CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-1251 | Mirrored Regions with Different Values | Vulnerabilities |
CWE-1250 | Improper Preservation of Consistency Between Independent Representations of Shared State | Vulnerabilities |
CWE-1249 | Application-Level Admin Tool with Inconsistent View of Underlying Operating System | Vulnerabilities |
CWE-1248 | Semiconductor Defects in Hardware Logic with Security-Sensitive Implications | Vulnerabilities |
CWE-1247 | Improper Protection Against Voltage and Clock Glitches | Vulnerabilities |
CWE-1246 | Improper Write Handling in Limited-write Non-Volatile Memories | Vulnerabilities |
CWE-1245 | Improper Finite State Machines (FSMs) in Hardware Logic | Vulnerabilities |
CWE-1244 | Internal Asset Exposed to Unsafe Debug Access Level or State | Vulnerabilities |
CWE-1243 | Sensitive Non-Volatile Information Not Protected During Debug | Vulnerabilities |
CWE-1242 | Inclusion of Undocumented Features or Chicken Bits | Vulnerabilities |
CWE-1241 | Use of Predictable Algorithm in Random Number Generator | Vulnerabilities |
CWE-1240 | Use of a Cryptographic Primitive with a Risky Implementation | Vulnerabilities |
CWE-1239 | Improper Zeroization of Hardware Register | Vulnerabilities |
CWE-1236 | Improper Neutralization of Formula Elements in a CSV File | Vulnerabilities |
CWE-1235 | Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations | Vulnerabilities |
CWE-1234 | Hardware Internal or Debug Modes Allow Override of Locks | Vulnerabilities |
CWE-1233 | Security-Sensitive Hardware Controls with Missing Lock Bit Protection | Vulnerabilities |
CWE-1232 | Improper Lock Behavior After Power State Transition | Vulnerabilities |
CWE-1231 | Improper Prevention of Lock Bit Modification | Vulnerabilities |
CWE-1230 | Exposure of Sensitive Information Through Metadata | Vulnerabilities |
CWE-1229 | Creation of Emergent Resource | Vulnerabilities |
CWE-1224 | Improper Restriction of Write-Once Bit Fields | Vulnerabilities |
CWE-1223 | Race Condition for Write-Once Attributes | Vulnerabilities |
CWE-1222 | Insufficient Granularity of Address Regions Protected by Register Locks | Vulnerabilities |
CWE-1221 | Incorrect Register Defaults or Module Parameters | Vulnerabilities |
CWE-1220 | Insufficient Granularity of Access Control | Vulnerabilities |
CWE-1209 | Failure to Disable Reserved Bits | Vulnerabilities |
CWE-1204 | Generation of Weak Initialization Vector (IV) | Vulnerabilities |
CWE-1193 | Power-On of Untrusted Execution Core Before Enabling Fabric Access Control | Vulnerabilities |
CWE-1192 | Improper Identifier for IP Block used in System-On-Chip (SOC) | Vulnerabilities |
CWE-1191 | On-Chip Debug and Test Interface With Improper Access Control | Vulnerabilities |
CWE-1190 | DMA Device Enabled Too Early in Boot Phase | Vulnerabilities |
CWE-1189 | Improper Isolation of Shared Resources on System-on-a-Chip (SoC) | Vulnerabilities |
CWE-1188 | Initialization of a Resource with an Insecure Default | Vulnerabilities |
CWE-1177 | Use of Prohibited Code | Vulnerabilities |
CWE-1176 | Inefficient CPU Computation | Vulnerabilities |
CWE-1174 | ASP.NET Misconfiguration: Improper Model Validation | Vulnerabilities |
CWE-1173 | Improper Use of Validation Framework | Vulnerabilities |
CWE-1164 | Irrelevant Code | Vulnerabilities |
CWE-1127 | Compilation with Insufficient Warnings or Errors | Vulnerabilities |
CWE-1126 | Declaration of Variable with Unnecessarily Wide Scope | Vulnerabilities |
CWE-1125 | Excessive Attack Surface | Vulnerabilities |
CWE-1124 | Excessively Deep Nesting | Vulnerabilities |
CWE-1123 | Excessive Use of Self-Modifying Code | Vulnerabilities |
CWE-1122 | Excessive Halstead Complexity | Vulnerabilities |
CWE-1121 | Excessive McCabe Cyclomatic Complexity | Vulnerabilities |
CWE-1120 | Excessive Code Complexity | Vulnerabilities |
CWE-1119 | Excessive Use of Unconditional Branching | Vulnerabilities |
CWE-1118 | Insufficient Documentation of Error Handling Techniques | Vulnerabilities |
CWE-1117 | Callable with Insufficient Behavioral Summary | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.