|
Mismatched Memory Management Routines
|
0/100 |
low-risk
|
|
Release of Invalid Pointer or Reference
|
0/100 |
low-risk
|
|
Multiple Unlocks of a Critical Resource
|
0/100 |
low-risk
|
|
DEPRECATED: Uncontrolled File Descriptor Consumption
|
0/100 |
low-risk
|
|
Missing Reference to Active Allocated Resource
|
0/100 |
low-risk
|
|
Allocation of File Descriptors or Handles Without Limits or Throttling
|
0/100 |
low-risk
|
|
Missing Release of File Descriptor or Handle after Effective Lifetime
|
0/100 |
low-risk
|
|
Insufficient Logging
|
0/100 |
low-risk
|
|
Use of RSA Algorithm without OAEP
|
0/100 |
low-risk
|
|
Reliance on Cookies without Validation and Integrity Checking in a Security Decision
|
0/100 |
low-risk
|
|
Access of Memory Location Before Start of Buffer
|
0/100 |
low-risk
|
|
Access of Memory Location After End of Buffer
|
0/100 |
low-risk
|
|
Incomplete Filtering of Special Elements
|
0/100 |
low-risk
|
|
Incomplete Filtering of One or More Instances of Special Elements
|
0/100 |
low-risk
|
|
Incomplete Filtering of Multiple Instances of Special Elements
|
0/100 |
low-risk
|
|
Improper Control of Interaction Frequency
|
0/100 |
low-risk
|
|
Guessable CAPTCHA
|
0/100 |
low-risk
|
|
Buffer Access with Incorrect Length Value
|
0/100 |
low-risk
|
|
Improper Neutralization of Script in an Error Message Web Page
|
0/100 |
low-risk
|
|
Missing Synchronization
|
0/100 |
low-risk
|
|
Incorrect Synchronization
|
0/100 |
low-risk
|
|
Use of Out-of-range Pointer Offset
|
0/100 |
low-risk
|
|
Premature Release of Resource During Expected Lifetime
|
0/100 |
low-risk
|
|
Improper Control of Document Type Definition
|
0/100 |
low-risk
|
|
Signal Handler with Functionality that is not Asynchronous-Safe
|
0/100 |
low-risk
|
|
Improper Neutralization of Script in Attributes in a Web Page
|
0/100 |
low-risk
|
|
Inclusion of Web Functionality from an Untrusted Source
|
0/100 |
low-risk
|
|
Unlock of a Resource that is not Locked
|
0/100 |
low-risk
|
|
Deadlock
|
0/100 |
low-risk
|
|
Excessive Iteration
|
0/100 |
low-risk
|
|
Improper Enforcement of a Single, Unique Action
|
0/100 |
low-risk
|
|
Numeric Range Comparison Without Minimum Check
|
0/100 |
low-risk
|
|
Improper Neutralization of Encoded URI Schemes in a Web Page
|
0/100 |
low-risk
|
|
Improper Enforcement of Behavioral Workflow
|
0/100 |
low-risk
|
|
Doubled Character XSS Manipulations
|
0/100 |
low-risk
|
|
Improper Neutralization of Invalid Characters in Identifiers in Web Pages
|
0/100 |
low-risk
|
|
Use of Expired File Descriptor
|
0/100 |
low-risk
|
|
Improper Update of Reference Count
|
0/100 |
low-risk
|
|
Improper Control of Dynamically-Identified Variables
|
0/100 |
low-risk
|
|
DEPRECATED: Improper Sanitization of Custom Special Characters
|
0/100 |
low-risk
|
|
Improper Restriction of Power Consumption
|
0/100 |
low-risk
|
|
Storage of Sensitive Data in a Mechanism without Access Control
|
0/100 |
low-risk
|
|
Improper Verification of Intent by Broadcast Receiver
|
0/100 |
low-risk
|
|
Improper Export of Android Application Components
|
0/100 |
low-risk
|
|
Use of Implicit Intent for Sensitive Communication
|
0/100 |
low-risk
|
|
Improper Authorization in Handler for Custom URL Scheme
|
0/100 |
low-risk
|
|
Permissive Cross-domain Security Policy with Untrusted Domains
|
0/100 |
low-risk
|
|
Improper Neutralization of Special Elements in Data Query Logic
|
0/100 |
low-risk
|
|
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
|
0/100 |
low-risk
|
|
CWE-17
|
0/100 |
low-risk
|
|
CWE-21
|
0/100 |
low-risk
|
|
CWE-18
|
0/100 |
low-risk
|
|
CWE-199
|
0/100 |
low-risk
|
|
CWE-417
|
0/100 |
low-risk
|
|
CWE-485
|
0/100 |
low-risk
|
|
CWE-1
|
0/100 |
low-risk
|
|
CWE-895
|
0/100 |
low-risk
|
|
CWE-371
|
0/100 |
low-risk
|
|
CWE-840
|
0/100 |
low-risk
|
|
CWE-714
|
0/100 |
low-risk
|
|
CWE-465
|
0/100 |
low-risk
|
|
CWE-952
|
0/100 |
low-risk
|
|
CWE-265
|
0/100 |
low-risk
|
|
CWE-1027
|
0/100 |
low-risk
|
|
CWE-815
|
0/100 |
low-risk
|
|
CWE-1352
|
0/100 |
low-risk
|
|
CWE-1218
|
0/100 |
low-risk
|
|
CWE-1026
|
0/100 |
low-risk
|
|
CWE-355
|
0/100 |
low-risk
|
|
CWE-701
|
0/100 |
low-risk
|
|
CWE-227
|
0/100 |
low-risk
|
|
CWE-1018
|
0/100 |
low-risk
|
|
CWE-702
|
0/100 |
low-risk
|
|
CWE-962
|
0/100 |
low-risk
|
|
CWE-1032
|
0/100 |
low-risk
|
|
CWE-730
|
0/100 |
low-risk
|
|
Sensitive Cookie Without 'HttpOnly' Flag
|
0/100 |
low-risk
|
|
CWE-557
|
0/100 |
low-risk
|
|
Insufficient Visual Distinction of Homoglyphs Presented to User
|
0/100 |
low-risk
|
|
Struts: Duplicate Validation Forms
|
0/100 |
low-risk
|
|
Improper Restriction of Rendered UI Layers or Frames
|
0/100 |
low-risk
|
|
Use of Web Link to Untrusted Target with window.opener Access
|
0/100 |
low-risk
|
|
Incomplete Comparison with Missing Factors
|
0/100 |
low-risk
|
|
Comparison of Incompatible Types
|
0/100 |
low-risk
|
|
Comparison Using Wrong Factors
|
0/100 |
low-risk
|
|
Processor Optimization Removal or Modification of Security-critical Code
|
0/100 |
low-risk
|
|
Insecure Automated Optimizations
|
0/100 |
low-risk
|
|
Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism
|
0/100 |
low-risk
|
|
Creation of Immutable Text Using String Concatenation
|
0/100 |
low-risk
|
|
Excessive Data Query Operations in a Large Data Table
|
0/100 |
low-risk
|
|
Excessive Platform Resource Consumption within a Loop
|
0/100 |
low-risk
|
|
Initialization with Hard-Coded Network Resource Configuration Data
|
0/100 |
low-risk
|
|
Multiple Inheritance from Concrete Classes
|
0/100 |
low-risk
|
|
Data Access Operations Outside of Expected Data Manager Component
|
0/100 |
low-risk
|
|
Insufficient Technical Documentation
|
0/100 |
low-risk
|
|
Inconsistency Between Implementation and Documented Design
|
0/100 |
low-risk
|
|
Insufficient Adherence to Expected Conventions
|
0/100 |
low-risk
|
|
Floating Point Comparison with Incorrect Operator
|
0/100 |
low-risk
|
|
Inappropriate Source Code Style or Formatting
|
0/100 |
low-risk
|
|
Data Access from Outside Expected Data Manager Component
|
0/100 |
low-risk
|