Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-598 | Information Exposure Through Query Strings in GET Request The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that requests. | 2 | 0 | 1 | 0 | 3 | |
CWE-653 | Insufficient Compartmentalization The product does not sufficiently compartmentalize functionality or processes that require different privilege levels, rights, or permissions. | 0 | 3 | 0 | 0 | 3 | |
CWE-823 | Use of Out-of-range Pointer Offset The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer. | 0 | 1 | 2 | 0 | 3 | |
CWE-921 | Storage of Sensitive Data in a Mechanism without Access Control The software stores sensitive information in a file system or device that does not have built-in access control. | 0 | 0 | 2 | 1 | 3 | |
CWE-805 | Buffer Access with Incorrect Length Value The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. | 0 | 0 | 3 | 0 | 3 | |
CWE-525 | Information Exposure Through Browser Caching The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached. | 0 | 3 | 0 | 0 | 3 | |
CWE-472 | External Control of Assumed-Immutable Web Parameter The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields. | 0 | 2 | 1 | 0 | 3 | |
CWE-1 | DEPRECATED: Location This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree. | 0 | 0 | 0 | 2 | 2 | |
CWE-769 | Uncontrolled File Descriptor Consumption This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774. | 0 | 0 | 2 | 0 | 2 | |
CWE-534 | DEPRECATED: Information Exposure Through Debug Log Files This entry has been deprecated because its abstraction was too low-level. See CWE-532. | 0 | 0 | 1 | 1 | 2 |