Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-1278 Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
Secrets stored in hardware can be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as scanning electron microscopy.
0 1 0 0 1
CWE-42 Path Equivalence: 'filename.' (Trailing Dot)
A software system that accepts path input in the form of trailing dot ('filedir.') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
0 1 0 0 1
CWE-15 External Control of System or Configuration Setting
One or more system settings or configuration elements can be externally controlled by a user.
0 1 0 0 1
CWE-304 Missing Critical Step in Authentication
The software implements an authentication technique, but it skips a step that weakens the technique.
0 1 0 0 1
CWE-242 Use of Inherently Dangerous Function
The program calls a function that can never be guaranteed to work safely.
0 0 1 0 1
CWE-525 Information Exposure Through Browser Caching
The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.
1 0 0 0 1
CWE-791 Incomplete Filtering of Special Elements
The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
0 0 0 1 1
CWE-391 Unchecked Error Condition
[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.
1 0 0 0 1
CWE-456 Missing Initialization of a Variable
The software does not initialize critical variables, which causes the execution environment to use unexpected values.
0 1 0 0 1
CWE-825 Expired Pointer Dereference
The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.
0 1 0 0 1