Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Reliance on Untrusted Inputs in a Security Decision | |
Directory Traversal | |
Incorrect Default Permissions | |
Improper Validation of Certificate with Host Mismatch | |
Improper Input Validation | |
HTTP Request Smuggling | |
Cross-site Scripting (XSS) | |
Eval Injection | |
HTTP Response Splitting | |
Improper Authentication | |
Insufficiently Protected Credentials | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Improper Input Validation | |
Improperly Implemented Security Check for Standard | |
Cross-site Scripting (XSS) | |
CVE-2018-3258 | |
Missing Authorization | |
Information Exposure Through Log Files | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Information Exposure | |
Missing Authorization | |
Information Exposure Through Log Files | |
Information Exposure | |
SQL Injection | |
Information Exposure | |
Deserialization of Untrusted Data | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
XML External Entity (XXE) Injection | |
Information Exposure | |
Improper Input Validation | |
Use of a Broken or Risky Cryptographic Algorithm | |
Cross-site Scripting (XSS) | |
Improper Access Control | |
Missing Required Cryptographic Step | |
Missing Required Cryptographic Step | |
Information Exposure | |
Covert Timing Channel | |
Incorrect Calculation | |
Missing Required Cryptographic Step | |
Missing Required Cryptographic Step | |
Missing Required Cryptographic Step | |
Information Exposure | |
Directory Traversal | |
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | |
Improper Certificate Validation | |
SQL Injection | |
Cleartext Storage of Sensitive Information | |
Insufficient Verification of Data Authenticity | |
Deserialization of Untrusted Data | |
Improper Input Validation | |
Insecure Temporary File | |
Insufficiently Protected Credentials | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Improper Authorization | |
Improper Authorization | |
Cross-site Scripting (XSS) | |
Information Exposure Through Log Files | |
Information Exposure | |
Improper Access Control | |
Use of Insufficiently Random Values | |
Incorrect Permission Assignment for Critical Resource | |
Improper Input Validation | |
Improper Access Control | |
Cross-site Scripting (XSS) | |
Improper Input Validation | |
Incorrect Permission Assignment for Critical Resource | |
Race Condition | |
Insecure Temporary File | |
Incorrect Permission Assignment for Critical Resource | |
Cross-site Scripting (XSS) | |
Cleartext Transmission of Sensitive Information | |
Incorrect Permission Assignment for Critical Resource | |
Cleartext Storage of Sensitive Information | |
Improper Authentication | |
Information Exposure | |
Improper Authorization | |
Cleartext Transmission of Sensitive Information | |
Improper Certificate Validation | |
Insufficiently Protected Credentials | |
Improper Input Validation | |
Improper Input Validation | |
Cross-site Scripting (XSS) | |
Improper Authentication | |
Cross-site Scripting (XSS) | |
Information Exposure | |
Information Exposure | |
Information Exposure | |
Incorrect Default Permissions | |
SQL Injection | |
Improperly Implemented Security Check for Standard | |
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | |
Missing Authorization | |
Information Exposure | |
Improper Validation of Certificate with Host Mismatch | |
Execution with Unnecessary Privileges | |
HTTP Request Smuggling | |
Resource Exhaustion | |
Out-of-Bounds | |
Information Exposure | |
Cross-site Request Forgery (CSRF) | |
Cross-site Scripting (XSS) | |
Cross-site Request Forgery (CSRF) | |
Improper Input Validation | |
Cross-site Scripting (XSS) | |
Improper Input Validation | |
Improper Input Validation | |
Eval Injection | |
Directory Traversal | |
HTTP Response Splitting | |
Incomplete Blacklist | |
Reliance on Untrusted Inputs in a Security Decision | |
Integer Overflow or Wraparound | |
HTTP Response Splitting | |
CVE-2018-3258 | |
Covert Timing Channel | |
Covert Timing Channel | |
Covert Timing Channel | |
Arbitrary Argument Injection | |
Out-of-Bounds | |
Improper Neutralization of Special Elements | |
Deserialization of Untrusted Data | |
CVE-2016-6346 | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Improper Neutralization of Special Elements | |
Information Exposure | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Use After Free | |
Deserialization of Untrusted Data | |