CWE-12 – ASP.NET Misconfiguration: Missing Custom Error Page
Description An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses. The mode...
CWE-120 – Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
Description The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size...
CWE-1204 – Generation of Weak Initialization Vector (IV)
Description The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or...
CWE-1209 – Failure to Disable Reserved Bits
Description The reserved bits in a hardware design are not disabled prior to production. Typically, reserved bits are used for future capabilities and should not...
CWE-121 – Stack-based Buffer Overflow
Description A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or,...
CWE-122 – Heap-based Buffer Overflow
Description A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally...
CWE-1220 – Insufficient Granularity of Access Control
Description The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets...
CWE-1221 – Incorrect Register Defaults or Module Parameters
Description Hardware description language code incorrectly defines register defaults or hardware IP parameters to insecure values. Modes of Introduction: - Implementation Related Weaknesses...
CWE-1222 – Insufficient Granularity of Address Regions Protected by Register Locks
Description The product defines a large address region protected from modification by the same register lock control bit. This results in a conflict between the...
CWE-1223 – Race Condition for Write-Once Attributes
Description A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition...