CWE-154 – Improper Neutralization of Variable Name Delimiters
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as variable...
CWE-155 – Improper Neutralization of Wildcards or Matching Symbols
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wildcards...
CWE-156 – Improper Neutralization of Whitespace
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as whitespace...
CWE-1327 – Binding to an Unrestricted IP Address
Description The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely. Modes of Introduction: -...
CWE-1328 – Security Version Number Mutable to Older Versions
Description Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions. Modes of Introduction: -...
CWE-1329 – Reliance on Component That is Not Updateable
Description The product contains a component that cannot be updated or patched in order to remove vulnerabilities or significant bugs. Modes of Introduction: - Requirements...
CWE-1330 – Remanent Data Readable after Memory Erase
Description Confidential information stored in memory circuits is readable or recoverable after being cleared or erased. Modes of Introduction: - Architecture and Design ...
CWE-1331 – Improper Isolation of Shared Resources in Network On Chip (NoC)
Description The Network On Chip (NoC) does not isolate or incorrectly isolates its on-chip-fabric and internal resources such that they are shared between trusted and...
CWE-1332 – Improper Handling of Faults that Lead to Instruction Skips
Description The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur. Modes...
CWE-1333 – Inefficient Regular Expression Complexity
Description The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. Some regular expression engines have...