Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-786 Access of Memory Location Before Start of Buffer
The software reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
0 1 0 0 1
CWE-451 User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
0 1 0 0 1
CWE-324 Use of a Key Past its Expiration Date
The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
0 1 0 0 1
CWE-27 Path Traversal: 'dir/../../filename'
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal ../ sequences that can resolve to a location that is outside of that directory.
0 0 1 0 1
CWE-911 Improper Update of Reference Count
The software uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count.
0 0 1 0 1
CWE-759 Use of a One-Way Hash without a Salt
The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input.
0 1 0 0 1
CWE-643 Improper Neutralization of Data within XPath Expressions ('XPath Injection')
The software uses external input to dynamically construct an XPath expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.
0 0 1 0 1
CWE-228 Improper Handling of Syntactically Invalid Structure
The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.
0 0 1 0 1
CWE-671 Lack of Administrator Control over Security
The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect the environment in which the product is being used. This introduces resultant weaknesses or prevents it from operating at a level of security that is desired by the administrator.
0 1 0 0 1
CWE-475 Undefined Behavior for Input to API
The behavior of this function is undefined unless its control parameter is set to a specific value.
1 0 0 0 1