|CWE||NAME||LAST 12M||LOW||MEDIUM||HIGH||CRITICAL||TOTAL VULNS|
|CWE-708|| Incorrect Ownership Assignment |
The software assigns an owner to a resource, but the owner is outside of the intended control sphere.
|CWE-791|| Incomplete Filtering of Special Elements |
The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
|CWE-1287|| Improper Validation of Specified Type of Input |
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
|CWE-391|| Unchecked Error Condition |
[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.
|CWE-825|| Expired Pointer Dereference |
The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.
|CWE-451|| User Interface (UI) Misrepresentation of Critical Information |
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
|CWE-324|| Use of a Key Past its Expiration Date |
The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
|CWE-648|| Incorrect Use of Privileged APIs |
The application does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.
|CWE-911|| Improper Update of Reference Count |
The software uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count.
|CWE-241|| Improper Handling of Unexpected Data Type |
The software does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).