Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-406 Insufficient Control of Network Message Volume (Network Amplification)
The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor.
1 2 1 0 4
CWE-548 Information Exposure Through Directory Listing
A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.
0 4 0 0 4
CWE-664 Improper Control of a Resource Through its Lifetime
The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.
0 2 1 1 4
CWE-353 Missing Support for Integrity Check
The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.
0 4 0 0 4
CWE-636 Not Failing Securely ('Failing Open')
When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.
0 2 2 0 4
CWE-325 Missing Required Cryptographic Step
The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by that algorithm.
0 2 2 0 4
CWE-130 Improper Handling of Length Parameter Inconsistency
The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
0 3 1 0 4
CWE-1220 Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
0 4 0 0 4
CWE-840 Business Logic Errors
Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses.Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses.
0 4 0 0 4
CWE-703 Improper Check or Handling of Exceptional Conditions
The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.
0 3 1 0 4