|
CWE ID
|
Description
|
| CWE-276 |
Incorrect Default Permissions |
| CWE-285 |
Improper Authorization |
| CWE-434 |
Unrestricted Upload of File with Dangerous Type |
| CWE-693 |
Protection Mechanism Failure |
| CWE-721 |
OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access |
| CWE-732 |
Incorrect Permission Assignment for Critical Resource |
| CWE-1191 |
Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization |
| CWE-1193 |
Power-On of Untrusted Execution Core Before Enabling Fabric Access Control |
| CWE-1220 |
Insufficient Granularity of Access Control |
| CWE-1224 |
Improper Restriction of Write-Once Bit Fields |
| CWE-1244 |
Improper Access to Sensitive Information Using Debug and Test Interfaces |
| CWE-1252 |
CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations |
| CWE-1257 |
Improper Access Control Applied to Mirrored or Aliased Memory Regions |
| CWE-1262 |
Register Interface Allows Software Access to Sensitive Data or Security Settings |
| CWE-1268 |
Policy Privileges are not Assigned Consistently Between Control and Data Agents |
| CWE-1283 |
Mutable Attestation or Measurement Reporting Data |
| CWE-1311 |
Improper Translation of Security Attributes by Fabric Bridge |
| CWE-1312 |
Missing Protection for Mirrored Regions in On-Chip Fabric Firewall |
| CWE-1313 |
Hardware Allows Activation of Test or Debug Logic at Runtime |
| CWE-1314 |
Missing Write Protection for Parametric Data Values |
| CWE-1315 |
Improper Setting of Bus Controlling Capability in Fabric End-point |
| CWE-1318 |
Missing Support for Security Features in On-chip Fabrics or Buses |
| CWE-1320 |
Improper Protection for Out of Bounds Signal Level Alerts |
| CWE-1321 |
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') |
| CWE-1326 |
Missing Immutable Root of Trust in Hardware |
| CWE-1327 |
Binding to an Unrestricted IP Address |