References

Bibliographic references cited across the CWE and CAPEC catalogs

All CWE CAPEC
REF-1414 CWE
Retpoline: A Branch Target Injection Mitigation
Intel Corporation · 2022
2 citation(s)
REF-1415 CWE
Spectre Attacks: Exploiting Speculative Execution
Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom · 2019
2 citation(s)
REF-1416 CWE
Flush+Reload: A High Resolution, Low Noise, L3 Cache Side-Channel Attack
Yuval Yarom, Katrina Falkner · 2014
1 citation(s)
REF-1417 CWE
InvisiSpec: making speculative execution invisible in the cache hierarchy.
Mengjia Yan, Jiho Choi, Dimitrios Skarlatos, Adam Morrison, Christopher W. Fletcher, Josep Torrella · 2019
2 citation(s)
REF-1418 CWE
Port Contention for Fun and Profit
Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida García, Nicola Tuveri · 2019
2 citation(s)
REF-1419 CWE
Speculative Interference Attacks: Breaking Invisible Speculation Schemes
Mohammad Behnia, Prateek Sahu, Riccardo Paccagnella, Jiyong Yu, Zirui Zhao, Xiang Zou, Thomas Unterluggauer, Josep Torrellas, Carlos Rozas, Adam Morrison, Frank Mckeen, Fangfei Liu, Ron Gabor, Christopher W. Fletcher, Abhishek Basak, Alaa Alameldeen · 2021
2 citation(s)
REF-1420 CWE
Spectre is here to stay: An analysis of side-channels and speculative execution
Ross Mcilroy, Jaroslav Sevcik, Tobias Tebbi, Ben L. Titzer, Toon Verwaest · 2019
2 citation(s)
REF-1421 CWE
Managed Runtime Speculative Execution Side Channel Mitigations
Intel Corporation · 2018
1 citation(s)
REF-1425 CWE
Speculative Load Hardening
Chandler Carruth
1 citation(s)
REF-1427 CWE
Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks
Hany Ragab, Enrico Barberis, Herbert Bos, Cristiano Giuffrida · 2021
1 citation(s)
REF-1428 CWE
Hide and Seek with Spectres: Efficient discovery of speculative information leaks with random testing
Oleksii Oleksenko, Marco Guarnieri, Boris Köpf, Mark Silberstein · 2023
1 citation(s)
REF-1429 CWE
SpecFuzz: Bringing Spectre-type vulnerabilities to the surface
Oleksii Oleksenko, Bohdan Trach, Mark Silberstein, Christof Fetzer · 2020
1 citation(s)
REF-1430 CWE
Medusa: Microarchitectural: Data Leakage via Automated Attack Synthesis
Daniel Moghimi, Moritz Lipp, Berk Sunar, Michael Schwarz · 2020
1 citation(s)
REF-1431 CWE
A Taxonomy of Computer Program Security Flaws, with Examples
Carl E. Landwehr, Alan R. Bull, John P. McDermott, William S. Choi · 1993
9 citation(s)
REF-1432 CWE
reglk_wrapper.sv
· 2021
1 citation(s)
REF-1433 CWE
Bad Code reglk_wrapper.sv
· 2021
1 citation(s)
REF-1434 CWE
Good Code reglk_wrapper.sv
· 2021
1 citation(s)
REF-1435 CWE
Bad Code aes1_wrapper.sv
· 2021
1 citation(s)
REF-1436 CWE
Good Code aes1_wrapper.sv
· 2021
1 citation(s)
REF-1437 CWE
acct_wrapper.sv
· 2021
2 citation(s)
REF-1438 CWE
Bad Code acct_wrapper.sv
· 2021
2 citation(s)
REF-1439 CWE
Good Code acct_wrapper.sv
· 2021
2 citation(s)
REF-1440 CWE
Integer overflow
· 2024
1 citation(s)
REF-1441 CWE
LLM02: Insecure Output Handling
OWASP · 2024
1 citation(s)
REF-1442 CWE
Validating Outputs
Cohere, Guardrails AI · 2023
1 citation(s)
REF-1443 CWE
NeMo Guardrails: A Toolkit for Controllable and Safe LLM Applications with Programmable Rails
Traian Rebedea, Razvan Dinu, Makesh Sreedhar, Christopher Parisien, Jonathan Cohen · 2023
1 citation(s)
REF-1444 CWE
Insecure output handling in LLMs
Snyk
1 citation(s)
REF-1445 CWE
Building Guardrails for Large Language Models
Yi Dong, Ronghui Mu, Gaojie Jin, Yi Qi, Jinwei Hu, Xingyu Zhao, Jie Meng, Wenjie Ruan, Xiaowei Huang · 2024
1 citation(s)
REF-1446 CWE
Secure by Design Alert: How Manufacturers Can Protect Customers by Eliminating Default Passwords
Cybersecurity and Infrastructure Security Agency · 2023
1 citation(s)
REF-1447 CWE
Secure by Design Alert: Eliminating SQL Injection Vulnerabilities in Software
Cybersecurity and Infrastructure Security Agency · 2024
1 citation(s)
REF-1448 CWE
Secure by Design Alert: Eliminating Directory Traversal Vulnerabilities in Software
Cybersecurity and Infrastructure Security Agency · 2024
3 citation(s)
REF-1449 CWE
Secure by Design Alert: Eliminating OS Command Injection Vulnerabilities
Cybersecurity and Infrastructure Security Agency · 2024
1 citation(s)
REF-1450 CWE
OWASP Top 10 for Large Language Model Applications - LLM01
OWASP · 2023
1 citation(s)
REF-1451 CWE
IBM - What is a prompt injection attack?
Matthew Kosinski, Amber Forrest · 2024
1 citation(s)
REF-1452 CWE
Not what you've signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection
Kai Greshake, Sahar Abdelnabi, Shailesh Mishra, Christoph Endres, Thorsten Holz, Mario Fritz · 2023
1 citation(s)
REF-1453 CWE
2024 CWE Top 25 Most Dangerous Software Weaknesses
· 2024
REF-1454 CWE
NoSQL injection
PortSwigger
1 citation(s)
REF-1455 CWE
A Pentester's Guide to NoSQL Injection
The SecOps Group · 2023
1 citation(s)
REF-1456 CWE
CRLF Injection
Imperva
1 citation(s)
REF-1457 CWE
CRLF injection
R00tendo · 2024
1 citation(s)
REF-1458 CWE
Directory Indexing
Web Application Security Consortium · 2009
1 citation(s)
REF-1459 CWE
Directory indexing attacks
IBM · 2021
1 citation(s)
REF-1460 CWE
NT Web Technology Vulnerabilities
rain.forest.puppy · 1998
1 citation(s)
REF-1461 CWE
What's the Difference Between HTTP and HTTPS?
Amazon
1 citation(s)
REF-1462 CWE
Why is HTTP not secure? | HTTP vs. HTTPS
Cloudflare
1 citation(s)
REF-1463 CWE
Every Pipe, Every Byte: The Case for Universal Encryption
Bob Lord · 2024
1 citation(s)
REF-1464 CWE
Encrypting the Web
Electronic Frontier Foundation
1 citation(s)
REF-1465 CWE
Application Security Verification Standard 4.0.3 - Final
OWASP
1 citation(s)
REF-1466 CWE
Fixing mixed content
· 2019
1 citation(s)
REF-1467 CWE
Mixed content
Mozilla · 2025
1 citation(s)
« 28 / 30 »