Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-203 | Information Exposure Through Discrepancy The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. | 81 | 289 | 36 | 11 | 417 | |
CWE-415 | Double Free The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. | 8 | 173 | 175 | 58 | 414 | |
CWE-772 | Missing Release of Resource after Effective Lifetime The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. | 29 | 300 | 70 | 3 | 402 | |
CWE-755 | Improper Handling of Exceptional Conditions The software does not handle or incorrectly handles an exceptional condition. | 48 | 194 | 134 | 23 | 399 | |
CWE-639 | Authorization Bypass Through User-Controlled Key The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. | 4 | 278 | 86 | 29 | 397 | |
CWE-617 | Reachable Assertion The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. | 24 | 237 | 134 | 0 | 395 | |
CWE-327 | Use of a Broken or Risky Cryptographic Algorithm The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information. | 40 | 202 | 95 | 23 | 360 | |
CWE-254 | 7PK - Security Features Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management. | 43 | 241 | 39 | 26 | 349 | |
CWE-326 | Inadequate Encryption Strength The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. | 34 | 233 | 60 | 22 | 349 | |
CWE-843 | Access of Resource Using Incompatible Type ('Type Confusion') The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. | 3 | 112 | 186 | 43 | 344 |