| Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') | |
| Arbitrary Command Injection | |
| Key Exchange without Entity Authentication | |
| Reliance on Untrusted Inputs in a Security Decision | |
| Directory Traversal | |
| Incorrect Default Permissions | |
| Improper Validation of Certificate with Host Mismatch | |
| Improper Input Validation | |
| HTTP Request Smuggling | |
| Cross-site Scripting (XSS) | |
| Eval Injection | |
| HTTP Response Splitting | |
| Improper Input Validation | |
| Improperly Implemented Security Check for Standard | |
| Cross-site Scripting (XSS) | |
| CVE-2018-3258 | |
| Missing Authorization | |
| Information Exposure | |
| OS Command Injection | |
| Information Exposure Through Log Files | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Information Exposure | |
| Information Exposure | |
| Missing Authorization | |
| Missing Authorization | |
| Information Exposure Through Log Files | |
| Information Exposure Through Log Files | |
| Information Exposure | |
| SQL Injection | |
| Information Exposure | |
| Deserialization of Untrusted Data | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| XML External Entity (XXE) Injection | |
| Information Exposure | |
| Improper Input Validation | |
| Use of a Broken or Risky Cryptographic Algorithm | |
| Cross-site Scripting (XSS) | |
| Improper Access Control | |
| Missing Required Cryptographic Step | |
| Missing Required Cryptographic Step | |
| Information Exposure | |
| Cross-site Scripting (XSS) | |
| Cleartext Transmission of Sensitive Information | |
| Cleartext Transmission of Sensitive Information | |
| Information Exposure | |
| Information Exposure | |
| Open Redirect | |
| Open Redirect | |
| Information Exposure | |
| Information Exposure | |
| Covert Timing Channel | |
| Incorrect Calculation | |
| Missing Required Cryptographic Step | |
| Missing Required Cryptographic Step | |
| Missing Required Cryptographic Step | |
| Information Exposure | |
| Information Exposure | |
| Directory Traversal | |
| Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | |
| Improper Certificate Validation | |
| OS Command Injection | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| SQL Injection | |
| Cleartext Storage of Sensitive Information | |
| Insufficient Verification of Data Authenticity | |
| Deserialization of Untrusted Data | |
| Improper Input Validation | |
| Insecure Temporary File | |
| Insufficiently Protected Credentials | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Improper Authorization | |
| Improper Authorization | |
| Cross-site Scripting (XSS) | |
| Information Exposure Through Log Files | |
| Information Exposure | |
| Improper Access Control | |
| Use of Insufficiently Random Values | |
| Incorrect Permission Assignment for Critical Resource | |
| Improper Input Validation | |
| Improper Access Control | |
| Cross-site Scripting (XSS) | |
| Arbitrary Code Injection | |
| Information Exposure | |
| Incorrect Authorization | |
| Improper Input Validation | |
| Incorrect Permission Assignment for Critical Resource | |
| Race Condition | |
| Insecure Temporary File | |
| Incorrect Permission Assignment for Critical Resource | |
| Cross-site Scripting (XSS) | |
| Cleartext Transmission of Sensitive Information | |
| Improper Authorization | |
| Improper Access Control | |
| Incorrect Permission Assignment for Critical Resource | |
| Cleartext Storage of Sensitive Information | |
| Improper Authentication | |
| Information Exposure | |
| Insufficiently Protected Credentials | |
| Improper Authorization | |
| Cleartext Transmission of Sensitive Information | |
| Improper Certificate Validation | |
| Insufficiently Protected Credentials | |
| Insufficiently Protected Credentials | |
| Insufficiently Protected Credentials | |
| Improper Input Validation | |
| Improper Input Validation | |
| Cross-site Scripting (XSS) | |
| Improper Authentication | |
| Improper Authentication | |
| Improper Authentication | |
| Cross-site Scripting (XSS) | |
| Information Exposure | |
| Information Exposure | |
| Information Exposure | |
| Incorrect Default Permissions | |
| SQL Injection | |
| SQL Injection | |
| Improperly Implemented Security Check for Standard | |
| Unchecked Error Condition | |
| Unchecked Error Condition | |
| Improper Verification of Cryptographic Signature | |
| Improper Verification of Cryptographic Signature | |
| Directory Traversal | |
| Directory Traversal | |
| Directory Traversal | |
| Directory Traversal | |
| Server-Side Request Forgery (SSRF) | |
| Server-Side Request Forgery (SSRF) | |
| Directory Traversal | |
| Directory Traversal | |
| Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | |
| Missing Authorization | |
| Information Exposure | |
| Improper Validation of Certificate with Host Mismatch | |
| Execution with Unnecessary Privileges | |
| Execution with Unnecessary Privileges | |
| Resource Exhaustion | |
| Resource Exhaustion | |
| HTTP Request Smuggling | |
| Resource Exhaustion | |
| Out-of-Bounds | |
| Out-of-Bounds | |
| Information Exposure | |
| Information Exposure | |
| Information Exposure | |
| Information Exposure | |
| Resource Exhaustion | |
| Resource Exhaustion | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Resource Exhaustion | |
| Resource Exhaustion | |
| Resource Exhaustion | |
| Resource Exhaustion | |
| Cross-site Scripting (XSS) | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Improper Input Validation | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Improper Input Validation | |
| Improper Input Validation | |
| Improper Input Validation | |
| Improper Input Validation | |
| Eval Injection | |
| Information Exposure | |
| Information Exposure | |
| OS Command Injection | |
| OS Command Injection | |
| XML External Entity (XXE) Injection | |
| XML External Entity (XXE) Injection | |
| Directory Traversal | |
| HTTP Response Splitting | |
| Incomplete Blacklist | |
| Reliance on Untrusted Inputs in a Security Decision | |
| Integer Overflow or Wraparound | |
| Improper Input Validation | |
| Improper Input Validation | |
| Improper Input Validation | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| HTTP Response Splitting | |
| CVE-2018-3258 | |
| Covert Timing Channel | |
| Covert Timing Channel | |
| Covert Timing Channel | |
| Arbitrary Argument Injection | |
| Out-of-Bounds | |
| Improper Neutralization of Special Elements | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Loop with Unreachable Exit Condition ('Infinite Loop') | |
| Loop with Unreachable Exit Condition ('Infinite Loop') | |
| CVE-2016-6346 | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Incorrect Default Permissions | |
| Incorrect Default Permissions | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Improper Neutralization of Special Elements | |
| Information Exposure | |
| Information Exposure | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Use After Free | |
| Use After Free | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
