Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-451 | User Interface (UI) Misrepresentation of Critical Information The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. | 0 | 3 | 0 | 0 | 3 | |
CWE-823 | Use of Out-of-range Pointer Offset The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer. | 0 | 1 | 2 | 0 | 3 | |
CWE-1 | DEPRECATED: Location This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree. | 0 | 0 | 0 | 2 | 2 | |
CWE-769 | Uncontrolled File Descriptor Consumption This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774. | 0 | 0 | 2 | 0 | 2 | |
CWE-534 | DEPRECATED: Information Exposure Through Debug Log Files This entry has been deprecated because its abstraction was too low-level. See CWE-532. | 0 | 0 | 1 | 1 | 2 | |
CWE-642 | External Control of Critical State Data The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors. | 0 | 1 | 1 | 0 | 2 | |
CWE-21 | Pathname Traversal and Equivalence Errors Weaknesses in this category can be used to access files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence). Files, directories, and folders are so central to information technology that many different weaknesses and variants have been discovered. The manipulations generally involve special characters or sequences in pathnames, or the use of alternate references or channels. | 0 | 1 | 0 | 1 | 2 | |
CWE-912 | Hidden Functionality The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software's users or administrators. | 0 | 0 | 1 | 1 | 2 | |
CWE-282 | Improper Ownership Management The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource. | 0 | 0 | 2 | 0 | 2 | |
CWE-1287 | Improper Validation of Specified Type of Input The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. | 0 | 0 | 1 | 1 | 2 |