Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-540 | Information Exposure Through Source Code Source code on a web server or repository often contains sensitive information and should generally not be accessible to users. | 1 | 1 | 0 | 0 | 2 | |
CWE-823 | Use of Out-of-range Pointer Offset The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer. | 0 | 1 | 1 | 0 | 2 | |
CWE-591 | Sensitive Data Storage in Improperly Locked Memory The application stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk by the virtual memory manager. This can make the data more accessible to external actors. | 0 | 0 | 2 | 0 | 2 | |
CWE-840 | Business Logic Errors Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses.Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses. | 0 | 2 | 0 | 0 | 2 | |
CWE-280 | Improper Handling of Insufficient Permissions or Privileges The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state. | 0 | 0 | 2 | 0 | 2 | |
CWE-300 | Channel Accessible by Non-Endpoint ('Man-in-the-Middle') The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint. | 0 | 2 | 0 | 0 | 2 | |
CWE-328 | Reversible One-Way Hash The product uses a hashing algorithm that produces a hash value that can be used to determine the original input, or to find an input that can produce the same hash, more efficiently than brute force techniques. | 1 | 0 | 1 | 0 | 2 | |
CWE-457 | Use of Uninitialized Variable The code uses a variable that has not been initialized, leading to unpredictable or unintended results. | 1 | 0 | 1 | 0 | 2 | |
CWE-775 | Missing Release of File Descriptor or Handle after Effective Lifetime The software does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed. | 0 | 0 | 1 | 0 | 1 | |
CWE-774 | Allocation of File Descriptors or Handles Without Limits or Throttling The software allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for that actor. | 0 | 0 | 1 | 0 | 1 |