Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-321 | Use of Hard-coded Cryptographic Key The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered. | 0 | 3 | 2 | 0 | 5 | |
CWE-199 | Information Management Errors Weaknesses in this category are related to improper handling of sensitive information. | 0 | 3 | 0 | 1 | 4 | |
CWE-250 | Execution with Unnecessary Privileges The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. | 1 | 1 | 2 | 0 | 4 | |
CWE-548 | Information Exposure Through Directory Listing A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers. | 1 | 2 | 1 | 0 | 4 | |
CWE-644 | Improper Neutralization of HTTP Headers for Scripting Syntax The application does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash. | 1 | 3 | 0 | 0 | 4 | |
CWE-1220 | Insufficient Granularity of Access Control The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets. | 0 | 2 | 2 | 0 | 4 | |
CWE-184 | Incomplete Blacklist The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses. | 0 | 1 | 2 | 0 | 3 | |
CWE-18 | Source Code Weaknesses in this category are typically found within source code. | 1 | 0 | 1 | 1 | 3 | |
CWE-1187 | DEPRECATED: Use of Uninitialized Resource This entry has been deprecated because it was a duplicate of CWE-908. All content has been transferred to CWE-908. | 0 | 2 | 0 | 1 | 3 | |
CWE-920 | Improper Restriction of Power Consumption The software operates in an environment in which power is a limited resource that cannot be automatically replenished, but the software does not properly restrict the amount of power that its operation consumes. | 0 | 2 | 1 | 0 | 3 |