Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-501 Trust Boundary Violation
The product mixes trusted and untrusted data in the same data structure or structured message.
0 0 1 0 1
CWE-1018 Manage User Sessions
Weaknesses in this category are related to the design and architecture of session managment. Frequently these deal with the information or status about each user and their access rights for the duration of multiple requests. The weaknesses in this category could lead to a degradation of the quality of session managment if they are not addressed when designing or implementing a secure architecture.Weaknesses in this category are related to the design and architecture of session managment. Frequently these deal with the information or status about each user and their access rights for the duration of multiple requests. The weaknesses in this category could lead to a degradation of the quality of session managment if they are not addressed when designing or implementing a secure architecture.
0 1 0 0 1
CWE-26 Path Traversal: '/dir/../filename'
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize /dir/../filename sequences that can resolve to a location that is outside of that directory.
0 0 1 0 1
CWE-762 Mismatched Memory Management Routines
The application attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.
0 0 1 0 1
CWE-25 Path Traversal: '/../filedir'
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize /../ sequences that can resolve to a location that is outside of that directory.
0 0 1 0 1
CWE-654 Reliance on a Single Factor in a Security Decision
A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality.
0 1 0 0 1
CWE-488 Exposure of Data Element to Wrong Session
The product does not sufficiently enforce boundaries between the states of different sessions, causing data to be provided to, or used by, the wrong session.
0 0 1 0 1
CWE-213 Intentional Information Exposure
The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed.
0 0 1 0 1
CWE-1269 Product Released in Non-Release Configuration
The product released to market is released in pre-production or manufacturing configuration.
1 0 0 0 1