Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-76 | Improper Neutralization of Equivalent Special Elements The software properly neutralizes certain special elements, but it improperly neutralizes equivalent special elements. | 0 | 1 | 0 | 0 | 1 | |
CWE-1103 | Use of Platform-Dependent Third Party Components The product relies on third-party software components that do not provide equivalent functionality across all desirable platforms. | 0 | 1 | 0 | 0 | 1 | |
CWE-263 | Password Aging with Long Expiration Allowing password aging to occur unchecked can result in the possibility of diminished password integrity. | 0 | 0 | 1 | 0 | 1 | |
CWE-28 | Path Traversal: '..\filedir' The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize .. sequences that can resolve to a location that is outside of that directory. | 0 | 1 | 0 | 0 | 1 | |
CWE-758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity. | 0 | 0 | 1 | 0 | 1 | |
CWE-691 | Insufficient Control Flow Management The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways. | 0 | 0 | 1 | 0 | 1 | |
CWE-544 | Missing Standardized Error Handling Mechanism The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses. | 0 | 0 | 1 | 0 | 1 | |
CWE-830 | Inclusion of Web Functionality from an Untrusted Source The software includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the software, potentially granting total access and control of the software to the untrusted source. | 0 | 0 | 1 | 0 | 1 | |
CWE-1270 | Generation of Incorrect Security Identifiers The product implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers generated in the system are incorrect. | 0 | 0 | 0 | 1 | 1 | |
CWE-253 | Incorrect Check of Function Return Value The software incorrectly checks a return value from a function, which prevents the software from detecting errors or exceptional conditions. | 0 | 1 | 0 | 0 | 1 |