Entries with Maintenance Notes

The product accesses or uses a pointer that has not been initialized.

The product defines a public method that reads or modifies a private variable.

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is n...

Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-programmed o...

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a...

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a ...

A covert channel is a path that can be used to transfer information in a way not intended by the system's designers.

A covert storage channel transfers information through the setting of bits by one program and the reading of those bits by another. What distinguishes this case from t...

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system beha...

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

The credentials necessary for unlocking a device are shared across multiple parties and may expose sensitive information.

The product does not properly encode or decode the data, resulting in unexpected values.

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of ot...

The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the...

The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sens...

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

The product allows user input to control or influence paths or file names that are used in filesystem operations.

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

The address map of the on-chip fabric has protected and unprotected regions overlapping, allowing an attacker to bypass access control to the overlapping portion of th...

If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments c...

The product calls free() on a pointer to a memory resource that was allocated on the heap, but the pointer is not at the start of the buffer.

The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary ...

The product uses a scheme that generates numbers or identifiers that are more predictable than required.

The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or ...

The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete.

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource th...

The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was no...

True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block.

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may...

The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect...

The product allows address regions to overlap, which can result in the bypassing of intended memory protection.

The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process th...

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from...

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax t...

The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an u...

The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.

The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.

The product is designed with access restricted to certain information, but it does not sufficiently protect against an unauthorized actor with physical access to these...

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed.

The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. ...

The product does not properly provide a capability for the product administrator to remove sensitive data at the time the product is decommissioned. A scrubbing capab...

The product utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not ...

The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that t...

The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or i...

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the...

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the inpu...

The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input ...

The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.

The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but...

The product does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect oper...

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

The product's debug components contain incorrect chaining or granularity of debug components.

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

The product assigns an owner to a resource, but the owner is outside of the intended control sphere.

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.

The product utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource.

The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.

The product does not properly manage a user within its environment.

The processor does not properly clear microarchitectural state after incorrect microcode assists or speculative execution, resulting in transient execution.

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

The product, by default, initializes an internal variable with an insecure or less secure value than is possible.

The product opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside ...

The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entit...

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive ...

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

The product's data removal process does not completely delete all data and potentially sensitive information within hardware components.

The product has a protection mechanism that is too difficult or inconvenient to use, encouraging non-malicious users to disable or bypass the mechanism, whether by acc...

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types.

The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.

Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as sca...

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.

The product locks a critical resource more times than intended, leading to an unexpected state in the system.

The product unlocks a critical resource more times than intended, leading to an unexpected state in the system.

The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.

Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts.

The product does not properly verify that the source of data or communication is valid.

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '...' (triple dot) sequences ...

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '....' (multiple dot) sequenc...

The product's hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies.

An exact value or random number can be precisely predicted by observing previous values.

A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc.

A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.

The product's random number generator produces a series of values which, when observed, can be used to infer a relatively small range of possibilities for the next val...

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) o...

The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is re...

Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user.

The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make...

The product uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated...

The product is built from multiple separate components, but it uses a component that is not sufficiently trusted to meet expectations for security, reliability, update...

The product performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address i...

A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.

A Pseudo-Random Number Generator (PRNG) uses the same seed each time the product is initialized.

The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in th...

A Pseudo-Random Number Generator (PRNG) uses a relatively small seed space, which makes it more susceptible to brute force attacks.

The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypte...

The product has a validator form that either does not define a validate() method, or defines a validate() method but does not call super.validate().

The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is i...

The Servlet does not catch all exceptions, which may reveal sensitive debugging information.

[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to in...

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, ev...

The product performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative, ...

Security-critical logic is not set to a known value on reset.

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request bef...

The product does not adequately protect confidential information on the device from being accessed by Outsourced Semiconductor Assembly and Test (OSAT) vendors.

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access re...

The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

The product uses a broken or risky cryptographic algorithm or protocol.

To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptog...

The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product uses a predictable salt as part of th...

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to exter...

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the result...

The product invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible size, such as PATH_MAX.

The device uses an algorithm that is predictable and generates a pseudo-random number.

The product uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably...

The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is oft...

The product violates well-established principles for secure design.

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is p...

Weaknesses in this category are related to the "ICS Communications" super category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in Mar...

Weaknesses in this category are related to the "Frail Security in Protocols" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in ...

Weaknesses in this category are related to the "Unreliability" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March 2022: "V...

Weaknesses in this category are related to the "Zone Boundary Failures" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March...

Weaknesses in this category are related to the "ICS Dependencies (& Architecture)" super category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as p...

Weaknesses in this category are related to the "External Digital Systems" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in Mar...

Weaknesses in this category are related to the "External Physical Systems" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in Ma...

Weaknesses in this category are related to the "Gaps in Details/Data" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March 2...

Weaknesses in this category are related to the "Inherent Predictability in Design" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as publish...

Weaknesses in this category are related to the "Maker Breaker Blindness" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in Marc...

Weaknesses in this category are related to the "Security Gaps in Commissioning" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published ...

Weaknesses in this category are related to the "Trust Model Problems" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March 2...

Weaknesses in this category are related to the "ICS Engineering (Constructions/Deployment)" super category from the SEI ETF "Categories of Security Vulnerabilities in ...

Weaknesses in this category are related to the "ICS Operations (& Maintenance)" super category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as publ...

Weaknesses in this category are related to the "Compliance/Conformance with Regulatory Requirements" category from the SEI ETF "Categories of Security Vulnerabilities ...

Weaknesses in this category are related to the "Emerging Energy Technologies" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in...

Weaknesses in this category are related to the "Exploitable Standard Operational Procedures" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" ...

Weaknesses in this category are related to the "Gaps in obligations and training" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as publishe...

Weaknesses in this category are related to the "Human factors in ICS environments" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as publish...

Weaknesses in this category are related to the "Post-analysis changes" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March ...

Weaknesses in this category are related to the "ICS Supply Chain" super category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March...

Weaknesses in this category are related to the "Common Mode Frailties" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in March ...

Weaknesses in this category are related to the "IT/OT Convergence/Expansion" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as published in ...

Weaknesses in this category are related to the "OT Counterfeit and Malicious Corruption" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" as p...

Weaknesses in this category are related to the "Poorly Documented or Undocumented Features" category from the SEI ETF "Categories of Security Vulnerabilities in ICS" a...

Weaknesses in this category are related to the A01 category "Broken Access Control" in the OWASP Top Ten 2021.

Weaknesses in this category are related to the A02 category "Cryptographic Failures" in the OWASP Top Ten 2021.

Weaknesses in this category are related to the A03 category "Injection" in the OWASP Top Ten 2021.

Weaknesses in this category are related to the A04 "Insecure Design" category in the OWASP Top Ten 2021.

Weaknesses in this category are related to the A05 category "Security Misconfiguration" in the OWASP Top Ten 2021.

Weaknesses in this category are related to the A06 category "Vulnerable and Outdated Components" in the OWASP Top Ten 2021.

Weaknesses in this category are related to the A07 category "Identification and Authentication Failures" in the OWASP Top Ten 2021.

Weaknesses in this category are related to the A08 category "Software and Data Integrity Failures" in the OWASP Top Ten 2021.

Weaknesses in this category are related to the A09 category "Security Logging and Monitoring Failures" in the OWASP Top Ten 2021.

Weaknesses in this category are related to the A10 category "Server-Side Request Forgery (SSRF)" in the OWASP Top Ten 2021.

Weaknesses in this category are related to the improper handling of signals.

Weaknesses in this category are typically introduced during the configuration of the software.

Weaknesses in this category are related to errors in the management of cryptographic keys.

Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

This view (slice) covers weaknesses that are addressed by following requirements in the ISA/IEC 62443 series of standards for industrial automation and control systems...

CWE entries in this view (graph) may be used to categorize potential weaknesses within sources that handle public, third-party vulnerability information, such as the N...

CWE entries in this view (graph) are associated with the OWASP Top Ten, as released in 2021.

CWE entries in this view (graph) are associated with the Categories of Security Vulnerabilities in ICS, as published by the Securing Energy Infrastructure Executive Ta...

CWE nodes in this view (slice) were used by NIST to categorize vulnerabilities within NVD, from 2008 to 2016. This original version has been used by many other projects.