CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)
The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.
0 1 0 0 1
CWE-187 Partial String Comparison
The software performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.
0 0 1 0 1
CWE-24 Path Traversal: '../filedir'
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ../ sequences that can resolve to a location that is outside of that directory.
0 0 1 0 1
CWE-424 Improper Protection of Alternate Path
The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
0 0 1 0 1
CWE-1283 Mutable Attestation or Measurement Reporting Data
The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.
1 0 0 0 1
CWE-395 Use of NullPointerException Catch to Detect NULL Pointer Dereference
Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.
0 0 1 0 1
CWE-524 Information Exposure Through Caching
The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.
0 1 0 0 1
CWE-1258 Sensitive Information Uncleared During Hardware Debug Flows
The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.
0 0 1 0 1
CWE-141 Improper Neutralization of Parameter/Argument Delimiters
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as parameter or argument delimiters when they are sent to a downstream component.
0 0 1 0 1
CWE-84 Improper Neutralization of Encoded URI Schemes in a Web Page
The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings.
0 0 1 0 1