CWE-1325 – Improperly Controlled Sequential Memory Allocation
Description The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit...
CWE-1326 – Missing Immutable Root of Trust in Hardware
Description A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code....
CWE-1287 – Improper Validation of Specified Type of Input
Description The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input...
CWE-1288 – Improper Validation of Consistency within Input
Description The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or...
CWE-1289 – Improper Validation of Unsafe Equivalence in Input
Description The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or...
CWE-129 – Improper Validation of Array Index
Description The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to...
CWE-1290 – Incorrect Decoding of Security Identifiers
Description The product implements a decoding mechanism to decode certain bus-transaction signals to security identifiers. If the decoding is implemented incorrectly, then untrusted agents can...
CWE-1291 – Public Key Re-Use for Signing both Debug and Production Code
Description The same public key is used for signing both debug and production code. Modes of Introduction: - Implementation Related Weaknesses CWE-693 CWE-321...
CWE-1292 – Incorrect Conversion of Security Identifiers
Description The product implements a conversion mechanism to map certain bus-transaction signals to security identifiers. However, if the conversion is incorrectly implemented, untrusted agents can...
CWE-1293 – Missing Source Correlation of Multiple Independent Data
Description The software relies on one source of data, preventing the ability to detect if an adversary has compromised a data source. Modes of Introduction:...