CWE-229 Improper Handling of Values
The software does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.
0 1 0 0 1
CWE-941 Incorrectly Specified Destination in a Communication Channel
The software creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.
0 1 0 0 1
CWE-235 Improper Handling of Extra Parameters
The software does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount.
0 0 0 1 1
CWE-337 Predictable Seed in Pseudo-Random Number Generator (PRNG)
A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.
0 1 0 0 1
CWE-641 Improper Restriction of Names for Files and Other Resources
The application constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.
0 0 1 0 1
CWE-1282 Assumed-Immutable Data Stored in Writable Memory
Immutable data, such as a first-stage bootloader, device identifiers, and write-once configuration settings are stored in writable memory that can be re-programmed/updated in the field.
0 0 1 0 1
CWE-167 Improper Handling of Additional Special Element
The software receives input from an upstream component, but it does not handle or incorrectly handles when an additional unexpected special element is provided.
0 1 0 0 1
CWE-344 Use of Invariant Value in Dynamically Changing Context
The product uses a constant value, name, or reference, but this value can (or should) vary across different environments.
0 0 1 0 1
CWE-1103 Use of Platform-Dependent Third Party Components
The product relies on third-party software components that do not provide equivalent functionality across all desirable platforms.
0 1 0 0 1
CWE-1263 Insufficient Physical Protection Mechanism
The product is designed such that certain parts be restricted yet does not sufficiently protect against an unauthorized actor’s ability to physically access these restricted regions of the product.
0 1 0 0 1