CWE-1249 – Application-Level Admin Tool with Inconsistent View of Underlying Operating System
Description The product provides an application for administrators to manage parts of the underlying operating system, but the application does not accurately identify all of...
CWE-125 – Out-of-bounds Read
Description The software reads data past the end, or before the beginning, of the intended buffer. Typically, this can allow attackers to read sensitive information...
CWE-1188 – Insecure Default Initialization of Resource
Description The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not...
CWE-1189 – Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
Description The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents. Modes of Introduction: - Architecture and Design Related...
CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer
Description The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the...
CWE-1190 – DMA Device Enabled Too Early in Boot Phase
Description The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data...
CWE-1191 – On-Chip Debug and Test Interface With Improper Access Control
Description The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test...
CWE-1192 – System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers
Description The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components. Modes of Introduction: - Architecture and Design Related...
CWE-1193 – Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
Description The product enables components that contain untrusted firmware before memory and fabric access controls have been enabled. Modes of Introduction: Related Weaknesses...
CWE-12 – ASP.NET Misconfiguration: Missing Custom Error Page
Description An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses. The mode...