Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-407 | Algorithmic Complexity An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached. | 0 | 7 | 10 | 0 | 17 | |
CWE-1187 | DEPRECATED: Use of Uninitialized Resource This entry has been deprecated because it was a duplicate of CWE-908. All content has been transferred to CWE-908. | 1 | 14 | 0 | 1 | 16 | |
CWE-377 | Insecure Temporary File Creating and using insecure temporary files can leave application and system data vulnerable to attack. | 4 | 10 | 2 | 0 | 16 | |
CWE-924 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission. | 2 | 10 | 4 | 0 | 16 | |
CWE-288 | Authentication Bypass Using an Alternate Path or Channel A product requires authentication, but the product has an alternate path or channel that does not require authentication. | 4 | 2 | 6 | 3 | 15 | |
CWE-123 | Write-what-where Condition Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow. | 0 | 4 | 9 | 2 | 15 | |
CWE-23 | Relative Path Traversal The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as .. that can resolve to a location that is outside of that directory. | 0 | 6 | 7 | 2 | 15 | |
CWE-90 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component. | 1 | 7 | 5 | 2 | 15 | |
CWE-417 | Channel and Path Errors Weaknesses in this category are related to improper handling of communication channels and access paths. | 1 | 10 | 2 | 1 | 14 | |
CWE-250 | Execution with Unnecessary Privileges The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. | 0 | 4 | 9 | 1 | 14 |