|
CWE-276
|
Incorrect Default Permissions
|
|
CWE-285
|
Improper Authorization
|
|
CWE-434
|
Unrestricted Upload of File with Dangerous Type
|
|
CWE-693
|
Protection Mechanism Failure
|
|
CWE-721
|
OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
|
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
CWE-1191
|
Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization
|
|
CWE-1193
|
Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
|
|
CWE-1220
|
Insufficient Granularity of Access Control
|
|
CWE-1224
|
Improper Restriction of Write-Once Bit Fields
|
|
CWE-1244
|
Improper Access to Sensitive Information Using Debug and Test Interfaces
|
|
CWE-1252
|
CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
|
|
CWE-1257
|
Improper Access Control Applied to Mirrored or Aliased Memory Regions
|
|
CWE-1262
|
Register Interface Allows Software Access to Sensitive Data or Security Settings
|
|
CWE-1268
|
Policy Privileges are not Assigned Consistently Between Control and Data Agents
|
|
CWE-1283
|
Mutable Attestation or Measurement Reporting Data
|
|
CWE-1311
|
Improper Translation of Security Attributes by Fabric Bridge
|
|
CWE-1312
|
Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
|
|
CWE-1313
|
Hardware Allows Activation of Test or Debug Logic at Runtime
|
|
CWE-1314
|
Missing Write Protection for Parametric Data Values
|
|
CWE-1315
|
Improper Setting of Bus Controlling Capability in Fabric End-point
|
|
CWE-1318
|
Missing Support for Security Features in On-chip Fabrics or Buses
|
|
CWE-1320
|
Improper Protection for Out of Bounds Signal Level Alerts
|
|
CWE-1321
|
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
|
CWE-1326
|
Missing Immutable Root of Trust in Hardware
|
|
CWE-1327
|
Binding to an Unrestricted IP Address
|