Categories
| CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| CWE-328 | Reversible One-Way Hash The product uses a hashing algorithm that produces a hash value that can be used to determine the original input, or to find an input that can produce the same hash, more efficiently than brute force techniques. | 0 | 0 | 1 | 0 | 1 | |
| CWE-280 | Improper Handling of Insufficient Permissions or Privileges The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state. | 0 | 0 | 1 | 0 | 1 | |
| CWE-759 | Use of a One-Way Hash without a Salt The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. | 0 | 1 | 0 | 0 | 1 | |
| CWE-81 | Improper Neutralization of Script in an Error Message Web Page The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters that could be interpreted as web-scripting elements when they are sent to an error page. | 0 | 1 | 0 | 0 | 1 | |
| CWE-650 | Trusting HTTP Permission Methods on the Server Side The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to modify state. | 0 | 1 | 0 | 0 | 1 | |
| CWE-348 | Use of Less Trusted Source The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack. | 0 | 1 | 0 | 0 | 1 | |
| CWE-1288 | Improper Validation of Consistency within Input The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent. | 0 | 0 | 1 | 0 | 1 | |
| CWE-833 | Deadlock The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock. | 0 | 1 | 0 | 0 | 1 | |
| CWE-923 | Improper Restriction of Communication Channel to Intended Endpoints The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint. | 0 | 0 | 1 | 0 | 1 | |
| CWE-703 | Improper Check or Handling of Exceptional Conditions The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software. | 0 | 1 | 0 | 0 | 1 |