Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-915 | Improperly Controlled Modification of Dynamically-Determined Object Attributes The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified. | 0 | 0 | 1 | 0 | 1 | |
CWE-216 | Containment Errors (Container Errors) This entry has been deprecated, as it was not effective as a weakness and was structured more like a category. In addition, the name is inappropriate, since the container term is widely understood by developers in different ways than originally intended by PLOVER, the original source for this entry. | 0 | 0 | 1 | 0 | 1 | |
CWE-371 | State Issues Weaknesses in this category are related to improper management of system state.Weaknesses in this category are related to improper management of system state. | 0 | 0 | 1 | 0 | 1 | |
CWE-406 | Insufficient Control of Network Message Volume (Network Amplification) The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. | 0 | 0 | 0 | 1 | 1 | |
CWE-202 | Exposure of Sensitive Data Through Data Queries When trying to keep information confidential, an attacker can often infer some of the information by using statistics. | 1 | 0 | 0 | 0 | 1 | |
CWE-378 | Creation of Temporary File With Insecure Permissions Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack. | 0 | 1 | 0 | 0 | 1 | |
CWE-420 | Unprotected Alternate Channel The software protects a primary channel, but it does not use the same level of protection for an alternate channel. | 0 | 0 | 0 | 1 | 1 | |
CWE-413 | Improper Resource Locking The software does not lock or does not correctly lock a resource when the software must have exclusive access to the resource. | 0 | 0 | 1 | 0 | 1 | |
CWE-219 | Sensitive Data Under Web Root The application stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties. | 0 | 0 | 1 | 0 | 1 | |
CWE-324 | Use of a Key Past its Expiration Date The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. | 0 | 1 | 0 | 0 | 1 |