Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-789 | Uncontrolled Memory Allocation The product allocates memory based on an untrusted size value, but it does not validate or incorrectly validates the size, allowing arbitrary amounts of memory to be allocated. | 0 | 5 | 5 | 0 | 10 | |
CWE-359 | Exposure of Private Information ('Privacy Violation') The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. | 1 | 7 | 2 | 0 | 10 | |
CWE-297 | Improper Validation of Certificate with Host Mismatch The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host. | 2 | 7 | 1 | 0 | 10 | |
CWE-680 | Integer Overflow to Buffer Overflow The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow. | 1 | 1 | 8 | 0 | 10 | |
CWE-256 | Unprotected Storage of Credentials Storing a password in plaintext may result in a system compromise. | 0 | 4 | 5 | 1 | 10 | |
CWE-305 | Authentication Bypass by Primary Weakness The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. | 0 | 2 | 4 | 4 | 10 | |
CWE-172 | Encoding Error The software does not properly encode or decode the data, resulting in unexpected values. | 0 | 3 | 4 | 2 | 9 | |
CWE-184 | Incomplete Blacklist The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses. | 0 | 5 | 3 | 1 | 9 | |
CWE-788 | Access of Memory Location After End of Buffer The software reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer. | 0 | 4 | 4 | 1 | 9 | |
CWE-248 | Uncaught Exception An exception is thrown from a function, but it is not caught. | 0 | 6 | 3 | 0 | 9 |