Categories
| CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| CWE-61 | UNIX Symbolic Link (Symlink) Following The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files. | 0 | 2 | 1 | 0 | 3 | |
| CWE-823 | Use of Out-of-range Pointer Offset The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer. | 0 | 2 | 0 | 1 | 3 | |
| CWE-266 | Incorrect Privilege Assignment A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. | 0 | 0 | 1 | 2 | 3 | |
| CWE-86 | Improper Neutralization of Invalid Characters in Identifiers in Web Pages The software does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers. | 0 | 3 | 0 | 0 | 3 | |
| CWE-1 | DEPRECATED: Location This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree. | 0 | 0 | 0 | 2 | 2 | |
| CWE-769 | Uncontrolled File Descriptor Consumption This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774. | 0 | 0 | 2 | 0 | 2 | |
| CWE-534 | DEPRECATED: Information Exposure Through Debug Log Files This entry has been deprecated because its abstraction was too low-level. See CWE-532. | 0 | 0 | 1 | 1 | 2 | |
| CWE-642 | External Control of Critical State Data The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors. | 0 | 1 | 1 | 0 | 2 | |
| CWE-21 | Pathname Traversal and Equivalence Errors Weaknesses in this category can be used to access files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence). Files, directories, and folders are so central to information technology that many different weaknesses and variants have been discovered. The manipulations generally involve special characters or sequences in pathnames, or the use of alternate references or channels. | 0 | 1 | 0 | 1 | 2 | |
| CWE-664 | Improper Control of a Resource Through its Lifetime The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release. | 0 | 0 | 2 | 0 | 2 |