| CWE-1188 |
The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure. |
| CWE-1189 |
The product does not properly isolate shared resources between trusted and untrusted agents. |
| CWE-119 |
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. |
| CWE-1190 |
The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data from or gain privileges on the product. |
| CWE-1191 |
The chip does not implement or does not correctly
enforce access control on the debug/test interface, thus allowing an
attacker to exercise the debug/test interface to access a portion of
the chip internal registers that typically would not be
exposed. |
| CWE-1192 |
The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components. |
| CWE-1193 |
The product enables components that contain untrusted firmware before memory and fabric access controls have been enabled. |
| CWE-12 |
An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses. |
| CWE-120 |
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. |
| CWE-1209 |
The reserved bits in a hardware design are not disabled prior to production. Typically, reserved bits are used for future capabilities and should not support any functional logic in the design. However, designers might covertly use these bits to debug or further develop new capabilities in production hardware. Adversaries with access to these bits will write to them in hopes of compromising hardware state. |
