970 indexed
CWECWE weaknesses
970 MITRE CWE entries — software weakness types that underlie vulnerabilities (CVE→CWE link). Filter by category. Authored by Adam Lundqvist.
26 in Config · 970 total
| ID | Title | Summary |
|---|---|---|
| CWE-1051 | Initialization with Hard-Coded Network Resource Configuration Data | The product initializes data using hard-coded values that act as network resource identifiers. |
| CWE-11 | ASP.NET Misconfiguration: Creating Debug Binary | Debugging messages help attackers learn about the system and plan a form of attack. ASP .NET applications can be configured to produce debug binaries. These b… |
| CWE-1174 | ASP.NET Misconfiguration: Improper Model Validation | The ASP.NET application does not use, or incorrectly uses, the model validation framework. |
| CWE-1188 | Initialization of a Resource with an Insecure Default | The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the defa… |
| CWE-1191 | On-Chip Debug and Test Interface With Improper Access Control | The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes thro… |
| CWE-12 | ASP.NET Misconfiguration: Missing Custom Error Page | An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses. |
| CWE-1221 | Incorrect Register Defaults or Module Parameters | Hardware description language code incorrectly defines register defaults or hardware Intellectual Property (IP) parameters to insecure values. |
| CWE-1234 | Hardware Internal or Debug Modes Allow Override of Locks | System configuration protection may be bypassed during debug mode. |
| CWE-1244 | Internal Asset Exposed to Unsafe Debug Access Level or State | The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an i… |
| CWE-1252 | CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations | The CPU is not configured to provide hardware support for exclusivity of write and execute operations on memory. This allows an attacker to execute data from a… |
| CWE-1269 | Product Released in Non-Release Configuration | The product released to market is released in pre-production or manufacturing configuration. |
| CWE-1291 | Public Key Re-Use for Signing both Debug and Production Code | The same public key is used for signing both debug and production code. |
| CWE-1295 | Debug Messages Revealing Unnecessary Information | The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages. |
| CWE-1296 | Incorrect Chaining or Granularity of Debug Components | The product's debug components contain incorrect chaining or granularity of debug components. |
| CWE-1304 | Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation | The product performs a power save/restore operation, but it does not ensure that the integrity of the configuration state is maintained… |
| CWE-1313 | Hardware Allows Activation of Test or Debug Logic at Runtime | During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can al… |
| CWE-1394 | Use of Default Cryptographic Key | The product uses a default cryptographic key for potentially critical functionality. It is common practice for products to be designed to use default keys.… |
| CWE-15 | External Control of System or Configuration Setting | One or more system settings or configuration elements can be externally controlled by a user. Allowing external control of system settings can disrupt service… |
| CWE-453 | Insecure Default Variable Initialization | The product, by default, initializes an internal variable with an insecure or less secure value than is possible. |
| CWE-478 | Missing Default Case in Multiple Condition Expression | The code does not have a default case in an expression with multiple conditions, such as a switch statement. If a multiple-condition expression (such as a swi… |
| CWE-489 | Active Debug Code | The product is released with debugging code still enabled or active. |
| CWE-520 | .NET Misconfiguration: Use of Impersonation | Allowing a .NET application to run at potentially escalated levels of access to the underlying operating and file systems can be dangerous and result in variou… |
| CWE-554 | ASP.NET Misconfiguration: Not Using Input Validation Framework | The ASP.NET application does not use an input validation framework. |
| CWE-556 | ASP.NET Misconfiguration: Use of Identity Impersonation | Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges. The use of impersonated credentials a… |
| CWE-7 | J2EE Misconfiguration: Missing Custom Error Page | The default error page of a web application should not display sensitive information about the product. |
| CWE-8 | J2EE Misconfiguration: Entity Bean Declared Remote | When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean's data. These methods could be leverag… |