Any change with respect to whitespace is ignored. "Minor"
changes are text changes that only affect capitalization and
punctuation. Most other changes are marked as "Major."
Simple schema changes are treated as Minor, such as the change from
AffectedResource to Affected_Resource in Draft 8, or the relationship
name change from "IsRequiredBy" to "RequiredBy" in
Version 1.0. For each mutual relationship between nodes A and B (such
as ParentOf and ChildOf), a relationship change is noted for both A
and B.
The "Version 4.7 Total" lists the total number of relationships
in Version 4.7. The "Shared" value is the total number of
relationships in entries that were in both Version 4.7 and Version 4.6. The
"New" value is the total number of relationships involving
entries that did not exist in Version 4.6. Thus, the total number of
relationships in Version 4.7 would combine stats from Shared entries and
New entries.
A node change is labeled "important" if it is a major field change and
the field is critical to the meaning of the node. The critical fields
are description, name, and relationships.
| | | R |
20 |
Improper Input Validation |
| | | R |
107 |
Struts: Unused Validation Form |
| | | R |
110 |
Struts: Validator Without Form Field |
| | | R |
269 |
Improper Privilege Management |
| | | R |
276 |
Incorrect Default Permissions |
| | | R |
285 |
Improper Authorization |
| | | R |
295 |
Improper Certificate Validation |
| | | R |
296 |
Improper Following of a Certificate's Chain of Trust |
| | | R |
327 |
Use of a Broken or Risky Cryptographic Algorithm |
| | | R |
329 |
Generation of Predictable IV with CBC Mode |
| | | R |
346 |
Origin Validation Error |
| | | R |
349 |
Acceptance of Extraneous Untrusted Data With Trusted Data |
| | | R |
358 |
Improperly Implemented Security Check for Standard |
| | | R |
362 |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
| | | R |
364 |
Signal Handler Race Condition |
| D | N | R |
365 |
DEPRECATED: Race Condition in Switch |
| | | R |
366 |
Race Condition within a Thread |
| | | R |
367 |
Time-of-check Time-of-use (TOCTOU) Race Condition |
| | | R |
406 |
Insufficient Control of Network Message Volume (Network Amplification) |
| | | R |
451 |
User Interface (UI) Misrepresentation of Critical Information |
| | | R |
506 |
Embedded Malicious Code |
| | | R |
557 |
Concurrency Issues |
| | | R |
601 |
URL Redirection to Untrusted Site ('Open Redirect') |
| | | R |
610 |
Externally Controlled Reference to a Resource in Another Sphere |
| | | R |
636 |
Not Failing Securely ('Failing Open') |
| | | R |
655 |
Insufficient Psychological Acceptability |
| | | R |
668 |
Exposure of Resource to Wrong Sphere |
| | | R |
669 |
Incorrect Resource Transfer Between Spheres |
| | | R |
684 |
Incorrect Provision of Specified Functionality |
| | | R |
703 |
Improper Check or Handling of Exceptional Conditions |
| | | R |
710 |
Improper Adherence to Coding Standards |
| | | R |
754 |
Improper Check for Unusual or Exceptional Conditions |
| | | R |
755 |
Improper Handling of Exceptional Conditions |
| D | | |
788 |
Access of Memory Location After End of Buffer |
| | | R |
807 |
Reliance on Untrusted Inputs in a Security Decision |
| | | R |
912 |
Hidden Functionality |
| | | R |
986 |
SFP Secondary Cluster: Missing Lock |
| D | N | R |
1059 |
Insufficient Technical Documentation |
| | | R |
1104 |
Use of Unmaintained Third Party Components |
| | | R |
1164 |
Irrelevant Code |
| | | R |
1195 |
Manufacturing and Life Cycle Management Concerns |
| | | R |
1198 |
Privilege Separation and Access Control Issues |
| | | R |
1208 |
Cross-Cutting Problems |
| D | | |
1225 |
Documentation Issues |
| | | R |
1231 |
Improper Prevention of Lock Bit Modification |
| | | R |
1233 |
Security-Sensitive Hardware Controls with Missing Lock Bit Protection |
| | | R |
1242 |
Inclusion of Undocumented Features or Chicken Bits |
| | | R |
1247 |
Improper Protection Against Voltage and Clock Glitches |
| | | R |
1261 |
Improper Handling of Single Event Upsets |
| | | R |
1277 |
Firmware Not Updateable |
| | | R |
1278 |
Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques |
| | | R |
1310 |
Missing Ability to Patch ROM Code |
| D | | R |
1329 |
Reliance on Component That is Not Updateable |
| | | R |
1332 |
Improper Handling of Faults that Lead to Instruction Skips |
| | | R |
1338 |
Improper Protections Against Hardware Overheating |
| D | | |
1341 |
Multiple Releases of Same Resource or Handle |
| | | R |
1351 |
Improper Handling of Hardware Behavior in Exceptionally Cold Environments |
| 20 |
Improper Input Validation |
|
Major |
Relationships |
|
Minor |
None |
| 58 |
Path Equivalence: Windows 8.3 Filename |
|
Major |
None |
|
Minor |
Research_Gaps |
| 59 |
Improper Link Resolution Before File Access ('Link Following') |
|
Major |
Research_Gaps |
|
Minor |
None |
| 61 |
UNIX Symbolic Link (Symlink) Following |
|
Major |
Research_Gaps |
|
Minor |
None |
| 62 |
UNIX Hard Link |
|
Major |
Research_Gaps |
|
Minor |
None |
| 65 |
Windows Hard Link |
|
Major |
Research_Gaps |
|
Minor |
None |
| 74 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
|
Major |
Demonstrative_Examples, Related_Attack_Patterns |
|
Minor |
None |
| 78 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 88 |
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
|
Major |
Applicable_Platforms, Demonstrative_Examples, Observed_Examples, References |
|
Minor |
None |
| 90 |
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
|
Major |
Research_Gaps |
|
Minor |
None |
| 93 |
Improper Neutralization of CRLF Sequences ('CRLF Injection') |
|
Major |
Research_Gaps |
|
Minor |
None |
| 94 |
Improper Control of Generation of Code ('Code Injection') |
|
Major |
Research_Gaps |
|
Minor |
None |
| 95 |
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
|
Major |
Research_Gaps |
|
Minor |
None |
| 98 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') |
|
Major |
Research_Gaps |
|
Minor |
None |
| 107 |
Struts: Unused Validation Form |
|
Major |
Relationships |
|
Minor |
None |
| 110 |
Struts: Validator Without Form Field |
|
Major |
Relationships |
|
Minor |
None |
| 124 |
Buffer Underwrite ('Buffer Underflow') |
|
Major |
Research_Gaps |
|
Minor |
None |
| 125 |
Out-of-bounds Read |
|
Major |
Research_Gaps |
|
Minor |
None |
| 138 |
Improper Neutralization of Special Elements |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 191 |
Integer Underflow (Wrap or Wraparound) |
|
Major |
Research_Gaps |
|
Minor |
None |
| 193 |
Off-by-one Error |
|
Major |
Research_Gaps |
|
Minor |
None |
| 250 |
Execution with Unnecessary Privileges |
|
Major |
Observed_Examples |
|
Minor |
None |
| 268 |
Privilege Chaining |
|
Major |
Research_Gaps |
|
Minor |
None |
| 269 |
Improper Privilege Management |
|
Major |
Relationships |
|
Minor |
None |
| 270 |
Privilege Context Switching Error |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 276 |
Incorrect Default Permissions |
|
Major |
Relationships |
|
Minor |
None |
| 285 |
Improper Authorization |
|
Major |
Relationships |
|
Minor |
None |
| 295 |
Improper Certificate Validation |
|
Major |
Relationships |
|
Minor |
None |
| 296 |
Improper Following of a Certificate's Chain of Trust |
|
Major |
Relationships |
|
Minor |
None |
| 327 |
Use of a Broken or Risky Cryptographic Algorithm |
|
Major |
Relationships |
|
Minor |
None |
| 329 |
Generation of Predictable IV with CBC Mode |
|
Major |
Relationships |
|
Minor |
None |
| 346 |
Origin Validation Error |
|
Major |
Relationships |
|
Minor |
None |
| 349 |
Acceptance of Extraneous Untrusted Data With Trusted Data |
|
Major |
Relationships |
|
Minor |
None |
| 358 |
Improperly Implemented Security Check for Standard |
|
Major |
Relationships |
|
Minor |
None |
| 362 |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
|
Major |
Observed_Examples, Relationships |
|
Minor |
None |
| 364 |
Signal Handler Race Condition |
|
Major |
Relationships, Research_Gaps |
|
Minor |
None |
| 365 |
DEPRECATED: Race Condition in Switch |
|
Major |
Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Potential_Mitigations, References, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type |
|
Minor |
None |
| 366 |
Race Condition within a Thread |
|
Major |
Relationships |
|
Minor |
None |
| 367 |
Time-of-check Time-of-use (TOCTOU) Race Condition |
|
Major |
Demonstrative_Examples, References, Relationships, Taxonomy_Mappings |
|
Minor |
None |
| 400 |
Uncontrolled Resource Consumption |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 406 |
Insufficient Control of Network Message Volume (Network Amplification) |
|
Major |
Relationships |
|
Minor |
None |
| 415 |
Double Free |
|
Major |
Demonstrative_Examples, Observed_Examples |
|
Minor |
None |
| 426 |
Untrusted Search Path |
|
Major |
Research_Gaps |
|
Minor |
None |
| 427 |
Uncontrolled Search Path Element |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 428 |
Unquoted Search Path or Element |
|
Major |
Research_Gaps |
|
Minor |
None |
| 429 |
Handler Errors |
|
Major |
Research_Gaps |
|
Minor |
None |
| 434 |
Unrestricted Upload of File with Dangerous Type |
|
Major |
Research_Gaps |
|
Minor |
None |
| 436 |
Interpretation Conflict |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 444 |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 451 |
User Interface (UI) Misrepresentation of Critical Information |
|
Major |
Relationships |
|
Minor |
None |
| 476 |
NULL Pointer Dereference |
|
Major |
Alternate_Terms |
|
Minor |
None |
| 506 |
Embedded Malicious Code |
|
Major |
Relationships |
|
Minor |
None |
| 557 |
Concurrency Issues |
|
Major |
Relationships |
|
Minor |
None |
| 601 |
URL Redirection to Untrusted Site ('Open Redirect') |
|
Major |
Relationships |
|
Minor |
None |
| 602 |
Client-Side Enforcement of Server-Side Security |
|
Major |
Research_Gaps |
|
Minor |
None |
| 610 |
Externally Controlled Reference to a Resource in Another Sphere |
|
Major |
Relationships |
|
Minor |
None |
| 612 |
Improper Authorization of Index Containing Sensitive Information |
|
Major |
None |
|
Minor |
Research_Gaps |
| 621 |
Variable Extraction Error |
|
Major |
Research_Gaps |
|
Minor |
None |
| 623 |
Unsafe ActiveX Control Marked Safe For Scripting |
|
Major |
Research_Gaps |
|
Minor |
None |
| 636 |
Not Failing Securely ('Failing Open') |
|
Major |
Relationships |
|
Minor |
None |
| 655 |
Insufficient Psychological Acceptability |
|
Major |
Relationships |
|
Minor |
None |
| 668 |
Exposure of Resource to Wrong Sphere |
|
Major |
Relationships |
|
Minor |
None |
| 669 |
Incorrect Resource Transfer Between Spheres |
|
Major |
Relationships |
|
Minor |
None |
| 684 |
Incorrect Provision of Specified Functionality |
|
Major |
Relationships |
|
Minor |
None |
| 697 |
Incorrect Comparison |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 703 |
Improper Check or Handling of Exceptional Conditions |
|
Major |
Relationships |
|
Minor |
None |
| 707 |
Improper Neutralization |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 710 |
Improper Adherence to Coding Standards |
|
Major |
Relationships |
|
Minor |
None |
| 754 |
Improper Check for Unusual or Exceptional Conditions |
|
Major |
Relationships |
|
Minor |
None |
| 755 |
Improper Handling of Exceptional Conditions |
|
Major |
Relationships |
|
Minor |
None |
| 776 |
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 788 |
Access of Memory Location After End of Buffer |
|
Major |
Description |
|
Minor |
None |
| 807 |
Reliance on Untrusted Inputs in a Security Decision |
|
Major |
Relationships |
|
Minor |
None |
| 822 |
Untrusted Pointer Dereference |
|
Major |
Research_Gaps |
|
Minor |
None |
| 823 |
Use of Out-of-range Pointer Offset |
|
Major |
Research_Gaps |
|
Minor |
None |
| 824 |
Access of Uninitialized Pointer |
|
Major |
Research_Gaps |
|
Minor |
None |
| 825 |
Expired Pointer Dereference |
|
Major |
Research_Gaps |
|
Minor |
None |
| 828 |
Signal Handler with Functionality that is not Asynchronous-Safe |
|
Major |
Observed_Examples |
|
Minor |
None |
| 841 |
Improper Enforcement of Behavioral Workflow |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 843 |
Access of Resource Using Incompatible Type ('Type Confusion') |
|
Major |
Research_Gaps |
|
Minor |
None |
| 912 |
Hidden Functionality |
|
Major |
Relationships |
|
Minor |
None |
| 943 |
Improper Neutralization of Special Elements in Data Query Logic |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 986 |
SFP Secondary Cluster: Missing Lock |
|
Major |
Relationships |
|
Minor |
None |
| 1059 |
Insufficient Technical Documentation |
|
Major |
Applicable_Platforms, Common_Consequences, Description, Name, Potential_Mitigations, References, Relationships, Time_of_Introduction |
|
Minor |
None |
| 1104 |
Use of Unmaintained Third Party Components |
|
Major |
References, Relationships |
|
Minor |
None |
| 1164 |
Irrelevant Code |
|
Major |
Relationships |
|
Minor |
None |
| 1191 |
On-Chip Debug and Test Interface With Improper Access Control |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 1195 |
Manufacturing and Life Cycle Management Concerns |
|
Major |
Relationships |
|
Minor |
None |
| 1198 |
Privilege Separation and Access Control Issues |
|
Major |
Relationships |
|
Minor |
None |
| 1208 |
Cross-Cutting Problems |
|
Major |
Relationships |
|
Minor |
None |
| 1222 |
Insufficient Granularity of Address Regions Protected by Register Locks |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 1224 |
Improper Restriction of Write-Once Bit Fields |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 1225 |
Documentation Issues |
|
Major |
Description |
|
Minor |
None |
| 1231 |
Improper Prevention of Lock Bit Modification |
|
Major |
Related_Attack_Patterns, Relationships |
|
Minor |
None |
| 1233 |
Security-Sensitive Hardware Controls with Missing Lock Bit Protection |
|
Major |
Related_Attack_Patterns, Relationships |
|
Minor |
None |
| 1234 |
Hardware Internal or Debug Modes Allow Override of Locks |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 1242 |
Inclusion of Undocumented Features or Chicken Bits |
|
Major |
Relationships |
|
Minor |
None |
| 1244 |
Internal Asset Exposed to Unsafe Debug Access Level or State |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 1246 |
Improper Write Handling in Limited-write Non-Volatile Memories |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 1247 |
Improper Protection Against Voltage and Clock Glitches |
|
Major |
Applicable_Platforms, Relationships |
|
Minor |
None |
| 1250 |
Improper Preservation of Consistency Between Independent Representations of Shared State |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 1252 |
CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations |
|
Major |
Applicable_Platforms, Related_Attack_Patterns |
|
Minor |
None |
| 1256 |
Improper Restriction of Software Interfaces to Hardware Features |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 1257 |
Improper Access Control Applied to Mirrored or Aliased Memory Regions |
|
Major |
Applicable_Platforms, Related_Attack_Patterns |
|
Minor |
None |
| 1259 |
Improper Restriction of Security Token Assignment |
|
Major |
Applicable_Platforms, Related_Attack_Patterns |
|
Minor |
None |
| 1260 |
Improper Handling of Overlap Between Protected Memory Ranges |
|
Major |
Applicable_Platforms, Related_Attack_Patterns |
|
Minor |
None |
| 1261 |
Improper Handling of Single Event Upsets |
|
Major |
Relationships |
|
Minor |
None |
| 1262 |
Improper Access Control for Register Interface |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 1267 |
Policy Uses Obsolete Encoding |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 1268 |
Policy Privileges are not Assigned Consistently Between Control and Data Agents |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 1270 |
Generation of Incorrect Security Tokens |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 1274 |
Improper Access Control for Volatile Memory Containing Boot Code |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 1277 |
Firmware Not Updateable |
|
Major |
Detection_Factors, Observed_Examples, Potential_Mitigations, Relationships |
|
Minor |
None |
| 1278 |
Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques |
|
Major |
Relationships |
|
Minor |
None |
| 1279 |
Cryptographic Operations are run Before Supporting Units are Ready |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 1282 |
Assumed-Immutable Data is Stored in Writable Memory |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 1283 |
Mutable Attestation or Measurement Reporting Data |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 1286 |
Improper Validation of Syntactic Correctness of Input |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 1290 |
Incorrect Decoding of Security Identifiers |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 1292 |
Incorrect Conversion of Security Identifiers |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 1294 |
Insecure Security Identifier Mechanism |
|
Major |
Applicable_Platforms, Related_Attack_Patterns |
|
Minor |
None |
| 1296 |
Incorrect Chaining or Granularity of Debug Components |
|
Major |
Applicable_Platforms, Related_Attack_Patterns |
|
Minor |
None |
| 1297 |
Unprotected Confidential Information on Device is Accessible by OSAT Vendors |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 1299 |
Missing Protection Mechanism for Alternate Hardware Interface |
|
Major |
Applicable_Platforms, Common_Consequences, Related_Attack_Patterns |
|
Minor |
None |
| 1302 |
Missing Security Identifier |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 1310 |
Missing Ability to Patch ROM Code |
|
Major |
Applicable_Platforms, Common_Consequences, Potential_Mitigations, Relationships |
|
Minor |
None |
| 1312 |
Missing Protection for Mirrored Regions in On-Chip Fabric Firewall |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 1313 |
Hardware Allows Activation of Test or Debug Logic at Runtime |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 1314 |
Missing Write Protection for Parametric Data Values |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 1316 |
Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges |
|
Major |
Applicable_Platforms, Related_Attack_Patterns |
|
Minor |
None |
| 1317 |
Missing Security Checks in Fabric Bridge |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 1318 |
Missing Support for Security Features in On-chip Fabrics or Buses |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 1319 |
Improper Protection against Electromagnetic Fault Injection (EM-FI) |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 1320 |
Improper Protection for Out of Bounds Signal Level Alerts |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 1324 |
Sensitive Information Accessible by Physical Probing of JTAG Interface |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 1326 |
Missing Immutable Root of Trust in Hardware |
|
Major |
Applicable_Platforms, Related_Attack_Patterns |
|
Minor |
None |
| 1328 |
Security Version Number Mutable to Older Versions |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 1329 |
Reliance on Component That is Not Updateable |
|
Major |
Common_Consequences, Description, Detection_Factors, Maintenance_Notes, Modes_of_Introduction, Observed_Examples, Potential_Mitigations, References, Relationships, Time_of_Introduction, Weakness_Ordinalities |
|
Minor |
None |
| 1330 |
Remanent Data Readable after Memory Erase |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 1331 |
Improper Isolation of Shared Resources in Network On Chip (NoC) |
|
Major |
Applicable_Platforms, References |
|
Minor |
None |
| 1332 |
Improper Handling of Faults that Lead to Instruction Skips |
|
Major |
Potential_Mitigations, References, Relationships |
|
Minor |
None |
| 1333 |
Inefficient Regular Expression Complexity |
|
Major |
Observed_Examples, Potential_Mitigations |
|
Minor |
None |
| 1338 |
Improper Protections Against Hardware Overheating |
|
Major |
Applicable_Platforms, Relationships |
|
Minor |
None |
| 1341 |
Multiple Releases of Same Resource or Handle |
|
Major |
Demonstrative_Examples, Description, Potential_Mitigations |
|
Minor |
None |
| 1351 |
Improper Handling of Hardware Behavior in Exceptionally Cold Environments |
|
Major |
Relationships |
|
Minor |
References |
