|CWE||NAME||LAST 12M||LOW||MEDIUM||HIGH||CRITICAL||TOTAL VULNS|
|CWE-120|| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
|CWE-189|| Numeric Errors |
Weaknesses in this category are related to improper calculation or conversion of numbers.
|CWE-863|| Incorrect Authorization |
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
|CWE-400|| Uncontrolled Resource Consumption ('Resource Exhaustion') |
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
|CWE-77|| Improper Neutralization of Special Elements used in a Command ('Command Injection') |
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
|CWE-284|| Improper Access Control |
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
|CWE-362|| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
|CWE-862|| Missing Authorization |
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
|CWE-732|| Incorrect Permission Assignment for Critical Resource |
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
|CWE-59|| Improper Link Resolution Before File Access ('Link Following') |
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.