CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-1423 | Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution | Vulnerabilities |
CWE-1422 | Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution | Vulnerabilities |
CWE-1421 | Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution | Vulnerabilities |
CWE-1420 | Exposure of Sensitive Information during Transient Execution | Vulnerabilities |
CWE-1419 | Incorrect Initialization of Resource | Vulnerabilities |
CWE-1395 | Dependency on Vulnerable Third-Party Component | Vulnerabilities |
CWE-1394 | Use of Default Cryptographic Key | Vulnerabilities |
CWE-1393 | Use of Default Password | Vulnerabilities |
CWE-1392 | Use of Default Credentials | Vulnerabilities |
CWE-1391 | Use of Weak Credentials | Vulnerabilities |
CWE-1390 | Weak Authentication | Vulnerabilities |
CWE-1389 | Incorrect Parsing of Numbers with Different Radices | Vulnerabilities |
CWE-1386 | Insecure Operation on Windows Junction / Mount Point | Vulnerabilities |
CWE-1385 | Missing Origin Validation in WebSockets | Vulnerabilities |
CWE-1384 | Improper Handling of Physical or Environmental Conditions | Vulnerabilities |
CWE-1357 | Reliance on Insufficiently Trustworthy Component | Vulnerabilities |
CWE-1351 | Improper Handling of Hardware Behavior in Exceptionally Cold Environments | Vulnerabilities |
CWE-1342 | Information Exposure through Microarchitectural State after Transient Execution | Vulnerabilities |
CWE-1341 | Multiple Releases of Same Resource or Handle | Vulnerabilities |
CWE-1339 | Insufficient Precision or Accuracy of a Real Number | Vulnerabilities |
CWE-1338 | Improper Protections Against Hardware Overheating | Vulnerabilities |
CWE-1336 | Improper Neutralization of Special Elements Used in a Template Engine | Vulnerabilities |
CWE-1335 | Incorrect Bitwise Shift of Integer | Vulnerabilities |
CWE-1334 | Unauthorized Error Injection Can Degrade Hardware Redundancy | Vulnerabilities |
CWE-1333 | Inefficient Regular Expression Complexity | Vulnerabilities |
CWE-1332 | Improper Handling of Faults that Lead to Instruction Skips | Vulnerabilities |
CWE-1331 | Improper Isolation of Shared Resources in Network On Chip (NoC) | Vulnerabilities |
CWE-1330 | Remanent Data Readable after Memory Erase | Vulnerabilities |
CWE-1329 | Reliance on Component That is Not Updateable | Vulnerabilities |
CWE-1328 | Security Version Number Mutable to Older Versions | Vulnerabilities |
CWE-1327 | Binding to an Unrestricted IP Address | Vulnerabilities |
CWE-1326 | Missing Immutable Root of Trust in Hardware | Vulnerabilities |
CWE-1325 | Improperly Controlled Sequential Memory Allocation | Vulnerabilities |
CWE-1323 | Improper Management of Sensitive Trace Data | Vulnerabilities |
CWE-1322 | Use of Blocking Code in Single-threaded, Non-blocking Context | Vulnerabilities |
CWE-1321 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | Vulnerabilities |
CWE-1320 | Improper Protection for Outbound Error Messages and Alert Signals | Vulnerabilities |
CWE-1319 | Improper Protection against Electromagnetic Fault Injection (EM-FI) | Vulnerabilities |
CWE-1318 | Missing Support for Security Features in On-chip Fabrics or Buses | Vulnerabilities |
CWE-1317 | Improper Access Control in Fabric Bridge | Vulnerabilities |
CWE-1316 | Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges | Vulnerabilities |
CWE-1315 | Improper Setting of Bus Controlling Capability in Fabric End-point | Vulnerabilities |
CWE-1314 | Missing Write Protection for Parametric Data Values | Vulnerabilities |
CWE-1313 | Hardware Allows Activation of Test or Debug Logic at Runtime | Vulnerabilities |
CWE-1312 | Missing Protection for Mirrored Regions in On-Chip Fabric Firewall | Vulnerabilities |
CWE-1311 | Improper Translation of Security Attributes by Fabric Bridge | Vulnerabilities |
CWE-1310 | Missing Ability to Patch ROM Code | Vulnerabilities |
CWE-1304 | Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation | Vulnerabilities |
CWE-1303 | Non-Transparent Sharing of Microarchitectural Resources | Vulnerabilities |
CWE-1302 | Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC) | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.