Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
55 559 428 229 1271
CWE-189 Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.
29 548 241 387 1205
CWE-863 Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
122 836 142 76 1176
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
63 789 278 3 1133
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3 371 394 340 1108
CWE-284 Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
99 591 184 133 1007
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
139 643 180 41 1003
CWE-862 Missing Authorization
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
97 693 156 37 983
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
125 544 200 55 924
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
236 431 149 16 832