Weaknesses

CWE weakness types scored by proportion of linked CVEs with active exploitation.

761 weaknesses scored · Page 3 of 8

critical-risk
2
high-risk
1
moderate-risk
11
low-risk
747
Weakness Score Tier
Exposed IOCTL with Insufficient Access Control 2/100 low-risk
Operator Precedence Logic Error 2/100 low-risk
Authorization Bypass Through User-Controlled Key 2/100 low-risk
Not Failing Securely ('Failing Open') 2/100 low-risk
Incorrect Default Permissions 2/100 low-risk
Insecure Inherited Permissions 2/100 low-risk
Process Control 2/100 low-risk
Product UI does not Warn User of Unsafe Actions 2/100 low-risk
Unintended Proxy or Intermediary ('Confused Deputy') 2/100 low-risk
Improper Ownership Management 2/100 low-risk
Unverified Ownership 2/100 low-risk
Improper Authorization 2/100 low-risk
Cross-Site Request Forgery (CSRF) 2/100 low-risk
UNIX Symbolic Link (Symlink) Following 2/100 low-risk
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') 2/100 low-risk
Use of Client-Side Authentication 2/100 low-risk
Insufficient Verification of Data Authenticity 2/100 low-risk
Improperly Controlled Modification of Dynamically-Determined Object Attributes 2/100 low-risk
Improper Validation of Array Index 2/100 low-risk
Improper Validation of Specified Quantity in Input 2/100 low-risk
Insecure Storage of Sensitive Information 2/100 low-risk
Improper Certificate Validation 2/100 low-risk
Signed to Unsigned Conversion Error 2/100 low-risk
Cleartext Storage of Sensitive Information 2/100 low-risk
Use of Default Password 2/100 low-risk
Binding to an Unrestricted IP Address 2/100 low-risk
Reliance on Cookies without Validation and Integrity Checking 2/100 low-risk
Use of a Broken or Risky Cryptographic Algorithm 2/100 low-risk
Use of Hard-coded Password 2/100 low-risk
Password in Configuration File 2/100 low-risk
Improper Handling of Unicode Encoding 2/100 low-risk
Insufficient Control of Network Message Volume (Network Amplification) 2/100 low-risk
Inefficient Algorithmic Complexity 2/100 low-risk
Observable Response Discrepancy 1/100 low-risk
Improper Verification of Source of a Communication Channel 1/100 low-risk
Incomplete Cleanup 1/100 low-risk
Improper Synchronization 1/100 low-risk
Cleartext Transmission of Sensitive Information 1/100 low-risk
Missing Release of Memory after Effective Lifetime 1/100 low-risk
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 1/100 low-risk
Use of Uninitialized Variable 1/100 low-risk
Incorrect User Management 1/100 low-risk
Improper Control of Resource Identifiers ('Resource Injection') 1/100 low-risk
User Interface (UI) Misrepresentation of Critical Information 1/100 low-risk
Improper Neutralization of Escape, Meta, or Control Sequences 1/100 low-risk
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) 1/100 low-risk
External Control of System or Configuration Setting 1/100 low-risk
Insertion of Sensitive Information into Externally-Accessible File or Directory 1/100 low-risk
Privilege Chaining 1/100 low-risk
Improper Validation of Integrity Check Value 1/100 low-risk
Expired Pointer Dereference 1/100 low-risk
Reliance on Untrusted Inputs in a Security Decision 1/100 low-risk
Cleartext Storage of Sensitive Information in Memory 1/100 low-risk
CWE-320 1/100 low-risk
Channel Accessible by Non-Endpoint 1/100 low-risk
Insufficient Granularity of Access Control 1/100 low-risk
Interpretation Conflict 1/100 low-risk
Incorrect Privilege Assignment 1/100 low-risk
Memory Allocation with Excessive Size Value 1/100 low-risk
Authentication Bypass by Assumed-Immutable Data 1/100 low-risk
Uncontrolled Search Path Element 1/100 low-risk
Improper Null Termination 1/100 low-risk
Write-what-where Condition 1/100 low-risk
Exposure of Sensitive System Information to an Unauthorized Control Sphere 1/100 low-risk
Insertion of Sensitive Information Into Sent Data 1/100 low-risk
Exposure of Information Through Directory Listing 1/100 low-risk
Uncaught Exception 1/100 low-risk
Missing Initialization of Resource 1/100 low-risk
Improper Check or Handling of Exceptional Conditions 1/100 low-risk
Integer Overflow to Buffer Overflow 1/100 low-risk
Use of Less Trusted Source 1/100 low-risk
Improper Validation of Syntactic Correctness of Input 1/100 low-risk
Improper Handling of Parameters 1/100 low-risk
Incorrect Calculation 1/100 low-risk
Authentication Bypass by Capture-replay 1/100 low-risk
Insertion of Sensitive Information into Log File 1/100 low-risk
Creation of Temporary File in Directory with Insecure Permissions 1/100 low-risk
Improper Restriction of Communication Channel to Intended Endpoints 1/100 low-risk
Improper Enforcement of Message Integrity During Transmission in a Communication Channel 1/100 low-risk
Sensitive Data Storage in Improperly Locked Memory 1/100 low-risk
Asymmetric Resource Consumption (Amplification) 1/100 low-risk
Improper Locking 1/100 low-risk
Execution with Unnecessary Privileges 1/100 low-risk
Insufficient Session Expiration 1/100 low-risk
Deletion of Data Structure Sentinel 0/100 low-risk
Return of Pointer Value Outside of Expected Range 0/100 low-risk
Use of sizeof() on a Pointer Type 0/100 low-risk
Incorrect Pointer Scaling 0/100 low-risk
Use of Pointer Subtraction to Determine Size 0/100 low-risk
Modification of Assumed-Immutable Data (MAID) 0/100 low-risk
Use of Function with Inconsistent Implementations 0/100 low-risk
Undefined Behavior for Input to API 0/100 low-risk
Use of Obsolete Function 0/100 low-risk
Missing Default Case in Multiple Condition Expression 0/100 low-risk
Signal Handler Use of a Non-reentrant Function 0/100 low-risk
Use of Incorrect Operator 0/100 low-risk
Comparing instead of Assigning 0/100 low-risk
Exposure of Data Element to Wrong Session 0/100 low-risk
Public cloneable() Method Without Final ('Object Hijack') 0/100 low-risk
Private Data Structure Returned From A Public Method 0/100 low-risk
« Prev 1 2 3 4 5 8 Next »