Categories
| CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| CWE-540 | Information Exposure Through Source Code Source code on a web server or repository often contains sensitive information and should generally not be accessible to users. | 1 | 1 | 0 | 0 | 2 | |
| CWE-208 | Information Exposure Through Timing Discrepancy Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not. | 1 | 1 | 0 | 0 | 2 | |
| CWE-840 | Business Logic Errors Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses.Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses. | 0 | 2 | 0 | 0 | 2 | |
| CWE-328 | Reversible One-Way Hash The product uses a hashing algorithm that produces a hash value that can be used to determine the original input, or to find an input that can produce the same hash, more efficiently than brute force techniques. | 1 | 0 | 1 | 0 | 2 | |
| CWE-680 | Integer Overflow to Buffer Overflow The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow. | 0 | 1 | 1 | 0 | 2 | |
| CWE-1262 | Register Interface Allows Software Access to Sensitive Data or Security Settings Memory-mapped registers provide access to hardware functionality from software and if not properly secured can result in loss of confidentiality and integrity. | 0 | 1 | 1 | 0 | 2 | |
| CWE-277 | Insecure Inherited Permissions A product defines a set of insecure permissions that are inherited by objects that are created by the program. | 0 | 2 | 0 | 0 | 2 | |
| CWE-296 | Improper Following of a Certificate's Chain of Trust The software does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resource that is associated with that certificate. | 0 | 2 | 0 | 0 | 2 | |
| CWE-130 | Improper Handling of Length Parameter Inconsistency The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data. | 1 | 0 | 1 | 0 | 2 | |
| CWE-304 | Missing Critical Step in Authentication The software implements an authentication technique, but it skips a step that weakens the technique. | 0 | 1 | 1 | 0 | 2 |