-669 | Incorrect Resource Transfer Between Spheres | Class | Simple | Draft | |
| Weakness | CWE-671 | Lack of Administrator Control over Security | Class | Simple | Draft | |
| Weakness | CWE-673 | External Influence of Sphere Definition | Class | Simple | Draft | |
| Weakness | CWE-694 | Use of Multiple Resources with Duplicate Identifier | Base | Simple | Incomplete | |
| Weakness | CWE-696 | Incorrect Behavior Order | Class | Simple | Incomplete | |
| Weakness | CWE-706 | Use of Incorrectly-Resolved Name or Reference | Class | Simple | Incomplete | |
| Weakness | CWE-708 | Incorrect Ownership Assignment | Base | Simple | Incomplete | |
| Weakness | CWE-732 | Incorrect Permission Assignment for Critical Resource | Class | Simple | Draft | |
| Weakness | CWE-749 | Exposed Dangerous Method or Function | Base | Simple | Incomplete | |
| Weakness | CWE-757 | Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') | Base | Simple | Incomplete | |
| Weakness | CWE-770 | Allocation of Resources Without Limits or Throttling | Base | Simple | Incomplete | |
| Weakness | CWE-798 | Use of Hard-coded Credentials | Base | Simple | Draft | |
| Weakness | CWE-799 | Improper Control of Interaction Frequency | Class | Simple | Incomplete | |
| Weakness | CWE-804 | Guessable CAPTCHA | Base | Simple | Incomplete | |
| Weakness | CWE-807 | Reliance on Untrusted Inputs in a Security Decision | Base | Simple | Incomplete | |
| Weakness | CWE-862 | Missing Authorization | Class | Simple | Incomplete | |
| Weakness | CWE-863 | Incorrect Authorization | Class | Simple | Incomplete | |
| Weakness | CWE-912 | Hidden Functionality | Class | Simple | Incomplete | |
| Weakness | CWE-913 | Improper Control of Dynamically-Managed Code Resources | Class | Simple | Incomplete | |
| Weakness | CWE-915 | Improperly Controlled Modification of Dynamically-Determined Object Attributes | Base | Simple | Incomplete | |
| Weakness | CWE-916 | Use of Password Hash With Insufficient Computational Effort | Base | Simple | Incomplete | |
| Weakness | CWE-917 | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') | Base | Simple | Incomplete | |
| Weakness | CWE-918 | Server-Side Request Forgery (SSRF) | Base | Simple | Incomplete | |
| Weakness | CWE-920 | Improper Restriction of Power Consumption | Base | Simple | Incomplete | |
| Weakness | CWE-921 | Storage of Sensitive Data in a Mechanism without Access Control | Base | Simple | Incomplete | |
| Weakness | CWE-922 | Insecure Storage of Sensitive Information | Class | Simple | Incomplete | |
| Weakness | CWE-923 | Improper Restriction of Communication Channel to Intended Endpoints | Class | Simple | Incomplete | |
| Weakness | CWE-924 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel | Base | Simple | Incomplete | |
| Weakness | CWE-940 | Improper Verification of Source of a Communication Channel | Base | Simple | Incomplete | |
| Weakness | CWE-941 | Incorrectly Specified Destination in a Communication Channel | Base | Simple | Incomplete | |
| Weakness | CWE-1007 | Insufficient Visual Distinction of Homoglyphs Presented to User | Base | Simple | Incomplete | |
| Weakness | CWE-1037 | Processor Optimization Removal or Modification of Security-critical Code | Base | Simple | Incomplete | |
| Weakness | CWE-1038 | Insecure Automated Optimizations | Class | Simple | Draft | |
| Weakness | CWE-1039 | Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations | Class | Simple | Incomplete | |
| Weakness | CWE-1044 | Architecture with Number of Horizontal Layers Outside of Expected Range | Base | Simple | Incomplete | |
| Weakness | CWE-1059 | Insufficient Technical Documentation | Class | Simple | Incomplete | |
| Weakness | CWE-1173 | Improper Use of Validation Framework | Base | Simple | Draft | |
| Weakness | CWE-1176 | Inefficient CPU Computation | Class | Simple | Incomplete | |
| Weakness | CWE-1189 | Improper Isolation of Shared Resources on System-on-a-Chip (SoC) | Base | Simple | Stable | |
| Weakness | CWE-1190 | DMA Device Enabled Too Early in Boot Phase | Base | Simple | Draft | |
| Weakness | CWE-1191 | On-Chip Debug and Test Interface With Improper Access Control | Base | Simple | Stable | |
| Weakness | CWE-1192 | Improper Identifier for IP Block used in System-On-Chip (SOC) | Base | Simple | Draft | |
| Weakness | CWE-1209 | Failure to Disable Reserved Bits | Base | Simple | Incomplete | |
| Weakness | CWE-1220 | Insufficient Granularity of Access Control | Base | Simple | Incomplete | |
| Weakness | CWE-1223 | Race Condition for Write-Once Attributes | Base | Simple | Incomplete | |
| Weakness | CWE-1224 | Improper Restriction of Write-Once Bit Fields | Base | Simple | Incomplete | |
| Weakness | CWE-1230 | Exposure of Sensitive Information Through Metadata | Base | Simple | Incomplete | |
| Weakness | CWE-1231 | Improper Prevention of Lock Bit Modification | Base | Simple | Stable | |
| Weakness | CWE-1232 | Improper Lock Behavior After Power State Transition | Base | Simple | Incomplete | |
| Weakness | CWE-1233 | Security-Sensitive Hardware Controls with Missing Lock Bit Protection | Base | Simple | Stable | |
| Weakness | CWE-1234 | Hardware Internal or Debug Modes Allow Override of Locks | Base | Simple | Incomplete | |
| Weakness | CWE-1240 | Use of a Cryptographic Primitive with a Risky Implementation | Base | Simple | Draft | |
| Weakness | CWE-1241 | Use of Predictable Algorithm in Random Number Generator | Base | Simple | Draft | |
| Weakness | CWE-1242 | Inclusion of Undocumented Features or Chicken Bits | Base | Simple | Incomplete | |
| Weakness | CWE-1243 | Sensitive Non-Volatile Information Not Protected During Debug | Base | Simple | Incomplete | |
| Weakness | CWE-1244 | Internal Asset Exposed to Unsafe Debug Access Level or State | Base | Simple | Stable | |
| Weakness | CWE-1245 | Improper Finite State Machines (FSMs) in Hardware Logic | Base | Simple | Incomplete | |
| Weakness | CWE-1246 | Improper Write Handling in Limited-write Non-Volatile Memories | Base | Simple | Incomplete | |
| Weakness | CWE-1249 | Application-Level Admin Tool with Inconsistent View of Underlying Operating System | Base | Simple | Incomplete | |
| Weakness | CWE-1252 | CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations | Base | Simple | Incomplete | |
| Weakness | CWE-1253 | Incorrect Selection of Fuse Values | Base | Simple | Draft | |
| Weakness | CWE-1254 | Incorrect Comparison Logic Granularity | Base | Simple | Draft | |
| Weakness | CWE-1256 | Improper Restriction of Software Interfaces to Hardware Features | Base | Simple | Stable | |
| Weakness | CWE-1257 | Improper Access Control Applied to Mirrored or Aliased Memory Regions | Base | Simple | Incomplete | |
| Weakness | CWE-1258 | Exposure of Sensitive System Information Due to Uncleared Debug Information | Base | Simple | Draft | |
| Weakness | CWE-1259 | Improper Restriction of Security Token Assignment | Base | Simple | Incomplete | |
| Weakness | CWE-1260 | Improper Handling of Overlap Between Protected Memory Ranges | Base | Simple | Stable | |
| Weakness | CWE-1261 | Improper Handling of Single Event Upsets | Base | Simple | Draft | |
| Weakness | CWE-1262 | Improper Access Control for Register Interface | Base | Simple | Stable | |
| Weakness | CWE-1263 | Improper Physical Access Control | Class | Simple | Incomplete | |
| Weakness | CWE-1264 | Hardware Logic with Insecure De-Synchronization between Control and Data Channels | Base | Simple | Incomplete | |
| Weakness | CWE-1266 | Improper Scrubbing of Sensitive Data from Decommissioned Device | Base | Simple | Incomplete | |
| Weakness | CWE-1267 | Policy Uses Obsolete Encoding | Base | Simple | Draft | |
| Weakness | CWE-1268 | Policy Privileges are not Assigned Consistently Between Control and Data Agents | Base | Simple | Draft | |
| Weakness | CWE-1270 | Generation of Incorrect Security Tokens | Base | Simple | Incomplete | |
| Weakness | CWE-1272 | Sensitive Information Uncleared Before Debug/Power State Transition | Base | Simple | Stable | |
| Weakness | CWE-1274 | Improper Access Control for Volatile Memory Containing Boot Code | Base | Simple | Stable | |
| Weakness | CWE-1277 | Firmware Not Updateable | Base | Simple | Draft | |
| Weakness | CWE-1278 | Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques | Base | Simple | Incomplete | |
| Weakness | CWE-1279 | Cryptographic Operations are run Before Supporting Units are Ready | Base | Simple | Incomplete | |
| Weakness | CWE-1281 | Sequence of Processor Instructions Leads to Unexpected Behavior | Base | Simple | Incomplete | |
| Weakness | CWE-1283 | Mutable Attestation or Measurement Reporting Data | Base | Simple | Incomplete | |
| Weakness | CWE-1290 | Incorrect Decoding of Security Identifiers | Base | Simple | Incomplete | |
| Weakness | CWE-1292 | Incorrect Conversion of Security Identifiers | Base | Simple | Draft | |
| Weakness | CWE-1293 | Missing Source Correlation of Multiple Independent Data | Base | Simple | Draft | |
| Weakness | CWE-1294 | Insecure Security Identifier Mechanism | Class | Simple | Incomplete | |
| Weakness | CWE-1298 | Hardware Logic Contains Race Conditions | Base | Simple | Draft | |
| Weakness | CWE-1299 | Missing Protection Mechanism for Alternate Hardware Interface | Base | Simple | Draft | |
| Weakness | CWE-1302 | Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC) | Base | Simple | Incomplete | |
| Weakness | CWE-1303 | Non-Transparent Sharing of Microarchitectural Resources | Base | Simple | Draft | |
| Weakness | CWE-1304 | Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation | Base | Simple | Draft | |
| Weakness | CWE-1310 | Missing Ability to Patch ROM Code | Base | Simple | Draft | |
| Weakness | CWE-1311 | Improper Translation of Security Attributes by Fabric Bridge | Base | Simple | Draft | |
| Weakness | CWE-1312 | Missing Protection for Mirrored Regions in On-Chip Fabric Firewall | Base | Simple | Draft | |
| Weakness | CWE-1313 | Hardware Allows Activation of Test or Debug Logic at Runtime | Base | Simple | Draft | |
| Weakness | CWE-1314 | Missing Write Protection for Parametric Data Values | Base | Simple | Draft | |
| Weakness | CWE-1315 | Improper Setting of Bus Controlling Capability in Fabric End-point | Base | Simple | Incomplete | |
| Weakness | CWE-1316 | Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges | Base | Simple | Draft | |
| Weakness | CWE-1317 | Improper Access Control in Fabric Bridge | Base | Simple | Draft | |
| Weakness | CWE-1318 | Missing Support for Security Features in On-chip Fabrics or Buses | Base | Simple | Incomplete | |
| Weakness | CWE-1319 | Improper Protection against Electromagnetic Fault Injection (EM-FI) | Base | Simple | Incomplete | |
| Weakness | CWE-1320 | Improper Protection for Outbound Error Messages and Alert Signals | Base | Simple | Draft | |
| Weakness | CWE-1323 | Improper Management of Sensitive Trace Data | Base | Simple | Draft | |
| Weakness | CWE-1326 | Missing Immutable Root of Trust in Hardware | Base | Simple | Draft | |
| Weakness | CWE-1328 | Security Version Number Mutable to Older Versions | Base | Simple | Draft | |
| Weakness | CWE-1329 | Reliance on Component That is Not Updateable | Base | Simple | Incomplete | |
| Weakness | CWE-1331 | Improper Isolation of Shared Resources in Network On Chip (NoC) | Base | Simple | Stable | |
| Weakness | CWE-1332 | Improper Handling of Faults that Lead to Instruction Skips | Base | Simple | Stable | |
| Weakness | CWE-1334 | Unauthorized Error Injection Can Degrade Hardware Redundancy | Base | Simple | Draft | |
| Weakness | CWE-1336 | Improper Neutralization of Special Elements Used in a Template Engine | Base | Simple | Incomplete | |
| Weakness | CWE-1338 | Improper Protections Against Hardware Overheating | Base | Simple | Draft | |
| Weakness | CWE-1342 | Information Exposure through Microarchitectural State after Transient Execution | Base | Simple | Incomplete | |
| Weakness | CWE-1351 | Improper Handling of Hardware Behavior in Exceptionally Cold Environments | Base | Simple | Incomplete | |
| Weakness | CWE-1357 | Reliance on Insufficiently Trustworthy Component | Class | Simple | Incomplete | |
| Weakness | CWE-1384 | Improper Handling of Physical or Environmental Conditions | Class | Simple | Incomplete | |
| Weakness | CWE-1390 | Weak Authentication | Class | Simple | Incomplete | |
| Weakness | CWE-1391 | Use of Weak Credentials | Class | Simple | Incomplete | |
| Weakness | CWE-1392 | Use of Default Credentials | Base | Simple | Incomplete | |
| Weakness | CWE-1393 | Use of Default Password | Base | Simple | Incomplete | |
| Weakness | CWE-1394 | Use of Default Cryptographic Key | Base | Simple | Incomplete | |
| Weakness | CWE-1395 | Dependency on Vulnerable Third-Party Component | Class | Simple | Incomplete | |
| Weakness | CWE-1420 | Exposure of Sensitive Information during Transient Execution | Base | Simple | Incomplete | |
| Weakness | CWE-1421 | Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution | Base | Simple | Incomplete | |
| Weakness | CWE-1422 | Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution | Base | Simple | Incomplete | |
| Weakness | CWE-1423 | Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution | Base | Simple | Incomplete | |
| Weakness | CWE-1426 | Improper Validation of Generative AI Output | Base | Simple | Incomplete |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...