Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-99 Improper Control of Resource Identifiers ('Resource Injection')
The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.
0 5 2 1 8
CWE-359 Exposure of Private Information ('Privacy Violation')
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
0 7 1 0 8
CWE-361 7PK - Time and State
This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses related to the improper management of time and state in an environment that supports simultaneous or near-simultaneous computation by multiple systems, processes, or threads. According to the authors of the Seven Pernicious Kingdoms, "Distributed computation is about time and state. That is, in order for more than one component to communicate, state must be shared, and all that takes time. Most programmers anthropomorphize their work. They think about one thread of control carrying out the entire program in the same way they would if they had to do the job themselves. Modern computers, however, switch between tasks very quickly, and in multi-core, multi-CPU, or distributed systems, two events may take place at exactly the same time. Defects rush to fill the gap between the programmer's model of how a program executes and what happens in reality. These defects are related to unexpected interactions between threads, processes, time, and information. These interactions happen through shared state: semaphores, variables, the file system, and, basically, anything that can store information."
0 2 3 2 7
CWE-332 Insufficient Entropy in PRNG
The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.
0 1 5 1 7
CWE-838 Inappropriate Encoding for Output Context
The software uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component.
0 4 2 1 7
CWE-749 Exposed Dangerous Method or Function
The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
0 2 5 0 7
CWE-707 Improper Enforcement of Message or Data Structure
The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
1 2 4 0 7
CWE-259 Use of Hard-coded Password
The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
1 3 3 0 7
CWE-256 Unprotected Storage of Credentials
Storing a password in plaintext may result in a system compromise.
1 6 0 0 7
CWE-16 Configuration
Weaknesses in this category are typically introduced during the configuration of the software.
0 0 3 3 6