Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-24 | Path Traversal: '../filedir' The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ../ sequences that can resolve to a location that is outside of that directory. | 0 | 7 | 2 | 5 | 14 | |
CWE-749 | Exposed Dangerous Method or Function The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted. | 1 | 5 | 3 | 5 | 14 | |
CWE-118 | Incorrect Access of Indexable Resource ('Range Error') The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files. | 1 | 3 | 6 | 3 | 13 | |
CWE-379 | Creation of Temporary File in Directory with Incorrect Permissions The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file. | 2 | 9 | 2 | 0 | 13 | |
CWE-126 | Buffer Over-read The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. | 0 | 5 | 8 | 0 | 13 | |
CWE-185 | Incorrect Regular Expression The software specifies a regular expression in a way that causes data to be improperly matched or compared. | 0 | 8 | 2 | 2 | 12 | |
CWE-538 | File and Directory Information Exposure The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. | 1 | 10 | 1 | 0 | 12 | |
CWE-117 | Improper Output Neutralization for Logs The software does not neutralize or incorrectly neutralizes output that is written to logs. | 1 | 11 | 0 | 0 | 12 | |
CWE-822 | Untrusted Pointer Dereference The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer. | 0 | 5 | 5 | 1 | 11 | |
CWE-332 | Insufficient Entropy in PRNG The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat. | 0 | 9 | 1 | 0 | 10 |