CWE-1336 – Improper Neutralization of Special Elements Used in a Template Engine
Description The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax...
CWE-1335 – Incorrect Bitwise Shift of Integer
Description An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits...
CWE-1334 – Unauthorized Error Injection Can Degrade Hardware Redundancy
Description An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating...
CWE-1333 – Inefficient Regular Expression Complexity
Description The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. Some regular expression engines have...
CWE-1332 – Improper Handling of Faults that Lead to Instruction Skips
Description The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur. Modes...
CWE-1331 – Improper Isolation of Shared Resources in Network On Chip (NoC)
Description The Network On Chip (NoC) does not isolate or incorrectly isolates its on-chip-fabric and internal resources such that they are shared between trusted and...
CWE-1330 – Remanent Data Readable after Memory Erase
Description Confidential information stored in memory circuits is readable or recoverable after being cleared or erased. Modes of Introduction: - Architecture and Design ...
CWE-1329 – Reliance on Component That is Not Updateable
Description The product contains a component that cannot be updated or patched in order to remove vulnerabilities or significant bugs. Modes of Introduction: - Requirements...
CWE-1328 – Security Version Number Mutable to Older Versions
Description Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions. Modes of Introduction: -...
CWE-1327 – Binding to an Unrestricted IP Address
Description The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely. Modes of Introduction: -...
