Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-826 Premature Release of Resource During Expected Lifetime
The program releases a resource that is still intended to be used by the program itself or another actor.
 0 0 1 0 1
CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak')
The software makes resources available to untrusted parties when those resources are only intended to be accessed by the software.
 0 1 0 0 1
CWE-789 Uncontrolled Memory Allocation
The product allocates memory based on an untrusted size value, but it does not validate or incorrectly validates the size, allowing arbitrary amounts of memory to be allocated.
 0 1 0 0 1
CWE-340 Predictability Problems
The product uses a scheme that generates numbers or identifiers that are more predictable than required.
 0 1 0 0 1
CWE-302 Authentication Bypass by Assumed-Immutable Data
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
 0 0 1 0 1
CWE-544 Missing Standardized Error Handling Mechanism
The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses.
 0 1 0 0 1
CWE-530 Exposure of Backup File to an Unauthorized Control Sphere
A backup file is stored in a directory or archive that is made accessible to unauthorized actors.
 0 0 1 0 1
CWE-780 Use of RSA Algorithm without OAEP
The software uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.
 0 1 0 0 1
CWE-277 Insecure Inherited Permissions
A product defines a set of insecure permissions that are inherited by objects that are created by the program.
 0 1 0 0 1
CWE-602 Client-Side Enforcement of Server-Side Security
The software is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
 0 1 0 0 1