Common Weakness Enumeration: CWE

CWE is a community-developed list of common software and hardware weakness types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities. The CWE List and associated classification taxonomy serve as a language that can be used to identify and describe these weaknesses in terms of CWEs.
CWE Number Name Action
CWE-1290 Incorrect Decoding of Security Identifiers
CWE-1291 Public Key Re-Use for Signing both Debug and Production Code
CWE-1292 Incorrect Conversion of Security Identifiers
CWE-1293 Missing Source Correlation of Multiple Independent Data
CWE-1294 Insecure Security Identifier Mechanism
CWE-1295 Debug Messages Revealing Unnecessary Information
CWE-1296 Incorrect Chaining or Granularity of Debug Components
CWE-1297 Unprotected Confidential Information on Device is Accessible by OSAT Vendors
CWE-1298 Hardware Logic Contains Race Conditions
CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface
CWE-1300 Improper Protection of Physical Side Channels
CWE-1301 Insufficient or Incomplete Data Removal within Hardware Component
CWE-1302 Missing Security Identifier
CWE-1303 Non-Transparent Sharing of Microarchitectural Resources
CWE-1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
CWE-1310 Missing Ability to Patch ROM Code
CWE-1311 Improper Translation of Security Attributes by Fabric Bridge
CWE-1312 Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
CWE-1313 Hardware Allows Activation of Test or Debug Logic at Runtime
CWE-1314 Missing Write Protection for Parametric Data Values
CWE-1315 Improper Setting of Bus Controlling Capability in Fabric End-point
CWE-1316 Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges
CWE-1317 Improper Access Control in Fabric Bridge
CWE-1318 Missing Support for Security Features in On-chip Fabrics or Buses
CWE-1319 Improper Protection against Electromagnetic Fault Injection (EM-FI)
CWE-1320 Improper Protection for Outbound Error Messages and Alert Signals
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-1322 Use of Blocking Code in Single-threaded, Non-blocking Context
CWE-1323 Improper Management of Sensitive Trace Data
CWE-1324 DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface
CWE-1325 Improperly Controlled Sequential Memory Allocation
CWE-1326 Missing Immutable Root of Trust in Hardware
CWE-1327 Binding to an Unrestricted IP Address
CWE-1328 Security Version Number Mutable to Older Versions
CWE-1329 Reliance on Component That is Not Updateable
CWE-1330 Remanent Data Readable after Memory Erase
CWE-1331 Improper Isolation of Shared Resources in Network On Chip (NoC)
CWE-1332 Improper Handling of Faults that Lead to Instruction Skips
CWE-1333 Inefficient Regular Expression Complexity
CWE-1334 Unauthorized Error Injection Can Degrade Hardware Redundancy
CWE-1335 Incorrect Bitwise Shift of Integer
CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine
CWE-1338 Improper Protections Against Hardware Overheating
CWE-1339 Insufficient Precision or Accuracy of a Real Number
CWE-1341 Multiple Releases of Same Resource or Handle
CWE-1342 Information Exposure through Microarchitectural State after Transient Execution
CWE-1351 Improper Handling of Hardware Behavior in Exceptionally Cold Environments
CWE-1357 Reliance on Insufficiently Trustworthy Component
CWE-1384 Improper Handling of Physical or Environmental Conditions
CWE-1385 Missing Origin Validation in WebSockets
Showing 50 of 959 Results