Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-232 | Improper Handling of Undefined Values The software does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name. | 0 | 1 | 0 | 0 | 1 | |
CWE-372 | Incomplete Internal State Distinction The software does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner. | 0 | 1 | 0 | 0 | 1 | |
CWE-393 | Return of Wrong Status Code A function or operation returns an incorrect return value or status code that does not indicate an error, but causes the product to modify its behavior based on the incorrect result. | 0 | 0 | 1 | 0 | 1 | |
CWE-278 | Insecure Preserved Inherited Permissions A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement. | 0 | 0 | 1 | 0 | 1 | |
CWE-839 | Numeric Range Comparison Without Minimum Check The program checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum. | 0 | 0 | 1 | 0 | 1 | |
CWE-612 | Information Exposure Through Indexing of Private Data The product creates a search index of private or sensitive documents, but it does not properly limit index access to actors who are authorized to see the original information. | 0 | 1 | 0 | 0 | 1 | |
CWE-645 | Overly Restrictive Account Lockout Mechanism The software contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny service to legitimate users by causing their accounts to be locked out. | 0 | 0 | 1 | 0 | 1 | |
CWE-836 | Use of Password Hash Instead of Password for Authentication The software records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store. | 0 | 0 | 1 | 0 | 1 | |
CWE-1241 | Use of Predictable Algorithm in Random Number Generator The product requires a true random number but uses an algorithm that is predictable and generates a pseudo-random number. | 0 | 0 | 1 | 0 | 1 | |
CWE-550 | Information Exposure Through Server Error Message Certain conditions, such as network failure, will cause a server error message to be displayed. | 0 | 0 | 1 | 0 | 1 |