CINXE.COM
NVD - Search and Statistics
<!DOCTYPE html> <html lang="en"> <head><script type="text/javascript" src="/_static/js/bundle-playback.js?v=HxkREWBo" charset="utf-8"></script> <script type="text/javascript" src="/_static/js/wombat.js?v=txqj7nKC" charset="utf-8"></script> <script>window.RufflePlayer=window.RufflePlayer||{};window.RufflePlayer.config={"autoplay":"on","unmuteOverlay":"hidden"};</script> <script type="text/javascript" src="/_static/js/ruffle/ruffle.js"></script> <script type="text/javascript"> __wm.init("https://web.archive.org/web"); __wm.wombat("https://nvd.nist.gov/vuln/search","20231005173220","https://web.archive.org/","web","/_static/", "1696527140"); </script> <link rel="stylesheet" type="text/css" href="/_static/css/banner-styles.css?v=S1zqJCYt" /> <link rel="stylesheet" type="text/css" href="/_static/css/iconochive.css?v=3PDvdIFv" /> <!-- End Wayback Rewrite JS Include --> <title>NVD - Search and Statistics</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8"/> <meta http-equiv="content-style-type" content="text/css"/> <meta http-equiv="content-script-type" content="text/javascript"/> <meta name="viewport" content="width=device-width, initial-scale=1.0"/> <link href="/web/20231005173220cs_/https://nvd.nist.gov/site-scripts/font-awesome/css/font-awesome.min.css" type="text/css" rel="stylesheet"/> <link href="/web/20231005173220cs_/https://nvd.nist.gov/site-media/bootstrap/css/bootstrap.min.css" type="text/css" rel="stylesheet"/> <link href="/web/20231005173220cs_/https://nvd.nist.gov/site-media/bootstrap/css/bootstrap-theme.min.css" type="text/css" rel="stylesheet"/> <link href="/web/20231005173220cs_/https://nvd.nist.gov/site-scripts/eonasdan-bootstrap-datetimepicker/build/css/bootstrap-datetimepicker.min.css" type="text/css" rel="stylesheet"/> <link href="/web/20231005173220cs_/https://nvd.nist.gov/site-media/css/nist-fonts.css" type="text/css" rel="stylesheet"/> <link href="/web/20231005173220cs_/https://nvd.nist.gov/site-media/css/base-style.css" type="text/css" rel="stylesheet"/> <link href="/web/20231005173220cs_/https://nvd.nist.gov/site-media/css/media-resize.css" type="text/css" rel="stylesheet"/> <meta name="theme-color" content="#000000"> <script src="/web/20231005173220js_/https://nvd.nist.gov/site-scripts/jquery/dist/jquery.min.js" type="text/javascript"></script> <script src="/web/20231005173220js_/https://nvd.nist.gov/site-scripts/jquery-visible/jquery.visible.min.js" type="text/javascript"></script> <script src="/web/20231005173220js_/https://nvd.nist.gov/site-scripts/underscore/underscore-min.js" type="text/javascript"></script> <script src="/web/20231005173220js_/https://nvd.nist.gov/site-media/bootstrap/js/bootstrap.js" type="text/javascript"></script> <script src="/web/20231005173220js_/https://nvd.nist.gov/site-scripts/moment/min/moment.min.js" type="text/javascript"></script> <script src="/web/20231005173220js_/https://nvd.nist.gov/site-scripts/eonasdan-bootstrap-datetimepicker/build/js/bootstrap-datetimepicker.min.js" type="text/javascript"></script> <script src="/web/20231005173220js_/https://nvd.nist.gov/site-media/js/megamenu.js" type="text/javascript"></script> <script src="/web/20231005173220js_/https://nvd.nist.gov/site-media/js/nist-exit-script.js" type="text/javascript"></script> <script src="/web/20231005173220js_/https://nvd.nist.gov/site-media/js/forms.js" type="text/javascript"></script> <script src="/web/20231005173220js_/https://nvd.nist.gov/site-media/js/federated-analytics.all.min.js?agency=NIST&subagency=nvd&pua=UA-37115410-41&yt=true" type="text/javascript" id="_fed_an_js_tag"></script> <!-- Google tag (gtag.js) --> <script async src="https://web.archive.org/web/20231005173220js_/https://www.googletagmanager.com/gtag/js?id=G-4KKFZP12LQ"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-4KKFZP12LQ'); </script> <style id="antiClickjack"> body>* { display: none !important; } #antiClickjack { display: block !important; } </style> <noscript> <style id="antiClickjackNoScript"> body>* { display: block !important; } #antiClickjack { display: none !important; } </style> </noscript> <script type="text/javascript" id="antiClickjackScript"> if (self === top) { // no clickjacking var antiClickjack = document.getElementById("antiClickjack"); antiClickjack.parentNode.removeChild(antiClickjack); } else { setTimeout(tryForward(), 5000); } function tryForward() { top.location = self.location; } </script> <meta charset="UTF-8"> <link href="/web/20231005173220cs_/https://nvd.nist.gov/site-media/css/nvd-style.css" type="text/css" rel="stylesheet"/> <link href="/web/20231005173220im_/https://nvd.nist.gov/site-media/images/favicons/apple-touch-icon.png" rel="apple-touch-icon" type="image/png" sizes="180x180"/> <link href="/web/20231005173220im_/https://nvd.nist.gov/site-media/images/favicons/favicon-32x32.png" rel="icon" type="image/png" sizes="32x32"/> <link href="/web/20231005173220im_/https://nvd.nist.gov/site-media/images/favicons/favicon-16x16.png" rel="icon" type="image/png" sizes="16x16"/> <link href="/web/20231005173220/https://nvd.nist.gov/site-media/images/favicons/manifest.json" rel="manifest"/> <link href="/web/20231005173220im_/https://nvd.nist.gov/site-media/images/favicons/safari-pinned-tab.svg" rel="mask-icon" color="#000000"/> <link href="/web/20231005173220im_/https://nvd.nist.gov/site-media/images/favicons/favicon.ico" rel="shortcut icon"/> <meta name="msapplication-config" content="/site-media/images/favicons/browserconfig.xml"/> <link href="/web/20231005173220im_/https://nvd.nist.gov/site-media/images/favicons/favicon.ico" rel="shortcut icon" type="image/x-icon"/> <link href="/web/20231005173220im_/https://nvd.nist.gov/site-media/images/favicons/favicon.ico" rel="icon" type="image/x-icon"/> <meta charset="UTF-8"> <link href="/web/20231005173220cs_/https://nvd.nist.gov/site-media/js/jquery-ui-bootstrap/css/custom-theme/jquery-ui-1.10.0.custom.css" type="text/css" rel="stylesheet"/> <script src="/web/20231005173220js_/https://nvd.nist.gov/site-scripts/jquery-ui-dist/jquery-ui.js" type="text/javascript"></script> </head> <body> <header role="banner" title="Site Banner"> <div id="antiClickjack" style="display: none"> <h1>You are viewing this page in an unauthorized frame window.</h1> <p> This is a potential security issue, you are being redirected to <a href="https://web.archive.org/web/20231005173220/https://nvd.nist.gov/">https://nvd.nist.gov</a> </p> </div> <div> <section class="usa-banner" aria-label="Official government website"> <div class="usa-accordion container"> <header class="usa-banner__header"> <noscript> <p style="font-size: 0.85rem; font-weight: bold;">You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.</p> </noscript> <img class="usa-banner__header-flag" src="/web/20231005173220im_/https://nvd.nist.gov/site-media/images/usbanner/us_flag_small.png" alt="U.S. flag"> <span class="usa-banner__header-text">An official website of the United States government</span> <button id="gov-banner-button" class="usa-accordion__button usa-banner__button" data-toggle="collapse" data-target="#gov-banner" aria-expanded="false" aria-controls="gov-banner"> <span class="usa-banner__button-text">Here's how you know</span> </button> </header> <div class="usa-banner__content usa-accordion__content collapse" role="tabpanel" id="gov-banner" aria-expanded="true"> <div class="row"> <div class="col-md-5 col-sm-12"> <div class="row"> <div class="col-sm-2 col-xs-3"> <img class="usa-banner__icon usa-media-block__img" src="/web/20231005173220im_/https://nvd.nist.gov/site-media/images/usbanner/icon-dot-gov.svg" alt="Dot gov"> </div> <div class="col-sm-10 col-xs-9"> <p> <strong>Official websites use .gov</strong> <br> A <strong>.gov</strong> website belongs to an official government organization in the United States. </p> </div> </div> </div> <div class="col-md-5 col-sm-12"> <div class="row"> <div class="col-sm-2 col-xs-3"> <img class="usa-banner__icon usa-media-block__img" src="/web/20231005173220im_/https://nvd.nist.gov/site-media/images/usbanner/icon-https.svg" alt="Https"> </div> <div class="col-sm-10 col-xs-9"> <p> <strong>Secure .gov websites use HTTPS</strong> <br> A <strong>lock</strong> (<img class="usa-banner__lock" src="/web/20231005173220im_/https://nvd.nist.gov/site-media/images/usbanner/lock.svg" alt="Dot gov">) or <strong>https://</strong> means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. </p> </div> </div> </div> </div> </div> </div> </section> </div> <div> <div> <nav id="navbar" class="navbar"> <div id="nist-menu-container" class="container"> <div class="row"> <!-- Brand --> <div class="col-xs-6 col-md-4 navbar-header" style="height:104px"> <a class="navbar-brand" href="https://web.archive.org/web/20231005173220/https://www.nist.gov/" target="_blank" id="navbar-brand-image" style="padding-top: 36px"> <img alt="National Institute of Standards and Technology" src="/web/20231005173220im_/https://nvd.nist.gov/site-media/images/nist/nist-logo.svg" width="110" height="30"> </a> </div> <div class="col-xs-6 col-md-8 navbar-nist-logo"> <span id="nvd-menu-button" class="pull-right" style="margin-top: 26px"> <a href="#"> <span class="fa fa-bars"></span> <span id="nvd-menu-full-text"><span class="hidden-xxs">NVD </span>MENU</span> </a> </span> </div> </div> </div> <div class="main-menu-row container"> <!-- Collect the nav links, forms, and other content for toggling --> <div id="main-menu-drop" class="col-lg-12" style="display: none;"> <ul> <li><a href="/web/20231005173220/https://nvd.nist.gov/general"> General <span class="expander fa fa-plus" id="nvd-header-menu-general" data-expander-name="general" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="general"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20231005173220/https://nvd.nist.gov/general/nvd-dashboard">NVD Dashboard</a> </p> <p> <a href="/web/20231005173220/https://nvd.nist.gov/general/news">News</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231005173220/https://nvd.nist.gov/general/email-list">Email List</a> </p> <p> <a href="/web/20231005173220/https://nvd.nist.gov/general/faq">FAQ</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231005173220/https://nvd.nist.gov/general/visualizations">Visualizations</a> </p> <p> <a href="/web/20231005173220/https://nvd.nist.gov/general/legal-disclaimer">Legal Disclaimer</a> </p> </div> </div> </div></li> <li><a href="/web/20231005173220/https://nvd.nist.gov/vuln"> Vulnerabilities <span class="expander fa fa-plus" id="nvd-header-menu-vulnerabilities" data-expander-name="vulnerabilities" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="vulnerabilities"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20231005173220/https://nvd.nist.gov/vuln/search">Search & Statistics</a> </p> <p> <a href="/web/20231005173220/https://nvd.nist.gov/vuln/full-listing">Full Listing</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231005173220/https://nvd.nist.gov/vuln/categories">Weakness Types</a> </p> <p> <a href="/web/20231005173220/https://nvd.nist.gov/vuln/data-feeds">Legacy Data Feeds</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231005173220/https://nvd.nist.gov/vuln/vendor-comments">Vendor Comments</a> </p> <p> <a href="/web/20231005173220/https://nvd.nist.gov/vuln/cvmap">CVMAP</a> </p> </div> </div> </div></li> <li><a href="/web/20231005173220/https://nvd.nist.gov/vuln-metrics/cvss"> Vulnerability Metrics <span class="expander fa fa-plus" id="nvd-header-menu-metrics" data-expander-name="metrics" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="metrics"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20231005173220/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator">CVSS V3 Calculator</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231005173220/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator">CVSS V2 Calculator</a> </p> </div> <div class="col-lg-4"></div> </div> </div></li> <li><a href="/web/20231005173220/https://nvd.nist.gov/products"> Products <span class="expander fa fa-plus" id="nvd-header-menu-products" data-expander-name="products" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="products"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20231005173220/https://nvd.nist.gov/products/cpe">CPE Dictionary</a> </p> <p> <a href="/web/20231005173220/https://nvd.nist.gov/products/cpe/search">CPE Search</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231005173220/https://nvd.nist.gov/products/cpe/statistics">CPE Statistics</a> </p> <p> <a href="/web/20231005173220/https://nvd.nist.gov/products/swid">SWID</a> </p> </div> <div class="col-lg-4"></div> </div> </div></li> <li> <a href="/web/20231005173220/https://nvd.nist.gov/developers">Developers<span class="expander fa fa-plus" id="nvd-header-menu-developers" data-expander-name="developers" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="developers"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20231005173220/https://nvd.nist.gov/developers/start-here">Start Here</a> </p> <p> <a href="/web/20231005173220/https://nvd.nist.gov/developers/request-an-api-key">Request an API Key</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231005173220/https://nvd.nist.gov/developers/vulnerabilities">Vulnerabilities</a> </p> <p> <a href="/web/20231005173220/https://nvd.nist.gov/developers/products">Products</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231005173220/https://nvd.nist.gov/developers/data-sources">Data Sources</a> </p> <p> <a href="/web/20231005173220/https://nvd.nist.gov/developers/terms-of-use">Terms of Use</a> </p> </div> </div> </div> </li> <li><a href="/web/20231005173220/https://nvd.nist.gov/info"> Contact NVD </a></li> <li><a href="/web/20231005173220/https://nvd.nist.gov/other"> Other Sites <span class="expander fa fa-plus" id="nvd-header-menu-othersites" data-expander-name="otherSites" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="otherSites"> <div class="row"> <div class="col-lg-4"> <p> <a href="https://web.archive.org/web/20231005173220/https://ncp.nist.gov/">Checklist (NCP) Repository</a> </p> <p> <a href="https://web.archive.org/web/20231005173220/https://ncp.nist.gov/cce">Configurations (CCE)</a> </p> <p> <a href="https://web.archive.org/web/20231005173220/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a> </p> </div> <div class="col-lg-4"> <p> <a href="https://web.archive.org/web/20231005173220/https://csrc.nist.gov/projects/scap-validation-program">SCAP Validated Tools</a> </p> <p> <a href="https://web.archive.org/web/20231005173220/https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a> </p> </div> <div class="col-lg-4"> <p> <a href="https://web.archive.org/web/20231005173220/https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a> </p> </div> </div> </div></li> <li><a href="/web/20231005173220/https://nvd.nist.gov/search"> Search <span class="expander fa fa-plus" id="nvd-header-menu-search" data-expander-name="search" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="search"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20231005173220/https://nvd.nist.gov/vuln/search">Vulnerability Search</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231005173220/https://nvd.nist.gov/products/cpe/search">CPE Search</a> </p> </div> </div> </div></li> </ul> </div> <!-- /#mobile-nav-container --> </div> </nav> <section id="itl-header" class="has-menu"> <div class="container"> <div class="row"> <div class="col-sm-12 col-md-8"> <h2 class="hidden-xs hidden-sm"> <a href="https://web.archive.org/web/20231005173220/https://www.nist.gov/itl" target="_blank">Information Technology Laboratory</a> </h2> <h1 class="hidden-xs hidden-sm"> <a id="nvd-header-link" href="/web/20231005173220/https://nvd.nist.gov/">National Vulnerability Database</a> </h1> <h1 class="hidden-xs text-center hidden-md hidden-lg">National Vulnerability Database</h1> <h1 class="hidden-sm hidden-md hidden-lg text-center">NVD</h1> </div> <div class="col-sm-12 col-md-4"> <a style="width: 100%; text-align: center; display: block;padding-top: 14px"> <img id="img-logo-nvd-lg" alt="National Vulnerability Database" src="/web/20231005173220im_/https://nvd.nist.gov/site-media/images/F_NIST-Logo-NVD-white.svg" width="500" height="100"> </a> </div> </div> </div> </section> </div> </div> </header> <main> <div> <div id="body-section" class="container"> <div class="row"> <ol class="breadcrumb"> <li><a href="/web/20231005173220/https://nvd.nist.gov/vuln" class="CMSBreadCrumbsLink">Vulnerabilities</a></li> </ol> </div> <div> <h2>Search Vulnerability Database</h2> <p class="lead"> Try a product name, vendor name, <a href="https://web.archive.org/web/20231005173220/http://cve.org/" target="_blank">CVE</a> name, or an <a href="https://web.archive.org/web/20231005173220/http://oval.mitre.org/" target="_blank">OVAL</a> query. </p> <p>NOTE: Only vulnerabilities that match ALL keywords will be returned, Linux kernel vulnerabilities are categorized separately from vulnerabilities in specific Linux distributions.<br/> <strong>Search results will only be returned for data that is populated by NIST or from source of Acceptance Level "Provider".</strong></p> <div id="ErrorPanel" style="display: none;"> <div class="bs-callout bs-callout-danger"> <p data-testid="service-unavailable-msg-server"></p> </div> </div> <form name="vulnSearch" class="bs-callout bs-callout-success csrc-search-form" id="vulnSearchForm" action="/web/20231005173220/https://nvd.nist.gov/vuln/search/results" method="GET" data-nvd-form="true"> <div data-form-error-pane="true" class="bs-callout bs-callout-danger" style="display: none;"> <strong data-testid="service-unavailable-header" id="ErrorHeader">Please correct the following error(s):</strong> <ul data-testid="service-unavailable-msg" data-form-error-list="true"> </ul> </div> <div class="row"> <div class="col-md-4"> <div class="form-group"> <fieldset> <legend>Search Type</legend> <div id="SearchTypeList"> <label class="radio-inline"> <input id="SearchTypeBasic" type="radio" value="Basic" name="form_type" checked="checked"/>Basic </label> <label class="radio-inline"> <input id="SearchTypeAdvanced" type="radio" value="Advanced" name="form_type"/>Advanced </label> </div> </fieldset> </div> <div class="form-group"> <fieldset> <legend>Results Type</legend> <div id="ResultsType"> <label class="radio-inline"> <input id="ResultsTypeOverview" type="radio" value="overview" name="results_type" checked="checked"/>Overview </label> <label class="radio-inline"> <input id="ResultsTypeStatistics" type="radio" value="statistics" name="results_type"/>Statistics </label> </div> </fieldset> </div> <div class="form-group form-group-sm"> <label for="Keywords">Keyword Search</label> <input type="text" id="Keywords" maxlength="512" class="form-control" name="query" value=""/> <div class="form-inline"> <input name="queryType" type="checkbox" id="ExactMatchKeyword" value="phrase"> <label for="ExactMatchKeyword" style="font-weight: normal;"> Exact Match </label> </div> </div> <div class="form-group basic-search-shown"> <fieldset> <legend>Search Type</legend> <label class="radio-inline"> <input type="radio" value="all" checked="checked" id="SearchTimeFrameAll" name="search_type"/>All Time </label> <label class="radio-inline"> <input type="radio" value="last3months" id="SearchTimeFrameLast3Months" name="search_type"/>Last 3 Months </label> </fieldset> </div> <div class="form-group advanced-search-shown"> <div class="form-group form-group-sm"> <label for="CveIdentifier">CVE Identifier</label> <input type="text" id="CveIdentifier" data-validation="true" data-validation-message="Incorrect CVE ID, expected format: CVE-0000-0000+ or 0000-0000+" data-validation-type="match-regex" data-validation-regex-pattern="^CVE-[0-9]{4}-[0-9]{1,39}$" class="form-control" name="cve_id" value=""/> </div> <div class="form-group"> <label for="cwe-search"> Category (CWE) </label> <select id="cwe-search" class="form-control" name="cwe_id"> <option value="">Any............</option> <option value="CWE-1">CWE-1 - DEPRECATED: Location</option> <option value="CWE-6">CWE-6 - J2EE Misconfiguration: Insufficient Session-ID Length</option> <option value="CWE-11">CWE-11 - ASP.NET Misconfiguration: Creating Debug Binary</option> <option value="CWE-12">CWE-12 - ASP.NET Misconfiguration: Missing Custom Error Page</option> <option value="CWE-14">CWE-14 - Compiler Removal of Code to Clear Buffers</option> <option value="CWE-15">CWE-15 - External Control of System or Configuration Setting</option> <option value="CWE-16">CWE-16 - Configuration</option> <option value="CWE-17">CWE-17 - DEPRECATED: Code</option> <option value="CWE-18">CWE-18 - DEPRECATED: Source Code</option> <option value="CWE-19">CWE-19 - Data Processing Errors</option> <option value="CWE-20">CWE-20 - Improper Input Validation</option> <option value="CWE-21">CWE-21 - DEPRECATED: Pathname Traversal and Equivalence Errors</option> <option value="CWE-22">CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')</option> <option value="CWE-23">CWE-23 - Relative Path Traversal</option> <option value="CWE-24">CWE-24 - Path Traversal: '../filedir'</option> <option value="CWE-25">CWE-25 - Path Traversal: '/../filedir'</option> <option value="CWE-26">CWE-26 - Path Traversal: '/dir/../filename'</option> <option value="CWE-27">CWE-27 - Path Traversal: 'dir/../../filename'</option> <option value="CWE-28">CWE-28 - Path Traversal: '..\filedir'</option> <option value="CWE-29">CWE-29 - Path Traversal: '\..\filename'</option> <option value="CWE-35">CWE-35 - Path Traversal: '.../...//'</option> <option value="CWE-36">CWE-36 - Absolute Path Traversal</option> <option value="CWE-37">CWE-37 - Path Traversal: '/absolute/pathname/here'</option> <option value="CWE-39">CWE-39 - Path Traversal: 'C:dirname'</option> <option value="CWE-40">CWE-40 - Path Traversal: '\\UNC\share\name\' (Windows UNC Share)</option> <option value="CWE-41">CWE-41 - Improper Resolution of Path Equivalence</option> <option value="CWE-42">CWE-42 - Path Equivalence: 'filename.' (Trailing Dot)</option> <option value="CWE-50">CWE-50 - Path Equivalence: '//multiple/leading/slash'</option> <option value="CWE-59">CWE-59 - Improper Link Resolution Before File Access ('Link Following')</option> <option value="CWE-61">CWE-61 - UNIX Symbolic Link (Symlink) Following</option> <option value="CWE-64">CWE-64 - Windows Shortcut Following (.LNK)</option> <option value="CWE-65">CWE-65 - Windows Hard Link</option> <option value="CWE-73">CWE-73 - External Control of File Name or Path</option> <option value="CWE-74">CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')</option> <option value="CWE-75">CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)</option> <option value="CWE-76">CWE-76 - Improper Neutralization of Equivalent Special Elements</option> <option value="CWE-77">CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')</option> <option value="CWE-78">CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</option> <option value="CWE-79">CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</option> <option value="CWE-80">CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)</option> <option value="CWE-81">CWE-81 - Improper Neutralization of Script in an Error Message Web Page</option> <option value="CWE-83">CWE-83 - Improper Neutralization of Script in Attributes in a Web Page</option> <option value="CWE-84">CWE-84 - Improper Neutralization of Encoded URI Schemes in a Web Page</option> <option value="CWE-85">CWE-85 - Doubled Character XSS Manipulations</option> <option value="CWE-86">CWE-86 - Improper Neutralization of Invalid Characters in Identifiers in Web Pages</option> <option value="CWE-87">CWE-87 - Improper Neutralization of Alternate XSS Syntax</option> <option value="CWE-88">CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')</option> <option value="CWE-89">CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')</option> <option value="CWE-90">CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')</option> <option value="CWE-91">CWE-91 - XML Injection (aka Blind XPath Injection)</option> <option value="CWE-93">CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')</option> <option value="CWE-94">CWE-94 - Improper Control of Generation of Code ('Code Injection')</option> <option value="CWE-95">CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')</option> <option value="CWE-96">CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')</option> <option value="CWE-98">CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio</option> <option value="CWE-99">CWE-99 - Improper Control of Resource Identifiers ('Resource Injection')</option> <option value="CWE-111">CWE-111 - Direct Use of Unsafe JNI</option> <option value="CWE-112">CWE-112 - Missing XML Validation</option> <option value="CWE-113">CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')</option> <option value="CWE-114">CWE-114 - Process Control</option> <option value="CWE-115">CWE-115 - Misinterpretation of Input</option> <option value="CWE-116">CWE-116 - Improper Encoding or Escaping of Output</option> <option value="CWE-117">CWE-117 - Improper Output Neutralization for Logs</option> <option value="CWE-118">CWE-118 - Incorrect Access of Indexable Resource ('Range Error')</option> <option value="CWE-119">CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer</option> <option value="CWE-120">CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')</option> <option value="CWE-121">CWE-121 - Stack-based Buffer Overflow</option> <option value="CWE-122">CWE-122 - Heap-based Buffer Overflow</option> <option value="CWE-123">CWE-123 - Write-what-where Condition</option> <option value="CWE-124">CWE-124 - Buffer Underwrite ('Buffer Underflow')</option> <option value="CWE-125">CWE-125 - Out-of-bounds Read</option> <option value="CWE-126">CWE-126 - Buffer Over-read</option> <option value="CWE-127">CWE-127 - Buffer Under-read</option> <option value="CWE-128">CWE-128 - Wrap-around Error</option> <option value="CWE-129">CWE-129 - Improper Validation of Array Index</option> <option value="CWE-130">CWE-130 - Improper Handling of Length Parameter Inconsistency</option> <option value="CWE-131">CWE-131 - Incorrect Calculation of Buffer Size</option> <option value="CWE-134">CWE-134 - Use of Externally-Controlled Format String</option> <option value="CWE-138">CWE-138 - Improper Neutralization of Special Elements</option> <option value="CWE-140">CWE-140 - Improper Neutralization of Delimiters</option> <option value="CWE-141">CWE-141 - Improper Neutralization of Parameter/Argument Delimiters</option> <option value="CWE-144">CWE-144 - Improper Neutralization of Line Delimiters</option> <option value="CWE-146">CWE-146 - Improper Neutralization of Expression/Command Delimiters</option> <option value="CWE-150">CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences</option> <option value="CWE-155">CWE-155 - Improper Neutralization of Wildcards or Matching Symbols</option> <option value="CWE-158">CWE-158 - Improper Neutralization of Null Byte or NUL Character</option> <option value="CWE-159">CWE-159 - Improper Handling of Invalid Use of Special Elements</option> <option value="CWE-167">CWE-167 - Improper Handling of Additional Special Element</option> <option value="CWE-170">CWE-170 - Improper Null Termination</option> <option value="CWE-171">CWE-171 - DEPRECATED: Cleansing, Canonicalization, and Comparison Errors</option> <option value="CWE-172">CWE-172 - Encoding Error</option> <option value="CWE-173">CWE-173 - Improper Handling of Alternate Encoding</option> <option value="CWE-176">CWE-176 - Improper Handling of Unicode Encoding</option> <option value="CWE-177">CWE-177 - Improper Handling of URL Encoding (Hex Encoding)</option> <option value="CWE-178">CWE-178 - Improper Handling of Case Sensitivity</option> <option value="CWE-179">CWE-179 - Incorrect Behavior Order: Early Validation</option> <option value="CWE-180">CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize</option> <option value="CWE-182">CWE-182 - Collapse of Data into Unsafe Value</option> <option value="CWE-183">CWE-183 - Permissive List of Allowed Inputs</option> <option value="CWE-184">CWE-184 - Incomplete List of Disallowed Inputs</option> <option value="CWE-185">CWE-185 - Incorrect Regular Expression</option> <option value="CWE-187">CWE-187 - Partial String Comparison</option> <option value="CWE-189">CWE-189 - Numeric Errors</option> <option value="CWE-190">CWE-190 - Integer Overflow or Wraparound</option> <option value="CWE-191">CWE-191 - Integer Underflow (Wrap or Wraparound)</option> <option value="CWE-192">CWE-192 - Integer Coercion Error</option> <option value="CWE-193">CWE-193 - Off-by-one Error</option> <option value="CWE-194">CWE-194 - Unexpected Sign Extension</option> <option value="CWE-195">CWE-195 - Signed to Unsigned Conversion Error</option> <option value="CWE-196">CWE-196 - Unsigned to Signed Conversion Error</option> <option value="CWE-197">CWE-197 - Numeric Truncation Error</option> <option value="CWE-199">CWE-199 - Information Management Errors</option> <option value="CWE-200">CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor</option> <option value="CWE-201">CWE-201 - Insertion of Sensitive Information Into Sent Data</option> <option value="CWE-202">CWE-202 - Exposure of Sensitive Information Through Data Queries</option> <option value="CWE-203">CWE-203 - Observable Discrepancy</option> <option value="CWE-204">CWE-204 - Observable Response Discrepancy</option> <option value="CWE-205">CWE-205 - Observable Behavioral Discrepancy</option> <option value="CWE-208">CWE-208 - Observable Timing Discrepancy</option> <option value="CWE-209">CWE-209 - Generation of Error Message Containing Sensitive Information</option> <option value="CWE-210">CWE-210 - Self-generated Error Message Containing Sensitive Information</option> <option value="CWE-212">CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer</option> <option value="CWE-213">CWE-213 - Exposure of Sensitive Information Due to Incompatible Policies</option> <option value="CWE-214">CWE-214 - Invocation of Process Using Visible Sensitive Information</option> <option value="CWE-215">CWE-215 - Insertion of Sensitive Information Into Debugging Code</option> <option value="CWE-216">CWE-216 - DEPRECATED: Containment Errors (Container Errors)</option> <option value="CWE-219">CWE-219 - Storage of File with Sensitive Data Under Web Root</option> <option value="CWE-221">CWE-221 - Information Loss or Omission</option> <option value="CWE-223">CWE-223 - Omission of Security-relevant Information</option> <option value="CWE-226">CWE-226 - Sensitive Information in Resource Not Removed Before Reuse</option> <option value="CWE-228">CWE-228 - Improper Handling of Syntactically Invalid Structure</option> <option value="CWE-229">CWE-229 - Improper Handling of Values</option> <option value="CWE-230">CWE-230 - Improper Handling of Missing Values</option> <option value="CWE-232">CWE-232 - Improper Handling of Undefined Values</option> <option value="CWE-233">CWE-233 - Improper Handling of Parameters</option> <option value="CWE-234">CWE-234 - Failure to Handle Missing Parameter</option> <option value="CWE-235">CWE-235 - Improper Handling of Extra Parameters</option> <option value="CWE-236">CWE-236 - Improper Handling of Undefined Parameters</option> <option value="CWE-237">CWE-237 - Improper Handling of Structural Elements</option> <option value="CWE-239">CWE-239 - Failure to Handle Incomplete Element</option> <option value="CWE-240">CWE-240 - Improper Handling of Inconsistent Structural Elements</option> <option value="CWE-241">CWE-241 - Improper Handling of Unexpected Data Type</option> <option value="CWE-242">CWE-242 - Use of Inherently Dangerous Function</option> <option value="CWE-248">CWE-248 - Uncaught Exception</option> <option value="CWE-249">CWE-249 - DEPRECATED: Often Misused: Path Manipulation</option> <option value="CWE-250">CWE-250 - Execution with Unnecessary Privileges</option> <option value="CWE-252">CWE-252 - Unchecked Return Value</option> <option value="CWE-253">CWE-253 - Incorrect Check of Function Return Value</option> <option value="CWE-254">CWE-254 - 7PK - Security Features</option> <option value="CWE-255">CWE-255 - Credentials Management Errors</option> <option value="CWE-256">CWE-256 - Plaintext Storage of a Password</option> <option value="CWE-257">CWE-257 - Storing Passwords in a Recoverable Format</option> <option value="CWE-258">CWE-258 - Empty Password in Configuration File</option> <option value="CWE-259">CWE-259 - Use of Hard-coded Password</option> <option value="CWE-260">CWE-260 - Password in Configuration File</option> <option value="CWE-261">CWE-261 - Weak Encoding for Password</option> <option value="CWE-262">CWE-262 - Not Using Password Aging</option> <option value="CWE-263">CWE-263 - Password Aging with Long Expiration</option> <option value="CWE-264">CWE-264 - Permissions, Privileges, and Access Controls</option> <option value="CWE-265">CWE-265 - Privilege Issues</option> <option value="CWE-266">CWE-266 - Incorrect Privilege Assignment</option> <option value="CWE-267">CWE-267 - Privilege Defined With Unsafe Actions</option> <option value="CWE-268">CWE-268 - Privilege Chaining</option> <option value="CWE-269">CWE-269 - Improper Privilege Management</option> <option value="CWE-270">CWE-270 - Privilege Context Switching Error</option> <option value="CWE-271">CWE-271 - Privilege Dropping / Lowering Errors</option> <option value="CWE-272">CWE-272 - Least Privilege Violation</option> <option value="CWE-273">CWE-273 - Improper Check for Dropped Privileges</option> <option value="CWE-274">CWE-274 - Improper Handling of Insufficient Privileges</option> <option value="CWE-275">CWE-275 - Permission Issues</option> <option value="CWE-276">CWE-276 - Incorrect Default Permissions</option> <option value="CWE-277">CWE-277 - Insecure Inherited Permissions</option> <option value="CWE-278">CWE-278 - Insecure Preserved Inherited Permissions</option> <option value="CWE-279">CWE-279 - Incorrect Execution-Assigned Permissions</option> <option value="CWE-280">CWE-280 - Improper Handling of Insufficient Permissions or Privileges</option> <option value="CWE-281">CWE-281 - Improper Preservation of Permissions</option> <option value="CWE-282">CWE-282 - Improper Ownership Management</option> <option value="CWE-283">CWE-283 - Unverified Ownership</option> <option value="CWE-284">CWE-284 - Improper Access Control</option> <option value="CWE-285">CWE-285 - Improper Authorization</option> <option value="CWE-286">CWE-286 - Incorrect User Management</option> <option value="CWE-287">CWE-287 - Improper Authentication</option> <option value="CWE-288">CWE-288 - Authentication Bypass Using an Alternate Path or Channel</option> <option value="CWE-289">CWE-289 - Authentication Bypass by Alternate Name</option> <option value="CWE-290">CWE-290 - Authentication Bypass by Spoofing</option> <option value="CWE-294">CWE-294 - Authentication Bypass by Capture-replay</option> <option value="CWE-295">CWE-295 - Improper Certificate Validation</option> <option value="CWE-296">CWE-296 - Improper Following of a Certificate's Chain of Trust</option> <option value="CWE-297">CWE-297 - Improper Validation of Certificate with Host Mismatch</option> <option value="CWE-299">CWE-299 - Improper Check for Certificate Revocation</option> <option value="CWE-300">CWE-300 - Channel Accessible by Non-Endpoint</option> <option value="CWE-301">CWE-301 - Reflection Attack in an Authentication Protocol</option> <option value="CWE-302">CWE-302 - Authentication Bypass by Assumed-Immutable Data</option> <option value="CWE-303">CWE-303 - Incorrect Implementation of Authentication Algorithm</option> <option value="CWE-304">CWE-304 - Missing Critical Step in Authentication</option> <option value="CWE-305">CWE-305 - Authentication Bypass by Primary Weakness</option> <option value="CWE-306">CWE-306 - Missing Authentication for Critical Function</option> <option value="CWE-307">CWE-307 - Improper Restriction of Excessive Authentication Attempts</option> <option value="CWE-308">CWE-308 - Use of Single-factor Authentication</option> <option value="CWE-309">CWE-309 - Use of Password System for Primary Authentication</option> <option value="CWE-310">CWE-310 - Cryptographic Issues</option> <option value="CWE-311">CWE-311 - Missing Encryption of Sensitive Data</option> <option value="CWE-312">CWE-312 - Cleartext Storage of Sensitive Information</option> <option value="CWE-313">CWE-313 - Cleartext Storage in a File or on Disk</option> <option value="CWE-314">CWE-314 - Cleartext Storage in the Registry</option> <option value="CWE-315">CWE-315 - Cleartext Storage of Sensitive Information in a Cookie</option> <option value="CWE-316">CWE-316 - Cleartext Storage of Sensitive Information in Memory</option> <option value="CWE-317">CWE-317 - Cleartext Storage of Sensitive Information in GUI</option> <option value="CWE-318">CWE-318 - Cleartext Storage of Sensitive Information in Executable</option> <option value="CWE-319">CWE-319 - Cleartext Transmission of Sensitive Information</option> <option value="CWE-320">CWE-320 - Key Management Errors</option> <option value="CWE-321">CWE-321 - Use of Hard-coded Cryptographic Key</option> <option value="CWE-322">CWE-322 - Key Exchange without Entity Authentication</option> <option value="CWE-323">CWE-323 - Reusing a Nonce, Key Pair in Encryption</option> <option value="CWE-324">CWE-324 - Use of a Key Past its Expiration Date</option> <option value="CWE-325">CWE-325 - Missing Cryptographic Step</option> <option value="CWE-326">CWE-326 - Inadequate Encryption Strength</option> <option value="CWE-327">CWE-327 - Use of a Broken or Risky Cryptographic Algorithm</option> <option value="CWE-328">CWE-328 - Use of Weak Hash</option> <option value="CWE-329">CWE-329 - Generation of Predictable IV with CBC Mode</option> <option value="CWE-330">CWE-330 - Use of Insufficiently Random Values</option> <option value="CWE-331">CWE-331 - Insufficient Entropy</option> <option value="CWE-332">CWE-332 - Insufficient Entropy in PRNG</option> <option value="CWE-334">CWE-334 - Small Space of Random Values</option> <option value="CWE-335">CWE-335 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)</option> <option value="CWE-336">CWE-336 - Same Seed in Pseudo-Random Number Generator (PRNG)</option> <option value="CWE-337">CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)</option> <option value="CWE-338">CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)</option> <option value="CWE-340">CWE-340 - Generation of Predictable Numbers or Identifiers</option> <option value="CWE-341">CWE-341 - Predictable from Observable State</option> <option value="CWE-342">CWE-342 - Predictable Exact Value from Previous Values</option> <option value="CWE-343">CWE-343 - Predictable Value Range from Previous Values</option> <option value="CWE-344">CWE-344 - Use of Invariant Value in Dynamically Changing Context</option> <option value="CWE-345">CWE-345 - Insufficient Verification of Data Authenticity</option> <option value="CWE-346">CWE-346 - Origin Validation Error</option> <option value="CWE-347">CWE-347 - Improper Verification of Cryptographic Signature</option> <option value="CWE-348">CWE-348 - Use of Less Trusted Source</option> <option value="CWE-349">CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data</option> <option value="CWE-350">CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action</option> <option value="CWE-351">CWE-351 - Insufficient Type Distinction</option> <option value="CWE-352">CWE-352 - Cross-Site Request Forgery (CSRF)</option> <option value="CWE-353">CWE-353 - Missing Support for Integrity Check</option> <option value="CWE-354">CWE-354 - Improper Validation of Integrity Check Value</option> <option value="CWE-355">CWE-355 - User Interface Security Issues</option> <option value="CWE-356">CWE-356 - Product UI does not Warn User of Unsafe Actions</option> <option value="CWE-357">CWE-357 - Insufficient UI Warning of Dangerous Operations</option> <option value="CWE-358">CWE-358 - Improperly Implemented Security Check for Standard</option> <option value="CWE-359">CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor</option> <option value="CWE-360">CWE-360 - Trust of System Event Data</option> <option value="CWE-361">CWE-361 - 7PK - Time and State</option> <option value="CWE-362">CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')</option> <option value="CWE-363">CWE-363 - Race Condition Enabling Link Following</option> <option value="CWE-364">CWE-364 - Signal Handler Race Condition</option> <option value="CWE-365">CWE-365 - DEPRECATED: Race Condition in Switch</option> <option value="CWE-366">CWE-366 - Race Condition within a Thread</option> <option value="CWE-367">CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition</option> <option value="CWE-368">CWE-368 - Context Switching Race Condition</option> <option value="CWE-369">CWE-369 - Divide By Zero</option> <option value="CWE-371">CWE-371 - State Issues</option> <option value="CWE-372">CWE-372 - Incomplete Internal State Distinction</option> <option value="CWE-376">CWE-376 - DEPRECATED: Temporary File Issues</option> <option value="CWE-377">CWE-377 - Insecure Temporary File</option> <option value="CWE-378">CWE-378 - Creation of Temporary File With Insecure Permissions</option> <option value="CWE-379">CWE-379 - Creation of Temporary File in Directory with Insecure Permissions</option> <option value="CWE-384">CWE-384 - Session Fixation</option> <option value="CWE-385">CWE-385 - Covert Timing Channel</option> <option value="CWE-388">CWE-388 - 7PK - Errors</option> <option value="CWE-390">CWE-390 - Detection of Error Condition Without Action</option> <option value="CWE-391">CWE-391 - Unchecked Error Condition</option> <option value="CWE-392">CWE-392 - Missing Report of Error Condition</option> <option value="CWE-393">CWE-393 - Return of Wrong Status Code</option> <option value="CWE-394">CWE-394 - Unexpected Status Code or Return Value</option> <option value="CWE-395">CWE-395 - Use of NullPointerException Catch to Detect NULL Pointer Dereference</option> <option value="CWE-398">CWE-398 - 7PK - Code Quality</option> <option value="CWE-399">CWE-399 - Resource Management Errors</option> <option value="CWE-400">CWE-400 - Uncontrolled Resource Consumption</option> <option value="CWE-401">CWE-401 - Missing Release of Memory after Effective Lifetime</option> <option value="CWE-402">CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')</option> <option value="CWE-404">CWE-404 - Improper Resource Shutdown or Release</option> <option value="CWE-405">CWE-405 - Asymmetric Resource Consumption (Amplification)</option> <option value="CWE-406">CWE-406 - Insufficient Control of Network Message Volume (Network Amplification)</option> <option value="CWE-407">CWE-407 - Inefficient Algorithmic Complexity</option> <option value="CWE-408">CWE-408 - Incorrect Behavior Order: Early Amplification</option> <option value="CWE-409">CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)</option> <option value="CWE-410">CWE-410 - Insufficient Resource Pool</option> <option value="CWE-412">CWE-412 - Unrestricted Externally Accessible Lock</option> <option value="CWE-413">CWE-413 - Improper Resource Locking</option> <option value="CWE-415">CWE-415 - Double Free</option> <option value="CWE-416">CWE-416 - Use After Free</option> <option value="CWE-417">CWE-417 - Communication Channel Errors</option> <option value="CWE-419">CWE-419 - Unprotected Primary Channel</option> <option value="CWE-420">CWE-420 - Unprotected Alternate Channel</option> <option value="CWE-424">CWE-424 - Improper Protection of Alternate Path</option> <option value="CWE-425">CWE-425 - Direct Request ('Forced Browsing')</option> <option value="CWE-426">CWE-426 - Untrusted Search Path</option> <option value="CWE-427">CWE-427 - Uncontrolled Search Path Element</option> <option value="CWE-428">CWE-428 - Unquoted Search Path or Element</option> <option value="CWE-431">CWE-431 - Missing Handler</option> <option value="CWE-434">CWE-434 - Unrestricted Upload of File with Dangerous Type</option> <option value="CWE-435">CWE-435 - Improper Interaction Between Multiple Correctly-Behaving Entities</option> <option value="CWE-436">CWE-436 - Interpretation Conflict</option> <option value="CWE-437">CWE-437 - Incomplete Model of Endpoint Features</option> <option value="CWE-440">CWE-440 - Expected Behavior Violation</option> <option value="CWE-441">CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')</option> <option value="CWE-444">CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')</option> <option value="CWE-446">CWE-446 - UI Discrepancy for Security Feature</option> <option value="CWE-448">CWE-448 - Obsolete Feature in UI</option> <option value="CWE-450">CWE-450 - Multiple Interpretations of UI Input</option> <option value="CWE-451">CWE-451 - User Interface (UI) Misrepresentation of Critical Information</option> <option value="CWE-453">CWE-453 - Insecure Default Variable Initialization</option> <option value="CWE-455">CWE-455 - Non-exit on Failed Initialization</option> <option value="CWE-456">CWE-456 - Missing Initialization of a Variable</option> <option value="CWE-457">CWE-457 - Use of Uninitialized Variable</option> <option value="CWE-459">CWE-459 - Incomplete Cleanup</option> <option value="CWE-460">CWE-460 - Improper Cleanup on Thrown Exception</option> <option value="CWE-465">CWE-465 - Pointer Issues</option> <option value="CWE-467">CWE-467 - Use of sizeof() on a Pointer Type</option> <option value="CWE-470">CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')</option> <option value="CWE-471">CWE-471 - Modification of Assumed-Immutable Data (MAID)</option> <option value="CWE-472">CWE-472 - External Control of Assumed-Immutable Web Parameter</option> <option value="CWE-473">CWE-473 - PHP External Variable Modification</option> <option value="CWE-474">CWE-474 - Use of Function with Inconsistent Implementations</option> <option value="CWE-475">CWE-475 - Undefined Behavior for Input to API</option> <option value="CWE-476">CWE-476 - NULL Pointer Dereference</option> <option value="CWE-477">CWE-477 - Use of Obsolete Function</option> <option value="CWE-479">CWE-479 - Signal Handler Use of a Non-reentrant Function</option> <option value="CWE-480">CWE-480 - Use of Incorrect Operator</option> <option value="CWE-485">CWE-485 - 7PK - Encapsulation</option> <option value="CWE-489">CWE-489 - Active Debug Code</option> <option value="CWE-494">CWE-494 - Download of Code Without Integrity Check</option> <option value="CWE-497">CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere</option> <option value="CWE-499">CWE-499 - Serializable Class Containing Sensitive Data</option> <option value="CWE-501">CWE-501 - Trust Boundary Violation</option> <option value="CWE-502">CWE-502 - Deserialization of Untrusted Data</option> <option value="CWE-506">CWE-506 - Embedded Malicious Code</option> <option value="CWE-507">CWE-507 - Trojan Horse</option> <option value="CWE-509">CWE-509 - Replicating Malicious Code (Virus or Worm)</option> <option value="CWE-521">CWE-521 - Weak Password Requirements</option> <option value="CWE-522">CWE-522 - Insufficiently Protected Credentials</option> <option value="CWE-523">CWE-523 - Unprotected Transport of Credentials</option> <option value="CWE-524">CWE-524 - Use of Cache Containing Sensitive Information</option> <option value="CWE-525">CWE-525 - Use of Web Browser Cache Containing Sensitive Information</option> <option value="CWE-526">CWE-526 - Exposure of Sensitive Information Through Environmental Variables</option> <option value="CWE-527">CWE-527 - Exposure of Version-Control Repository to an Unauthorized Control Sphere</option> <option value="CWE-532">CWE-532 - Insertion of Sensitive Information into Log File</option> <option value="CWE-534">CWE-534 - DEPRECATED: Information Exposure Through Debug Log Files</option> <option value="CWE-538">CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory</option> <option value="CWE-539">CWE-539 - Use of Persistent Cookies Containing Sensitive Information</option> <option value="CWE-540">CWE-540 - Inclusion of Sensitive Information in Source Code</option> <option value="CWE-544">CWE-544 - Missing Standardized Error Handling Mechanism</option> <option value="CWE-547">CWE-547 - Use of Hard-coded, Security-relevant Constants</option> <option value="CWE-548">CWE-548 - Exposure of Information Through Directory Listing</option> <option value="CWE-549">CWE-549 - Missing Password Field Masking</option> <option value="CWE-550">CWE-550 - Server-generated Error Message Containing Sensitive Information</option> <option value="CWE-551">CWE-551 - Incorrect Behavior Order: Authorization Before Parsing and Canonicalization</option> <option value="CWE-552">CWE-552 - Files or Directories Accessible to External Parties</option> <option value="CWE-555">CWE-555 - J2EE Misconfiguration: Plaintext Password in Configuration File</option> <option value="CWE-561">CWE-561 - Dead Code</option> <option value="CWE-562">CWE-562 - Return of Stack Variable Address</option> <option value="CWE-563">CWE-563 - Assignment to Variable without Use</option> <option value="CWE-565">CWE-565 - Reliance on Cookies without Validation and Integrity Checking</option> <option value="CWE-567">CWE-567 - Unsynchronized Access to Shared Data in a Multithreaded Context</option> <option value="CWE-571">CWE-571 - Expression is Always True</option> <option value="CWE-573">CWE-573 - Improper Following of Specification by Caller</option> <option value="CWE-587">CWE-587 - Assignment of a Fixed Address to a Pointer</option> <option value="CWE-588">CWE-588 - Attempt to Access Child of a Non-structure Pointer</option> <option value="CWE-590">CWE-590 - Free of Memory not on the Heap</option> <option value="CWE-592">CWE-592 - DEPRECATED: Authentication Bypass Issues</option> <option value="CWE-595">CWE-595 - Comparison of Object References Instead of Object Contents</option> <option value="CWE-597">CWE-597 - Use of Wrong Operator in String Comparison</option> <option value="CWE-598">CWE-598 - Use of GET Request Method With Sensitive Query Strings</option> <option value="CWE-599">CWE-599 - Missing Validation of OpenSSL Certificate</option> <option value="CWE-601">CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')</option> <option value="CWE-602">CWE-602 - Client-Side Enforcement of Server-Side Security</option> <option value="CWE-603">CWE-603 - Use of Client-Side Authentication</option> <option value="CWE-606">CWE-606 - Unchecked Input for Loop Condition</option> <option value="CWE-610">CWE-610 - Externally Controlled Reference to a Resource in Another Sphere</option> <option value="CWE-611">CWE-611 - Improper Restriction of XML External Entity Reference</option> <option value="CWE-612">CWE-612 - Improper Authorization of Index Containing Sensitive Information</option> <option value="CWE-613">CWE-613 - Insufficient Session Expiration</option> <option value="CWE-614">CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute</option> <option value="CWE-617">CWE-617 - Reachable Assertion</option> <option value="CWE-620">CWE-620 - Unverified Password Change</option> <option value="CWE-621">CWE-621 - Variable Extraction Error</option> <option value="CWE-623">CWE-623 - Unsafe ActiveX Control Marked Safe For Scripting</option> <option value="CWE-625">CWE-625 - Permissive Regular Expression</option> <option value="CWE-626">CWE-626 - Null Byte Interaction Error (Poison Null Byte)</option> <option value="CWE-628">CWE-628 - Function Call with Incorrectly Specified Arguments</option> <option value="CWE-636">CWE-636 - Not Failing Securely ('Failing Open')</option> <option value="CWE-639">CWE-639 - Authorization Bypass Through User-Controlled Key</option> <option value="CWE-640">CWE-640 - Weak Password Recovery Mechanism for Forgotten Password</option> <option value="CWE-641">CWE-641 - Improper Restriction of Names for Files and Other Resources</option> <option value="CWE-642">CWE-642 - External Control of Critical State Data</option> <option value="CWE-643">CWE-643 - Improper Neutralization of Data within XPath Expressions ('XPath Injection')</option> <option value="CWE-644">CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax</option> <option value="CWE-645">CWE-645 - Overly Restrictive Account Lockout Mechanism</option> <option value="CWE-646">CWE-646 - Reliance on File Name or Extension of Externally-Supplied File</option> <option value="CWE-647">CWE-647 - Use of Non-Canonical URL Paths for Authorization Decisions</option> <option value="CWE-648">CWE-648 - Incorrect Use of Privileged APIs</option> <option value="CWE-649">CWE-649 - Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking</option> <option value="CWE-650">CWE-650 - Trusting HTTP Permission Methods on the Server Side</option> <option value="CWE-653">CWE-653 - Improper Isolation or Compartmentalization</option> <option value="CWE-656">CWE-656 - Reliance on Security Through Obscurity</option> <option value="CWE-657">CWE-657 - Violation of Secure Design Principles</option> <option value="CWE-662">CWE-662 - Improper Synchronization</option> <option value="CWE-664">CWE-664 - Improper Control of a Resource Through its Lifetime</option> <option value="CWE-665">CWE-665 - Improper Initialization</option> <option value="CWE-667">CWE-667 - Improper Locking</option> <option value="CWE-668">CWE-668 - Exposure of Resource to Wrong Sphere</option> <option value="CWE-669">CWE-669 - Incorrect Resource Transfer Between Spheres</option> <option value="CWE-670">CWE-670 - Always-Incorrect Control Flow Implementation</option> <option value="CWE-671">CWE-671 - Lack of Administrator Control over Security</option> <option value="CWE-672">CWE-672 - Operation on a Resource after Expiration or Release</option> <option value="CWE-674">CWE-674 - Uncontrolled Recursion</option> <option value="CWE-675">CWE-675 - Multiple Operations on Resource in Single-Operation Context</option> <option value="CWE-676">CWE-676 - Use of Potentially Dangerous Function</option> <option value="CWE-680">CWE-680 - Integer Overflow to Buffer Overflow</option> <option value="CWE-681">CWE-681 - Incorrect Conversion between Numeric Types</option> <option value="CWE-682">CWE-682 - Incorrect Calculation</option> <option value="CWE-683">CWE-683 - Function Call With Incorrect Order of Arguments</option> <option value="CWE-684">CWE-684 - Incorrect Provision of Specified Functionality</option> <option value="CWE-688">CWE-688 - Function Call With Incorrect Variable or Reference as Argument</option> <option value="CWE-689">CWE-689 - Permission Race Condition During Resource Copy</option> <option value="CWE-690">CWE-690 - Unchecked Return Value to NULL Pointer Dereference</option> <option value="CWE-691">CWE-691 - Insufficient Control Flow Management</option> <option value="CWE-692">CWE-692 - Incomplete Denylist to Cross-Site Scripting</option> <option value="CWE-693">CWE-693 - Protection Mechanism Failure</option> <option value="CWE-694">CWE-694 - Use of Multiple Resources with Duplicate Identifier</option> <option value="CWE-696">CWE-696 - Incorrect Behavior Order</option> <option value="CWE-697">CWE-697 - Incorrect Comparison</option> <option value="CWE-700">CWE-700 - Seven Pernicious Kingdoms</option> <option value="CWE-701">CWE-701 - Weaknesses Introduced During Design</option> <option value="CWE-703">CWE-703 - Improper Check or Handling of Exceptional Conditions</option> <option value="CWE-704">CWE-704 - Incorrect Type Conversion or Cast</option> <option value="CWE-706">CWE-706 - Use of Incorrectly-Resolved Name or Reference</option> <option value="CWE-707">CWE-707 - Improper Neutralization</option> <option value="CWE-708">CWE-708 - Incorrect Ownership Assignment</option> <option value="CWE-710">CWE-710 - Improper Adherence to Coding Standards</option> <option value="CWE-714">CWE-714 - OWASP Top Ten 2007 Category A3 - Malicious File Execution</option> <option value="CWE-717">CWE-717 - OWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error Handling</option> <option value="CWE-730">CWE-730 - OWASP Top Ten 2004 Category A9 - Denial of Service</option> <option value="CWE-732">CWE-732 - Incorrect Permission Assignment for Critical Resource</option> <option value="CWE-733">CWE-733 - Compiler Optimization Removal or Modification of Security-critical Code</option> <option value="CWE-749">CWE-749 - Exposed Dangerous Method or Function</option> <option value="CWE-754">CWE-754 - Improper Check for Unusual or Exceptional Conditions</option> <option value="CWE-755">CWE-755 - Improper Handling of Exceptional Conditions</option> <option value="CWE-756">CWE-756 - Missing Custom Error Page</option> <option value="CWE-757">CWE-757 - Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')</option> <option value="CWE-758">CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior</option> <option value="CWE-759">CWE-759 - Use of a One-Way Hash without a Salt</option> <option value="CWE-760">CWE-760 - Use of a One-Way Hash with a Predictable Salt</option> <option value="CWE-762">CWE-762 - Mismatched Memory Management Routines</option> <option value="CWE-763">CWE-763 - Release of Invalid Pointer or Reference</option> <option value="CWE-767">CWE-767 - Access to Critical Private Variable via Public Method</option> <option value="CWE-769">CWE-769 - DEPRECATED: Uncontrolled File Descriptor Consumption</option> <option value="CWE-770">CWE-770 - Allocation of Resources Without Limits or Throttling</option> <option value="CWE-771">CWE-771 - Missing Reference to Active Allocated Resource</option> <option value="CWE-772">CWE-772 - Missing Release of Resource after Effective Lifetime</option> <option value="CWE-774">CWE-774 - Allocation of File Descriptors or Handles Without Limits or Throttling</option> <option value="CWE-775">CWE-775 - Missing Release of File Descriptor or Handle after Effective Lifetime</option> <option value="CWE-776">CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')</option> <option value="CWE-778">CWE-778 - Insufficient Logging</option> <option value="CWE-779">CWE-779 - Logging of Excessive Data</option> <option value="CWE-780">CWE-780 - Use of RSA Algorithm without OAEP</option> <option value="CWE-782">CWE-782 - Exposed IOCTL with Insufficient Access Control</option> <option value="CWE-784">CWE-784 - Reliance on Cookies without Validation and Integrity Checking in a Security Decision</option> <option value="CWE-786">CWE-786 - Access of Memory Location Before Start of Buffer</option> <option value="CWE-787">CWE-787 - Out-of-bounds Write</option> <option value="CWE-788">CWE-788 - Access of Memory Location After End of Buffer</option> <option value="CWE-789">CWE-789 - Memory Allocation with Excessive Size Value</option> <option value="CWE-790">CWE-790 - Improper Filtering of Special Elements</option> <option value="CWE-791">CWE-791 - Incomplete Filtering of Special Elements</option> <option value="CWE-794">CWE-794 - Incomplete Filtering of Multiple Instances of Special Elements</option> <option value="CWE-798">CWE-798 - Use of Hard-coded Credentials</option> <option value="CWE-799">CWE-799 - Improper Control of Interaction Frequency</option> <option value="CWE-804">CWE-804 - Guessable CAPTCHA</option> <option value="CWE-805">CWE-805 - Buffer Access with Incorrect Length Value</option> <option value="CWE-807">CWE-807 - Reliance on Untrusted Inputs in a Security Decision</option> <option value="CWE-815">CWE-815 - OWASP Top Ten 2010 Category A6 - Security Misconfiguration</option> <option value="CWE-820">CWE-820 - Missing Synchronization</option> <option value="CWE-821">CWE-821 - Incorrect Synchronization</option> <option value="CWE-822">CWE-822 - Untrusted Pointer Dereference</option> <option value="CWE-823">CWE-823 - Use of Out-of-range Pointer Offset</option> <option value="CWE-824">CWE-824 - Access of Uninitialized Pointer</option> <option value="CWE-825">CWE-825 - Expired Pointer Dereference</option> <option value="CWE-826">CWE-826 - Premature Release of Resource During Expected Lifetime</option> <option value="CWE-829">CWE-829 - Inclusion of Functionality from Untrusted Control Sphere</option> <option value="CWE-830">CWE-830 - Inclusion of Web Functionality from an Untrusted Source</option> <option value="CWE-833">CWE-833 - Deadlock</option> <option value="CWE-834">CWE-834 - Excessive Iteration</option> <option value="CWE-835">CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')</option> <option value="CWE-836">CWE-836 - Use of Password Hash Instead of Password for Authentication</option> <option value="CWE-838">CWE-838 - Inappropriate Encoding for Output Context</option> <option value="CWE-839">CWE-839 - Numeric Range Comparison Without Minimum Check</option> <option value="CWE-840">CWE-840 - Business Logic Errors</option> <option value="CWE-841">CWE-841 - Improper Enforcement of Behavioral Workflow</option> <option value="CWE-842">CWE-842 - Placement of User into Incorrect Group</option> <option value="CWE-843">CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')</option> <option value="CWE-862">CWE-862 - Missing Authorization</option> <option value="CWE-863">CWE-863 - Incorrect Authorization</option> <option value="CWE-882">CWE-882 - CERT C++ Secure Coding Section 14 - Concurrency (CON)</option> <option value="CWE-895">CWE-895 - SFP Primary Cluster: Information Leak</option> <option value="CWE-908">CWE-908 - Use of Uninitialized Resource</option> <option value="CWE-909">CWE-909 - Missing Initialization of Resource</option> <option value="CWE-910">CWE-910 - Use of Expired File Descriptor</option> <option value="CWE-911">CWE-911 - Improper Update of Reference Count</option> <option value="CWE-912">CWE-912 - Hidden Functionality</option> <option value="CWE-913">CWE-913 - Improper Control of Dynamically-Managed Code Resources</option> <option value="CWE-914">CWE-914 - Improper Control of Dynamically-Identified Variables</option> <option value="CWE-915">CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes</option> <option value="CWE-916">CWE-916 - Use of Password Hash With Insufficient Computational Effort</option> <option value="CWE-917">CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression La</option> <option value="CWE-918">CWE-918 - Server-Side Request Forgery (SSRF)</option> <option value="CWE-920">CWE-920 - Improper Restriction of Power Consumption</option> <option value="CWE-921">CWE-921 - Storage of Sensitive Data in a Mechanism without Access Control</option> <option value="CWE-922">CWE-922 - Insecure Storage of Sensitive Information</option> <option value="CWE-923">CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints</option> <option value="CWE-924">CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel</option> <option value="CWE-926">CWE-926 - Improper Export of Android Application Components</option> <option value="CWE-927">CWE-927 - Use of Implicit Intent for Sensitive Communication</option> <option value="CWE-938">CWE-938 - OWASP Top Ten 2013 Category A10 - Unvalidated Redirects and Forwards</option> <option value="CWE-939">CWE-939 - Improper Authorization in Handler for Custom URL Scheme</option> <option value="CWE-940">CWE-940 - Improper Verification of Source of a Communication Channel</option> <option value="CWE-941">CWE-941 - Incorrectly Specified Destination in a Communication Channel</option> <option value="CWE-942">CWE-942 - Permissive Cross-domain Policy with Untrusted Domains</option> <option value="CWE-943">CWE-943 - Improper Neutralization of Special Elements in Data Query Logic</option> <option value="CWE-952">CWE-952 - SFP Secondary Cluster: Missing Authentication</option> <option value="CWE-1004">CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag</option> <option value="CWE-1021">CWE-1021 - Improper Restriction of Rendered UI Layers or Frames</option> <option value="CWE-1022">CWE-1022 - Use of Web Link to Untrusted Target with window.opener Access</option> <option value="CWE-1023">CWE-1023 - Incomplete Comparison with Missing Factors</option> <option value="CWE-1024">CWE-1024 - Comparison of Incompatible Types</option> <option value="CWE-1026">CWE-1026 - Weaknesses in OWASP Top Ten (2017)</option> <option value="CWE-1027">CWE-1027 - OWASP Top Ten 2017 Category A1 - Injection</option> <option value="CWE-1038">CWE-1038 - Insecure Automated Optimizations</option> <option value="CWE-1049">CWE-1049 - Excessive Data Query Operations in a Large Data Table</option> <option value="CWE-1050">CWE-1050 - Excessive Platform Resource Consumption within a Loop</option> <option value="CWE-1059">CWE-1059 - Insufficient Technical Documentation</option> <option value="CWE-1076">CWE-1076 - Insufficient Adherence to Expected Conventions</option> <option value="CWE-1077">CWE-1077 - Floating Point Comparison with Incorrect Operator</option> <option value="CWE-1083">CWE-1083 - Data Access from Outside Expected Data Manager Component</option> <option value="CWE-1088">CWE-1088 - Synchronous Access of Remote Resource without Timeout</option> <option value="CWE-1103">CWE-1103 - Use of Platform-Dependent Third Party Components</option> <option value="CWE-1104">CWE-1104 - Use of Unmaintained Third Party Components</option> <option value="CWE-1108">CWE-1108 - Excessive Reliance on Global Variables</option> <option value="CWE-1112">CWE-1112 - Incomplete Documentation of Program Execution</option> <option value="CWE-1118">CWE-1118 - Insufficient Documentation of Error Handling Techniques</option> <option value="CWE-1119">CWE-1119 - Excessive Use of Unconditional Branching</option> <option value="CWE-1125">CWE-1125 - Excessive Attack Surface</option> <option value="CWE-1173">CWE-1173 - Improper Use of Validation Framework</option> <option value="CWE-1187">CWE-1187 - DEPRECATED: Use of Uninitialized Resource</option> <option value="CWE-1188">CWE-1188 - Insecure Default Initialization of Resource</option> <option value="CWE-1190">CWE-1190 - DMA Device Enabled Too Early in Boot Phase</option> <option value="CWE-1218">CWE-1218 - Memory Buffer Errors</option> <option value="CWE-1220">CWE-1220 - Insufficient Granularity of Access Control</option> <option value="CWE-1221">CWE-1221 - Incorrect Register Defaults or Module Parameters</option> <option value="CWE-1224">CWE-1224 - Improper Restriction of Write-Once Bit Fields</option> <option value="CWE-1230">CWE-1230 - Exposure of Sensitive Information Through Metadata</option> <option value="CWE-1231">CWE-1231 - Improper Prevention of Lock Bit Modification</option> <option value="CWE-1233">CWE-1233 - Security-Sensitive Hardware Controls with Missing Lock Bit Protection</option> <option value="CWE-1236">CWE-1236 - Improper Neutralization of Formula Elements in a CSV File</option> <option value="CWE-1241">CWE-1241 - Use of Predictable Algorithm in Random Number Generator</option> <option value="CWE-1244">CWE-1244 - Internal Asset Exposed to Unsafe Debug Access Level or State</option> <option value="CWE-1246">CWE-1246 - Improper Write Handling in Limited-write Non-Volatile Memories</option> <option value="CWE-1247">CWE-1247 - Improper Protection Against Voltage and Clock Glitches</option> <option value="CWE-1250">CWE-1250 - Improper Preservation of Consistency Between Independent Representations of Shared State</option> <option value="CWE-1254">CWE-1254 - Incorrect Comparison Logic Granularity</option> <option value="CWE-1258">CWE-1258 - Exposure of Sensitive System Information Due to Uncleared Debug Information</option> <option value="CWE-1259">CWE-1259 - Improper Restriction of Security Token Assignment</option> <option value="CWE-1262">CWE-1262 - Improper Access Control for Register Interface</option> <option value="CWE-1263">CWE-1263 - Improper Physical Access Control</option> <option value="CWE-1270">CWE-1270 - Generation of Incorrect Security Tokens</option> <option value="CWE-1274">CWE-1274 - Improper Access Control for Volatile Memory Containing Boot Code</option> <option value="CWE-1275">CWE-1275 - Sensitive Cookie with Improper SameSite Attribute</option> <option value="CWE-1278">CWE-1278 - Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techni</option> <option value="CWE-1282">CWE-1282 - Assumed-Immutable Data is Stored in Writable Memory</option> <option value="CWE-1283">CWE-1283 - Mutable Attestation or Measurement Reporting Data</option> <option value="CWE-1284">CWE-1284 - Improper Validation of Specified Quantity in Input</option> <option value="CWE-1285">CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input</option> <option value="CWE-1286">CWE-1286 - Improper Validation of Syntactic Correctness of Input</option> <option value="CWE-1287">CWE-1287 - Improper Validation of Specified Type of Input</option> <option value="CWE-1288">CWE-1288 - Improper Validation of Consistency within Input</option> <option value="CWE-1289">CWE-1289 - Improper Validation of Unsafe Equivalence in Input</option> <option value="CWE-1291">CWE-1291 - Public Key Re-Use for Signing both Debug and Production Code</option> <option value="CWE-1295">CWE-1295 - Debug Messages Revealing Unnecessary Information</option> <option value="CWE-1299">CWE-1299 - Missing Protection Mechanism for Alternate Hardware Interface</option> <option value="CWE-1303">CWE-1303 - Non-Transparent Sharing of Microarchitectural Resources</option> <option value="CWE-1319">CWE-1319 - Improper Protection against Electromagnetic Fault Injection (EM-FI)</option> <option value="CWE-1320">CWE-1320 - Improper Protection for Outbound Error Messages and Alert Signals</option> <option value="CWE-1321">CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')</option> <option value="CWE-1325">CWE-1325 - Improperly Controlled Sequential Memory Allocation</option> <option value="CWE-1326">CWE-1326 - Missing Immutable Root of Trust in Hardware</option> <option value="CWE-1327">CWE-1327 - Binding to an Unrestricted IP Address</option> <option value="CWE-1329">CWE-1329 - Reliance on Component That is Not Updateable</option> <option value="CWE-1333">CWE-1333 - Inefficient Regular Expression Complexity</option> <option value="CWE-1335">CWE-1335 - Incorrect Bitwise Shift of Integer</option> <option value="CWE-1336">CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine</option> <option value="CWE-1352">CWE-1352 - OWASP Top Ten 2021 Category A06:2021 - Vulnerable and Outdated Components</option> <option value="CWE-1385">CWE-1385 - Missing Origin Validation in WebSockets</option> <option value="CWE-1386">CWE-1386 - Insecure Operation on Windows Junction / Mount Point</option> <option value="CWE-1390">CWE-1390 - Weak Authentication</option> <option value="CWE-1391">CWE-1391 - Use of Weak Credentials</option> <option value="CWE-1392">CWE-1392 - Use of Default Credentials</option> <option value="CWE-1393">CWE-1393 - Use of Default Password</option> <option value="NVD-CWE-noinfo">NVD-CWE-noinfo - Insufficient Information</option> <option value="NVD-CWE-Other">NVD-CWE-Other - Other</option> </select> </div> <!-- Hidden input resolves to /site/rest/public --> <input type="hidden" id="InputRestBasePath" value="/rest/public"> <!-- CPE Name area start --> <div> <fieldset> <legend>CPE</legend> <p> <small>Begin typing your keyword to find the CPE.</small> <button type="button" id="ResetCpeLinkButton" class="btn btn-sm btn-other">Reset CPE Info</button> </p> <!-- VENDOR --> <div> <div id="MatchTypeLabel" class="form-group"> <label class="radio-inline"> <input value="false" type="radio" id="MatchTypeCpeMatchString" checked="checked" name="isCpeNameSearch"> Applicability Statements </label> <label class="radio-inline"> <input value="true" type="radio" id="MatchTypeCpeName" name="isCpeNameSearch"> CPE Names </label> </div> <div id="VendorLabel" class="form-group" style="display: none"> <fieldset> <legend>Vendor</legend> <span id="cpeVendorText"></span> </fieldset> </div> <div id="VendorSelect" class="form-group form-group-sm" style="display: none"> <label for="CpeVendorDropDown">Vendor</label> <select id="CpeVendorDropDown" class="form-control"> </select> </div> <div id="VendorChooser" class="form-group form-group-sm"> <label for="CpeVendorAutoSearchBox">Vendor</label> <input type="text" maxlength="100" id="CpeVendorAutoSearchBox" class="form-control"/> </div> <input type="hidden" name="cpe_vendor" id="CpeVendorHidden"/> <input type="hidden" id="VendorHidden"/> </div> <!-- PRODUCT --> <div> <div id="ProductLabel" class="form-group" style="display: none"> <fieldset> <legend>Product</legend> <span id="cpeProductText"></span> </fieldset> </div> <div id="ProductSelect" class="form-group form-group-sm" style="display: none"> <label for="CpeProductDropDown">Product</label> <select id="CpeProductDropDown" class="form-control"> </select> </div> <div id="ProductChooser" class="form-group form-group-sm"> <label for="CpeProductAutoSearchBox">Product</label> <input type="text" maxlength="100" id="CpeProductAutoSearchBox" class="form-control"/> </div> <input type="hidden" name="cpe_product" id="CpeProductHidden"/> <input type="hidden" id="ProductHidden"/> </div> <!-- VERSION --> <div> <div id="VersionLabel" class="form-group" style="display: none"> <fieldset> <legend>Version</legend> <span id="cpeVersionText"></span> </fieldset> </div> <div id="VersionSelect" class="form-group form-group-sm" style="display: none"> <label for="CpeVersionDropDown">Version</label> <select id="CpeVersionDropDown" class="form-control"> </select> <p>NOTE: NVD may not contain all vulnerable version numbers. Using this option may cause one to overlook vulnerabilities.</p> </div> <div id="VersionChooser" class="form-group form-group-sm" style="display: none"> <label for="CpeVersionAutoSearchBox">Version:</label> <input type="text" maxlength="100" id="CpeVersionAutoSearchBox" class="form-control"/> <p class="text-warning">More than 20 versions were found, begin typing the version below.</p> <p> <span class="label label-warning">NOTE:</span> NVD may not contain all vulnerable version numbers. Using this option may cause one to overlook vulnerabilities. </p> </div> <input type="hidden" name="cpe_version" id="CpeVersionHidden"/> <input type="hidden" id="VersionHidden"/> </div> </fieldset> </div> <!-- CPE NAME AREA -- END --> </div> </div> <div class="col-md-4 advanced-search-shown"> <div id="CvssVersionRbl" class="form-group"> <fieldset> <legend>CVSS Metrics</legend> <label class="radio-inline"> <input type="radio" name="cvss_version" value="3" id="CvssVersion3"/>Version 3.x </label> <label class="radio-inline"> <input type="radio" name="cvss_version" value="2" id="CvssVersion2"/>Version2 </label> <label class="radio-inline"> <input type="radio" name="cvss_version" value="" checked id="CvssVersionNone"/>All </label> </fieldset> <input type="hidden" id="CvssVersionHidden" value=""/> </div> <div id="CvssV2MetricsContainer"> <input type="hidden" name="cvss_v2_metrics" data-cvss-value="" id="Cvss2MetricsHidden"/> <div class="col-md-6"> <div class="form-group"> <fieldset> <legend class="metric-label">Severity Score Range</legend> <div class="btn-group btn-group-vertical" role="group" aria-label="Severity Score Range" data-group="cvss2-sev" data-hidden-target="Cvss2SevBaseHidden"> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="" data-testid="vuln-cvss2-sev-any">Any</button> <button type="button" class="btn btn-default" data-active-class="btn-low" value="LOW" data-testid="vuln-cvss2-sev-low">Low (0-3)</button> <button type="button" class="btn btn-default" data-active-class="btn-warning" value="MEDIUM" data-testid="vuln-cvss2-sev-medium">Medium (4-6)</button> <button type="button" class="btn btn-default" data-active-class="btn-high" value="MEDIUM_HIGH" data-testid="vuln-cvss2-sev-high-medium">High and Medium (4-10)</button> <button type="button" class="btn btn-default" data-active-class="btn-danger" value="HIGH" data-testid="vuln-cvss2-sev-high">High (7-10)</button> </div> </fieldset> <input type="hidden" name="cvss_v2_severity" id="Cvss2SevBaseHidden" data-cvss-value=""/> </div> <div class="form-group"> <fieldset> <legend class="metric-label"> Access Vector (AV) </legend> <div class="btn-group btn-group-vertical" role="group" aria-label="Attack Vector" data-group="cvss2-av" data-hidden-target="Cvss2AvHidden"> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="" data-testid="vuln-cvss2-av-any">Any</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="AV:N" data-testid="vuln-cvss2-av-n">Network (N)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="AV:A" data-testid="vuln-cvss2-av-a">Adjacent Network (A)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="AV:L" data-testid="vuln-cvss2-av-l">Local (L)</button> </div> </fieldset> <input type="hidden" id="Cvss2AvHidden"/> </div> <div class="form-group"> <fieldset> <legend class="metric-label"> Access Complexity (AC) </legend> <div class="btn-group btn-group-vertical" role="group" aria-label="" data-group="cvss2-ac" data-hidden-target="Cvss2AcHidden"> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="" data-testid="vuln-cvss2-ac-any">Any</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="AC:L" data-testid="vuln-cvss2-ac-l">Low (L)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="AC:M" data-testid="vuln-cvss2-ac-m">Medium (M)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="AC:H" data-testid="vuln-cvss2-ac-h">High (H)</button> </div> </fieldset> <input type="hidden" id="Cvss2AcHidden"/> </div> <div class="form-group"> <fieldset> <legend class="metric-label"> Authentication (Au) </legend> <div class="btn-group btn-group-vertical" role="group" aria-label="" data-group="cvss2-au" data-hidden-target="Cvss2AuHidden"> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="" data-testid="vuln-cvss2-au-any">Any</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="Au:N" data-testid="vuln-cvss2-au-n">None (N)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="Au:S" data-testid="vuln-cvss2-au-s">Single (S)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="Au:M" data-testid="vuln-cvss2-au-m">Multiple (M)</button> </div> </fieldset> <input type="hidden" id="Cvss2AuHidden"/> </div> </div> <div class="col-md-1"></div> <div class="col-md-5"> <div class="form-group"> <fieldset> <legend class="metric-label"> Confidentiality (C) </legend> <div class="btn-group btn-group-vertical" role="group" aria-label="" data-group="cvss2-c" data-hidden-target="Cvss2CHidden"> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="" data-testid="vuln-cvss2-c-any">Any</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="C:N" data-testid="vuln-cvss2-c-n">None (N)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="C:P" data-testid="vuln-cvss2-c-p">Partial (P)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="C:C" data-testid="vuln-cvss2-c-c">Complete (C)</button> </div> </fieldset> <input type="hidden" id="Cvss2CHidden"/> </div> <div class="form-group"> <fieldset> <legend class="metric-label"> Integrity (I) </legend> <div class="btn-group btn-group-vertical" role="group" aria-label="" data-group="cvss2-i" data-hidden-target="Cvss2IHidden"> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="" data-testid="vuln-cvss2-i-any">Any</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="I:N" data-testid="vuln-cvss2-i-n">None (N)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="I:P" data-testid="vuln-cvss2-i-p">Partial (P)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="I:C" data-testid="vuln-cvss2-i-c">Complete (C)</button> </div> </fieldset> <input type="hidden" id="Cvss2IHidden"/> </div> <div class="form-group"> <fieldset> <legend class="metric-label"> Availability (A) </legend> <div class="btn-group btn-group-vertical" role="group" aria-label="" data-group="cvss2-a" data-hidden-target="Cvss2AHidden"> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="" data-testid="vuln-cvss2-a-any">Any</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="A:N" data-testid="vuln-cvss2-a-n">None (N)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="A:P" data-testid="vuln-cvss2-a-p">Partial (P)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="A:C" data-testid="vuln-cvss2-a-c">Complete (C)</button> </div> </fieldset> <input type="hidden" id="Cvss2AHidden"/> </div> </div> </div> <div id="CvssV3MetricsContainer" style="display: none;"> <input type="hidden" name="cvss_v3_metrics" data-cvss-value="" id="Cvss3MetricsHidden"/> <div class="col-md-6"> <div class="form-group"> <fieldset> <legend class="metric-label"> Severity Score Range </legend> <div class="btn-group btn-group-vertical" role="group" aria-label="" data-group="cvss3-sev" data-hidden-target="Cvss3SevBaseHidden"> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="" data-testid="vuln-cvss3-sev-any">Any</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="NONE" data-testid="vuln-cvss3-sev-none">None (0.0)</button> <button type="button" class="btn btn-default" data-active-class="btn-low" value="LOW" data-testid="vuln-cvss3-sev-low">Low (0.1-3.9)</button> <button type="button" class="btn btn-default" data-active-class="btn-warning" value="MEDIUM" data-testid="vuln-cvss3-sev-medium">Medium (4-6.9)</button> <button type="button" class="btn btn-default" data-active-class="btn-danger" value="HIGH" data-testid="vuln-cvss3-sev-high">High (7-8.9)</button> <button type="button" class="btn btn-default" data-active-class="btn-critical" value="CRITICAL" data-testid="vuln-cvss3-sev-critical">Critical (9-10)</button> </div> </fieldset> <input type="hidden" name="cvss_v3_severity" id="Cvss3SevBaseHidden" data-cvss-value=""/> </div> <div class="form-group"> <fieldset> <legend class="metric-label"> Attack Vector (AV) </legend> <div class="btn-group btn-group-vertical" role="group" aria-label="" data-group="cvss3-av" data-hidden-target="Cvss3AvHidden"> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="" data-testid="vuln-cvss3-av-any">Any</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="AV:N" data-testid="vuln-cvss3-av-n">Network (N)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="AV:A" data-testid="vuln-cvss3-av-a">Adjacent (A)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="AV:L" data-testid="vuln-cvss3-av-l">Local (L)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="AV:P" data-testid="vuln-cvss3-av-p">Physical (P)</button> </div> </fieldset> <input type="hidden" id="Cvss3AvHidden"/> </div> <div class="form-group"> <fieldset> <legend class="metric-label"> Attack Complexity (AC) </legend> <div class="btn-group btn-group-vertical" role="group" aria-label="" data-group="cvss3-ac" data-hidden-target="Cvss3AcHidden"> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="" data-testid="vuln-cvss3-ac-any">Any</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="AC:L" data-testid="vuln-cvss3-ac-l">Low (L)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="AC:H" data-testid="vuln-cvss3-ac-h">High (H)</button> </div> </fieldset> <input type="hidden" id="Cvss3AcHidden"/> </div> <div class="form-group"> <fieldset> <legend class="metric-label"> Privileges Required (PR) </legend> <div class="btn-group btn-group-vertical" role="group" aria-label="" data-group="cvss3-pr" data-hidden-target="Cvss3PrHidden"> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="" data-testid="vuln-cvss3-pr-any">Any</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="PR:N" data-testid="vuln-cvss3-pr-n">None (N)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="PR:L" data-testid="vuln-cvss3-pr-l">Low (L)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="PR:H" data-testid="vuln-cvss3-pr-h">High (H)</button> </div> </fieldset> <input type="hidden" id="Cvss3PrHidden"/> </div> <div class="form-group"> <fieldset> <legend class="metric-label"> User Interaction (UI) </legend> <div class="btn-group btn-group-vertical" role="group" aria-label="" data-group="cvss3-ui" data-hidden-target="Cvss3UiHidden"> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="" data-testid="vuln-cvss3-ui-any">Any</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="UI:N" data-testid="vuln-cvss3-ui-n">None (N)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="UI:R" data-testid="vuln-cvss3-ui-r">Required (R)</button> </div> </fieldset> <input type="hidden" id="Cvss3UiHidden"/> </div> </div> <div class="col-md-1"></div> <div class="col-md-5"> <div class="form-group"> <fieldset> <legend class="metric-label"> Scope (S) </legend> <div class="btn-group btn-group-vertical" role="group" aria-label="" data-group="cvss3-s" data-hidden-target="Cvss3SHidden"> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="" data-testid="vuln-cvss3-s-any">Any</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="S:U" data-testid="vuln-cvss3-s-u">Unchanged (U)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="S:C" data-testid="vuln-cvss3-s-c">Changed (C)</button> </div> </fieldset> <input type="hidden" id="Cvss3SHidden"/> </div> <div class="form-group"> <fieldset> <legend class="metric-label"> Confidentiality (C) </legend> <div class="btn-group btn-group-vertical" role="group" aria-label="" data-group="cvss3-c" data-hidden-target="Cvss3CHidden"> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="" data-testid="vuln-cvss3-c-any">Any</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="C:N" data-testid="vuln-cvss3-c-n">None (N)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="C:L" data-testid="vuln-cvss3-c-l">Low (L)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="C:H" data-testid="vuln-cvss3-c-h">High (H)</button> </div> </fieldset> <input type="hidden" id="Cvss3CHidden"/> </div> <div class="form-group"> <fieldset> <legend class="metric-label"> Integrity (I) </legend> <div class="btn-group btn-group-vertical" role="group" aria-label="" data-group="cvss3-i" data-hidden-target="Cvss3IHidden"> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="" data-testid="vuln-cvss3-i-any">Any</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="I:N" data-testid="vuln-cvss3-i-n">None (N)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="I:L" data-testid="vuln-cvss3-i-l">Low (L)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="I:H" data-testid="vuln-cvss3-i-h">High (H)</button> </div> </fieldset> <input type="hidden" id="Cvss3IHidden"/> </div> <div class="form-group"> <fieldset> <legend class="metric-label"> Availability (A) </legend> <div class="btn-group btn-group-vertical" role="group" aria-label="" data-group="cvss3-a" data-hidden-target="Cvss3AHidden"> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="" data-testid="vuln-cvss3-a-any">Any</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="A:N" data-testid="vuln-cvss3-a-n">None (N)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="A:L" data-testid="vuln-cvss3-a-l">Low (L)</button> <button type="button" class="btn btn-default" data-active-class="btn-primary" value="A:H" data-testid="vuln-cvss3-a-h">High (H)</button> </div> </fieldset> <input type="hidden" id="Cvss3AHidden"/> </div> </div> </div> </div> <div class="col-md-4"> <div class="advanced-search-shown"> <div class="form-group"> <label for="published-start-date"> Published Date Range </label> <div class="form-inline form-date-inline"> <div class="input-group date" data-date-picker="true"> <input type="text" id="published-start-date" class="form-control" placeholder="/ /" data-control-type="date" data-validation="true" data-validation-message="From date must be less than To date" data-validation-type="less-than-date" data-validation-compare-field="pubs-search-date-to" name="pub_start_date" value=""/> <span class="input-group-addon"> <span class="fa fa-calendar"> </span> </span> </div> <div class="input-group date" data-date-picker="true"> <label class="hidden" for="published-end-date">Published End Date</label> <input type="text" id="published-end-date" class="form-control" placeholder="/ /" data-control-type="date" name="pub_end_date" value=""/> <span class="input-group-addon"> <span class="fa fa-calendar"> </span> </span> </div> </div> </div> <div class="form-group form-group-sm"> <label for="modified-start-date"> Last Modified Date Range </label> <div class="form-inline form-date-inline"> <div class="input-group date" data-date-picker="true"> <input type="text" id="modified-start-date" class="form-control" placeholder="/ /" data-control-type="date" data-validation="true" data-validation-message="From date must be less than To date" data-validation-type="less-than-date" data-validation-compare-field="pubs-search-date-to" name="mod_start_date" value=""/> <span class="input-group-addon"> <span class="fa fa-calendar"> </span> </span> </div> <div class="input-group date" data-date-picker="true"> <label class="hidden" for="modified-end-date">Modified End Date</label> <input type="text" id="modified-end-date" class="form-control" placeholder="/ /" data-control-type="date" name="mod_end_date" value=""/> <span class="input-group-addon"> <span class="fa fa-calendar"> </span> </span> </div> </div> </div> </div> <div class="form-group"> <fieldset> <legend> Contains HyperLinks </legend> <div class="form-inline" style="margin-left: 1rem;"> <span> <input type="checkbox" class="form-check-input" value="CISA Known Exploited Vulnerabilities" id="KEV" name="hyperlink_types"/><input type="hidden" name="_hyperlink_types" value="on"/> <label class="form-check-label" for="KEV">CISA <a href="https://web.archive.org/web/20231005173220/https://www.cisa.gov/known-exploited-vulnerabilities-catalog" target="_blank">Known Exploited Vulnerabilities</a></label> <br/> </span><span> <input type="checkbox" class="form-check-input" value="US-CERT Technical Alerts" id="UsCertTA" name="hyperlink_types"/><input type="hidden" name="_hyperlink_types" value="on"/> <label class="form-check-label" for="UsCertTA">US-CERT <a href="https://web.archive.org/web/20231005173220/https://www.cisa.gov/uscert/ncas/alerts" target="_blank">Technical Alerts</a></label> <br/> </span><span> <input type="checkbox" class="form-check-input" value="US-CERT Vulnerability Notes" id="UsCertVN" name="hyperlink_types"/><input type="hidden" name="_hyperlink_types" value="on"/> <label class="form-check-label" for="UsCertVN">US-CERT <a href="https://web.archive.org/web/20231005173220/http://www.kb.cert.org/vuls/bypublished/desc/" target="_blank">Vulnerability Notes</a></label> <br/> </span><span> <input type="checkbox" class="form-check-input" value="OVAL Queries" id="OVAL" name="hyperlink_types"/><input type="hidden" name="_hyperlink_types" value="on"/> <label class="form-check-label" for="OVAL"><a href="https://web.archive.org/web/20231005173220/http://oval.mitre.org/" target="_blank">OVAL</a> Queries</label> <br/> </span> </div> </fieldset> </div> <div class="form-group"> <button type="submit" id="vuln-search-submit" data-form-button="submit" class="btn">Search</button> <button type="reset" id="vuln-search-reset" data-form-button="reset" class="btn">Reset</button> </div> </div> </div> </form> <script src="/web/20231005173220js_/https://nvd.nist.gov/site-media/js/vulnerability/nvd-search.js" type="text/javascript"></script> </div> </div> </div> </main> <footer id="footer" role="contentinfo"> <div class="container"> <div class="row"> <div class="col-sm-12"> <ul class="social-list pull-right"> <li class="field-item service-twitter list-horiz"><a href="https://web.archive.org/web/20231005173220/https://twitter.com/NISTCyber" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-twitter fa-fw"><span class="element-invisible">twitter</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a></li> <li class="field-item service-facebook list-horiz"><a href="https://web.archive.org/web/20231005173220/https://www.facebook.com/NIST" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-facebook fa-fw"><span class="element-invisible">facebook</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-linkedin list-horiz"><a href="https://web.archive.org/web/20231005173220/https://www.linkedin.com/company/nist" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-linkedin fa-fw"><span class="element-invisible">linkedin</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-youtube list-horiz"><a href="https://web.archive.org/web/20231005173220/https://www.youtube.com/user/USNISTGOV" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-youtube fa-fw"><span class="element-invisible">youtube</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-rss list-horiz"><a href="https://web.archive.org/web/20231005173220/https://www.nist.gov/news-events/nist-rss-feeds" target="_blank" class="social-btn social-btn--large extlink"> <i class="fa fa-rss fa-fw"><span class="element-invisible">rss</span></i> </a></li> <li class="field-item service-govdelivery list-horiz last"><a href="https://web.archive.org/web/20231005173220/https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-envelope fa-fw"><span class="element-invisible">govdelivery</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a></li> </ul> <span class="hidden-xs"> <a title="National Institute of Standards and Technology" rel="home" class="footer-nist-logo"> <img src="/web/20231005173220im_/https://nvd.nist.gov/site-media/images/nist/nist-logo.png" alt="National Institute of Standards and Technology logo"/> </a> </span> </div> </div> <div class="row hidden-sm hidden-md hidden-lg"> <div class="col-sm-12"> <a href="https://web.archive.org/web/20231005173220/https://www.nist.gov/" title="National Institute of Standards and Technology" rel="home" target="_blank" class="footer-nist-logo"> <img src="/web/20231005173220im_/https://nvd.nist.gov/site-media/images/nist/nist-logo.png" alt="National Institute of Standards and Technology logo"/> </a> </div> </div> <div class="row footer-contact-container"> <div class="col-sm-6"> <strong>HEADQUARTERS</strong> <br> 100 Bureau Drive <br> Gaithersburg, MD 20899 <br> <a href="https://web.archive.org/web/20231005173220/tel:301-975-2000">(301) 975-2000</a> <br> <br> <a href="https://web.archive.org/web/20231005173220/mailto:nvd@nist.gov">Webmaster</a> | <a href="https://web.archive.org/web/20231005173220/https://www.nist.gov/about-nist/contact-us">Contact Us</a> | <a href="https://web.archive.org/web/20231005173220/https://www.nist.gov/about-nist/visit" style="display: inline-block;">Our Other Offices</a> </div> <div class="col-sm-6"> <div class="pull-right" style="text-align:right"> <strong>Incident Response Assistance and Non-NVD Related<br>Technical Cyber Security Questions:</strong> <br> US-CERT Security Operations Center <br> Email: <a href="https://web.archive.org/web/20231005173220/mailto:soc@us-cert.gov">soc@us-cert.gov</a> <br> Phone: 1-888-282-0870 </div> </div> </div> <div class="row"> <nav title="Footer Navigation" role="navigation" class="row footer-bottom-links-container"> <!-- https://github.com/usnistgov/nist-header-footer/blob/nist-pages/boilerplate-footer.html --> <p> <a href="https://web.archive.org/web/20231005173220/https://www.nist.gov/oism/site-privacy">Site Privacy</a> | <a href="https://web.archive.org/web/20231005173220/https://www.nist.gov/oism/accessibility">Accessibility</a> | <a href="https://web.archive.org/web/20231005173220/https://www.nist.gov/privacy">Privacy Program</a> | <a href="https://web.archive.org/web/20231005173220/https://www.nist.gov/oism/copyrights">Copyrights</a> | <a href="https://web.archive.org/web/20231005173220/https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a> | <a href="https://web.archive.org/web/20231005173220/https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a> | <a href="https://web.archive.org/web/20231005173220/https://www.nist.gov/foia">FOIA</a> | <a href="https://web.archive.org/web/20231005173220/https://www.nist.gov/environmental-policy-statement">Environmental Policy</a> | <a href="https://web.archive.org/web/20231005173220/https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a> | <a href="https://web.archive.org/web/20231005173220/https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a> | <a href="https://web.archive.org/web/20231005173220/https://www.commerce.gov/">Commerce.gov</a> | <a href="https://web.archive.org/web/20231005173220/https://www.science.gov/">Science.gov</a> | <a href="https://web.archive.org/web/20231005173220/https://www.usa.gov/">USA.gov</a> </p> </nav> </div> </div> </footer> </body> </html> <!-- FILE ARCHIVED ON 17:32:20 Oct 05, 2023 AND RETRIEVED FROM THE INTERNET ARCHIVE ON 22:24:09 Nov 28, 2024. JAVASCRIPT APPENDED BY WAYBACK MACHINE, COPYRIGHT INTERNET ARCHIVE. ALL OTHER CONTENT MAY ALSO BE PROTECTED BY COPYRIGHT (17 U.S.C. SECTION 108(a)(3)). --> <!-- playback timings (ms): captures_list: 0.546 exclusion.robots: 0.024 exclusion.robots.policy: 0.014 esindex: 0.01 cdx.remote: 6.784 LoadShardBlock: 355.446 (3) PetaboxLoader3.datanode: 270.971 (5) PetaboxLoader3.resolve: 317.743 (4) load_resource: 318.027 (2) -->