CAPEC Related Weakness
Accessing Functionality Not Properly Constrained by ACLs
CWE-276 Incorrect Default Permissions
CWE-285 Improper Authorization
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-693 Protection Mechanism Failure
CWE-732 Incorrect Permission Assignment for Critical Resource
CWE-1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
CWE-1220 Insufficient Granularity of Access Control
CWE-1297 Unprotected Confidential Information on Device is Accessible by OSAT Vendors
CWE-1311 Improper Translation of Security Attributes by Fabric Bridge
CWE-1314 Missing Write Protection for Parametric Data Values
CWE-1315 Improper Setting of Bus Controlling Capability in Fabric End-point
CWE-1318 Missing Support for Security Features in On-chip Fabrics or Buses
CWE-1320 Improper Protection for Out of Bounds Signal Level Alerts
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-1327 Binding to an Unrestricted IP Address
Exploiting Incorrectly Configured Access Control Security Levels
CWE-732 Incorrect Permission Assignment for Critical Resource
CWE-1190 DMA Device Enabled Too Early in Boot Phase
CWE-1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
CWE-1220 Insufficient Granularity of Access Control
CWE-1268 Policy Privileges are not Assigned Consistently Between Control and Data Agents
CWE-1280 Access Control Check Implemented After Asset is Accessed
CWE-1297 Unprotected Confidential Information on Device is Accessible by OSAT Vendors
CWE-1311 Improper Translation of Security Attributes by Fabric Bridge
CWE-1315 Improper Setting of Bus Controlling Capability in Fabric End-point
CWE-1318 Missing Support for Security Features in On-chip Fabrics or Buses
CWE-1320 Improper Protection for Out of Bounds Signal Level Alerts
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Manipulating User-Controlled Variables
CWE-15 External Control of System or Configuration Setting
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-285 Improper Authorization
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-473 PHP External Variable Modification
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')