Categories
| CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| CWE-131 | Incorrect Calculation of Buffer Size The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. | 1 | 25 | 37 | 16 | 79 | |
| CWE-834 | Excessive Iteration The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed. | 1 | 52 | 26 | 0 | 79 | |
| CWE-682 | Incorrect Calculation The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management. | 1 | 25 | 44 | 5 | 75 | |
| CWE-909 | Missing Initialization of Resource The software does not initialize a critical resource. | 2 | 44 | 27 | 2 | 75 | |
| CWE-681 | Incorrect Conversion between Numeric Types When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur. | 0 | 14 | 45 | 11 | 70 | |
| CWE-266 | Incorrect Privilege Assignment A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. | 3 | 46 | 11 | 10 | 70 | |
| CWE-121 | Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). | 1 | 12 | 41 | 16 | 70 | |
| CWE-91 | XML Injection (aka Blind XPath Injection) The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. | 0 | 13 | 37 | 19 | 69 | |
| CWE-916 | Use of Password Hash With Insufficient Computational Effort The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive. | 1 | 22 | 34 | 12 | 69 | |
| CWE-189 | Numeric Errors Weaknesses in this category are related to improper calculation or conversion of numbers. | 0 | 16 | 38 | 11 | 65 |