|CWE||NAME||LAST 12M||LOW||MEDIUM||HIGH||CRITICAL||TOTAL VULNS|
|CWE-254|| 7PK - Security Features |
Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.
|CWE-415|| Double Free |
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
|CWE-312|| Cleartext Storage of Sensitive Information |
The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
|CWE-617|| Reachable Assertion |
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
|CWE-755|| Improper Handling of Exceptional Conditions |
The software does not handle or incorrectly handles an exceptional condition.
|CWE-327|| Use of a Broken or Risky Cryptographic Algorithm |
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.
|CWE-326|| Inadequate Encryption Strength |
The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
|CWE-639|| Authorization Bypass Through User-Controlled Key |
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
|CWE-203|| Information Exposure Through Discrepancy |
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
|CWE-134|| Use of Externally-Controlled Format String |
The software uses a function that accepts a format string as an argument, but the format string originates from an external source.