Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-544 Missing Standardized Error Handling Mechanism
The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses.
0 1 0 0 1
CWE-385 Covert Timing Channel
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.
0 0 1 0 1
CWE-530 Exposure of Backup File to an Unauthorized Control Sphere
A backup file is stored in a directory or archive that is made accessible to unauthorized actors.
0 0 1 0 1
CWE-463 Deletion of Data Structure Sentinel
The accidental deletion of a data-structure sentinel can cause serious programming logic problems.
0 1 0 0 1
CWE-780 Use of RSA Algorithm without OAEP
The software uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.
0 1 0 0 1
CWE-526 Information Exposure Through Environmental Variables
Environmental variables may contain sensitive information about a remote server.
0 1 0 0 1
CWE-620 Unverified Password Change
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
0 0 0 1 1
CWE-277 Insecure Inherited Permissions
A product defines a set of insecure permissions that are inherited by objects that are created by the program.
0 1 0 0 1
CWE-602 Client-Side Enforcement of Server-Side Security
The software is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
0 1 0 0 1
CWE-213 Intentional Information Exposure
The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed.
0 1 0 0 1