Categories
| CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| CWE-122 | Heap-based Buffer Overflow A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). | 0 | 5 | 3 | 2 | 10 | |
| CWE-15 | External Control of System or Configuration Setting One or more system settings or configuration elements can be externally controlled by a user. | 0 | 0 | 0 | 9 | 9 | |
| CWE-98 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in require, include, or similar functions. | 0 | 1 | 7 | 1 | 9 | |
| CWE-172 | Encoding Error The software does not properly encode or decode the data, resulting in unexpected values. | 1 | 5 | 0 | 2 | 8 | |
| CWE-123 | Write-what-where Condition Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow. | 0 | 2 | 5 | 1 | 8 | |
| CWE-538 | File and Directory Information Exposure The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. | 2 | 4 | 2 | 0 | 8 | |
| CWE-497 | Exposure of System Data to an Unauthorized Control Sphere The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does. | 1 | 7 | 0 | 0 | 8 | |
| CWE-361 | 7PK - Time and State This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses related to the improper management of time and state in an environment that supports simultaneous or near-simultaneous computation by multiple systems, processes, or threads. According to the authors of the Seven Pernicious Kingdoms, "Distributed computation is about time and state. That is, in order for more than one component to communicate, state must be shared, and all that takes time. Most programmers anthropomorphize their work. They think about one thread of control carrying out the entire program in the same way they would if they had to do the job themselves. Modern computers, however, switch between tasks very quickly, and in multi-core, multi-CPU, or distributed systems, two events may take place at exactly the same time. Defects rush to fill the gap between the programmer's model of how a program executes and what happens in reality. These defects are related to unexpected interactions between threads, processes, time, and information. These interactions happen through shared state: semaphores, variables, the file system, and, basically, anything that can store information." | 0 | 2 | 3 | 2 | 7 | |
| CWE-332 | Insufficient Entropy in PRNG The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat. | 0 | 1 | 5 | 1 | 7 | |
| CWE-838 | Inappropriate Encoding for Output Context The software uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component. | 0 | 4 | 2 | 1 | 7 |