CWE-1275 – Sensitive Cookie with Improper SameSite Attribute
Description The SameSite attribute for sensitive cookies is not set, or an insecure value is used. The SameSite attribute controls how cookies are sent for...
CWE-1274 – Improper Access Control for Volatile Memory Containing Boot Code
Description The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient...
CWE-1273 – Device Unlock Credential Sharing
Description The credentials necessary for unlocking a device are shared across multiple parties and may expose sensitive information. Modes of Introduction: - Integration ...
CWE-1272 – Sensitive Information Uncleared Before Debug/Power State Transition
Description The product performs a power or debug state transition, but it does not clear sensitive information that should no longer be accessible due to...
CWE-1271 – Uninitialized Value on Reset for Registers Holding Security Settings
Description Security-critical logic is not set to a known value on reset. Modes of Introduction: - Implementation Related Weaknesses CWE-665 Consequences Access...
CWE-1270 – Generation of Incorrect Security Tokens
Description The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the...
CWE-127 – Buffer Under-read
Description The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer....
CWE-1269 – Product Released in Non-Release Configuration
Description The product released to market is released in pre-production or manufacturing configuration. Modes of Introduction: - Implementation Related Weaknesses CWE-693 Consequences...
CWE-1268 – Policy Privileges are not Assigned Consistently Between Control and Data Agents
Description The product's hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies. Modes of Introduction: - Architecture...
CWE-1267 – Policy Uses Obsolete Encoding
Description The product uses an obsolete encoding mechanism to implement access controls. Modes of Introduction: - Architecture and Design Related Weaknesses CWE-284 ...