Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-424 | Improper Protection of Alternate Path The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources. | 0 | 0 | 1 | 0 | 1 | |
CWE-282 | Improper Ownership Management The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource. | 0 | 0 | 1 | 0 | 1 | |
CWE-395 | Use of NullPointerException Catch to Detect NULL Pointer Dereference Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer. | 0 | 0 | 1 | 0 | 1 | |
CWE-35 | Path Traversal: '.../...//' The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. | 0 | 0 | 1 | 0 | 1 | |
CWE-524 | Information Exposure Through Caching The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere. | 0 | 1 | 0 | 0 | 1 | |
CWE-1258 | Sensitive Information Uncleared During Hardware Debug Flows The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered. | 0 | 0 | 1 | 0 | 1 | |
CWE-141 | Improper Neutralization of Parameter/Argument Delimiters The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as parameter or argument delimiters when they are sent to a downstream component. | 0 | 0 | 1 | 0 | 1 | |
CWE-1288 | Improper Validation of Consistency within Input The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent. | 0 | 0 | 0 | 1 | 1 | |
CWE-146 | Improper Neutralization of Expression/Command Delimiters The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as expression or command delimiters when they are sent to a downstream component. | 0 | 0 | 1 | 0 | 1 | |
CWE-690 | Unchecked Return Value to NULL Pointer Dereference The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. | 0 | 0 | 1 | 0 | 1 |