|CWE||NAME||LAST 12M||LOW||MEDIUM||HIGH||CRITICAL||TOTAL VULNS|
|CWE-843|| Access of Resource Using Incompatible Type ('Type Confusion') |
The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
|CWE-347|| Improper Verification of Cryptographic Signature |
The software does not verify, or incorrectly verifies, the cryptographic signature for data.
|CWE-129|| Improper Validation of Array Index |
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
|CWE-369|| Divide By Zero |
The product divides a value by zero.
|CWE-384|| Session Fixation |
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
|CWE-345|| Insufficient Verification of Data Authenticity |
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
|CWE-16|| Configuration |
Weaknesses in this category are typically introduced during the configuration of the software.
|CWE-613|| Insufficient Session Expiration |
According to WASC, Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.
|CWE-908|| Use of Uninitialized Resource |
The software uses or accesses a resource that has not been initialized.
|CWE-19|| Data Processing Errors |
Weaknesses in this category are typically found in functionality that processes data.