Categories
| CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| CWE-769 | Uncontrolled File Descriptor Consumption This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774. | 1 | 0 | 2 | 0 | 3 | |
| CWE-451 | User Interface (UI) Misrepresentation of Critical Information The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. | 0 | 3 | 0 | 0 | 3 | |
| CWE-300 | Channel Accessible by Non-Endpoint ('Man-in-the-Middle') The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint. | 0 | 2 | 1 | 0 | 3 | |
| CWE-457 | Use of Uninitialized Variable The code uses a variable that has not been initialized, leading to unpredictable or unintended results. | 1 | 1 | 1 | 0 | 3 | |
| CWE-280 | Improper Handling of Insufficient Permissions or Privileges The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state. | 0 | 0 | 3 | 0 | 3 | |
| CWE-1 | DEPRECATED: Location This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree. | 0 | 0 | 0 | 2 | 2 | |
| CWE-534 | DEPRECATED: Information Exposure Through Debug Log Files This entry has been deprecated because its abstraction was too low-level. See CWE-532. | 0 | 0 | 1 | 1 | 2 | |
| CWE-642 | External Control of Critical State Data The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors. | 0 | 1 | 1 | 0 | 2 | |
| CWE-21 | Pathname Traversal and Equivalence Errors Weaknesses in this category can be used to access files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence). Files, directories, and folders are so central to information technology that many different weaknesses and variants have been discovered. The manipulations generally involve special characters or sequences in pathnames, or the use of alternate references or channels. | 0 | 1 | 0 | 1 | 2 | |
| CWE-912 | Hidden Functionality The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software's users or administrators. | 0 | 0 | 1 | 1 | 2 |