Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-501 | Trust Boundary Violation The product mixes trusted and untrusted data in the same data structure or structured message. | 0 | 0 | 1 | 0 | 1 | |
CWE-1018 | Manage User Sessions Weaknesses in this category are related to the design and architecture of session managment. Frequently these deal with the information or status about each user and their access rights for the duration of multiple requests. The weaknesses in this category could lead to a degradation of the quality of session managment if they are not addressed when designing or implementing a secure architecture.Weaknesses in this category are related to the design and architecture of session managment. Frequently these deal with the information or status about each user and their access rights for the duration of multiple requests. The weaknesses in this category could lead to a degradation of the quality of session managment if they are not addressed when designing or implementing a secure architecture. | 0 | 1 | 0 | 0 | 1 | |
CWE-26 | Path Traversal: '/dir/../filename' The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize /dir/../filename sequences that can resolve to a location that is outside of that directory. | 0 | 0 | 1 | 0 | 1 | |
CWE-762 | Mismatched Memory Management Routines The application attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource. | 0 | 0 | 1 | 0 | 1 | |
CWE-25 | Path Traversal: '/../filedir' The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize /../ sequences that can resolve to a location that is outside of that directory. | 0 | 0 | 1 | 0 | 1 | |
CWE-654 | Reliance on a Single Factor in a Security Decision A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality. | 0 | 1 | 0 | 0 | 1 | |
CWE-488 | Exposure of Data Element to Wrong Session The product does not sufficiently enforce boundaries between the states of different sessions, causing data to be provided to, or used by, the wrong session. | 0 | 0 | 1 | 0 | 1 | |
CWE-213 | Intentional Information Exposure The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed. | 0 | 0 | 1 | 0 | 1 | |
CWE-1269 | Product Released in Non-Release Configuration The product released to market is released in pre-production or manufacturing configuration. | 1 | 0 | 0 | 0 | 1 | |
CWE-283 | Unverified Ownership The software does not properly verify that a critical resource is owned by the proper entity. | 0 | 1 | 0 | 0 | 1 |