The Vulnerability History Project
Severity: Privileges Required - High Struts subsystem: plugins Chromium subsystem: pdfium CWE-641: Improper Restriction of Names for Files and Other Resources Severity: Scope - Changed CWE-19: Data Processing Errors CWE-CWE-ID: Name Chromium subsystem: gpu Struts subsystem: validator Discovered Internally systemd subsystem: shared Chromium subsystem: ffmpeg Lesson: Security By Obscurity Severity: Availability Impact - Low CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Language: C++ CWE-129: Improper Validation of Array Index Severity: Confidentiality Impact - Low Severity: User Interaction - Required Linux Kernel subsystem: perf CWE-909: Missing Initialization of Resource CWE-704: Incorrect Type Conversion or Cast CWE-665: Improper Initialization Severity: Integrity Impact - Complete CWE-134: Use of Externally-Controlled Format String CWE-908: Use of Uninitialized Resource CWE-532: Insertion of Sensitive Information into Log File CWE-121: Stack-based Buffer Overflow Tomcat subsystem: http2 CWE-159: Improper Handling of Invalid Use of Special Elements CWE-311: Missing Encryption of Sensitive Data CWE-502: Deserialization of Untrusted Data Linux Kernel subsystem: drivers Linux Kernel subsystem: arch Chromium subsystem: autofill Chromium subsystem: media Severity: User Interaction - None Chromium subsystem: plugins Chromium subsystem: tab_contents Chromium subsystem: dom CWE-384: Session Fixation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer Lesson: Reverting Codebase CWE-456: Missing Initialization of a Variable Lifetime: 2 to 5 years CWE-416: Use After Free Lifetime: 30 to 90 days CWE-209: Generation of Error Message Containing Sensitive Information CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax CWE-191: Integer Underflow (Wrap or Wraparound) Tomcat subsystem: startup Language: Python Chromium subsystem: blink svg Linux Kernel subsystem: bpf Chromium subsystem: openjpeg Dependency Issue HTTPD subsystem: proxy Lesson: Too Many Cooks CWE-264: Permissions, Privileges, and Access Controls CWE-749: Exposed Dangerous Method or Function CWE-184: Incomplete List of Disallowed Inputs Chromium subsystem: content Tomcat subsystem: core CWE-703: Improper Check or Handling of Exceptional Conditions CWE-326: Inadequate Encryption Strength Chromium subsystem: Chromium subsystem: v8 CWE-833: Deadlock Chromium subsystem: harfbuzz Django subsystem: authentication CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences CWE-680: Integer Overflow to Buffer Overflow CWE-834: Excessive Iteration CWE-681: Incorrect Conversion between Numeric Types CWE-279: Incorrect Execution-Assigned Permissions CWE-295: Improper Certificate Validation CWE-252: Unchecked Return Value Struts subsystem: xwork-core Struts subsystem: xwork2 CWE-354: Improper Validation of Integrity Check Value CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-653: Improper Isolation or Compartmentalization Project: Struts HTTPD subsystem: dav Lesson: Environment Variables HTTPD subsystem: http Struts subsystem: dispatcher Chromium subsystem: browser CWE-667: Improper Locking Order of Operations Severity: Availability Impact - Complete HTTPD subsystem: core Chromium subsystem: common CWE-359: Exposure of Private Personal Information to an Unauthorized Actor CWE-755: Improper Handling of Exceptional Conditions CWE-488: Exposure of Data Element to Wrong Session Discovered Automatically FFmpeg subsystem: avfilter CWE-358: Improperly Implemented Security Check for Standard Chromium subsystem: webgl CWE-664: Improper Control of a Resource Through its Lifetime Chromium subsystem: storage CWE-457: Use of Uninitialized Variable CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-203: Observable Discrepancy Tomcat subsystem: connector CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Lifetime: 5+ years systemd subsystem: journald Chromium subsystem: net CWE-361: 7PK - Time and State Linux Kernel subsystem: kvm Discovered Externally Lifetime: 1 to 2 years Struts subsystem: rest Linux Kernel subsystem: sctp Language: C CWE-285: Improper Authorization Struts subsystem: mapper Severity: Privileges Required - Low Chromium subsystem: webkit CWE-787: Out-of-bounds Write Lesson: Least Privilege CWE-254: 7PK - Security Features Project: Linux Kernel Lesson: Code Refactors Severity: Attack Complexity - Medium Severity: Attack Complexity - High CWE-319: Cleartext Transmission of Sensitive Information CWE-193: Off-by-one Error Lesson: You Ain't Gonna Need It CWE-269: Improper Privilege Management Project: FFmpeg CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-122: Heap-based Buffer Overflow CWE-200: Exposure of Sensitive Information to an Unauthorized Actor Chromium subsystem: chrome Chromium subsystem: omnibox Django subsystem: views HTTPD subsystem: loggers Chromium subsystem: cc Struts subsystem: ognl Linux Kernel subsystem: mm CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') CWE-266: Incorrect Privilege Assignment FFmpeg subsystem: libavcodec Lesson: Defense in Depth Linux Kernel subsystem: btrfs Django subsystem: utils Chromium subsystem: ui CWE-662: Improper Synchronization Discovered Manually Lesson: Native Wrappers HTTPD subsystem: authentication and authorization CWE-287: Improper Authentication Stacktrace Chromium subsystem: pdf Language: Java CWE-94: Improper Control of Generation of Code ('Code Injection') Chromium subsystem: ssl CWE-183: Permissive List of Allowed Inputs Django subsystem: xml_parsers CWE-451: User Interface (UI) Misrepresentation of Critical Information CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') systemd subsystem: vconsole CWE-824: Access of Uninitialized Pointer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Chromium subsystem: video Severity: Attack Vector - Adjacent Network CWE-1284: Improper Validation of Specified Quantity in Input Severity: Privileges Required - None Bounty Awarded HTTPD subsystem: server Lesson: Serial Killer Chromium subsystem: skia Chromium subsystem: translate CWE-791: Incomplete Filtering of Special Elements Chromium subsystem: audio Chromium subsystem: workers Severity: Confidentiality Impact - Complete Chromium subsystem: base CWE-415: Double Free Severity: Attack Vector - Local CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Chromium subsystem: safebrowsing CWE-116: Improper Encoding or Escaping of Output CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Severity: Integrity Impact - Low CWE-20: Improper Input Validation Team Discussed HTTPD subsystem: http2 Django subsystem: forms Project: Tomcat Chromium subsystem: frame Util CWE-601: URL Redirection to Untrusted Site ('Open Redirect') Chromium subsystem: internals Chromium subsystem: devtools Django subsystem: models Small Fix Known Origin (VCC) Chromium subsystem: sfntly CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-366: Race Condition within a Thread Severity: Integrity Impact - High CWE-401: Missing Release of Memory after Effective Lifetime Django subsystem: files Linux Kernel subsystem: bluetooth HTTPD subsystem: modules systemd subsystem: resolve Chromium subsystem: webcore CWE-459: Incomplete Cleanup Linux Kernel subsystem: scsi CWE-770: Allocation of Resources Without Limits or Throttling Discovered in Contest CWE-617: Reachable Assertion Chromium subsystem: web_contents CWE-434: Unrestricted Upload of File with Dangerous Type Lesson: Distrust Input CWE-310: Cryptographic Issues CWE-185: Incorrect Regular Expression CWE-255: Credentials Management Errors Big Fix CWE-789: Memory Allocation with Excessive Size Value CWE-732: Incorrect Permission Assignment for Critical Resource CWE-1188: Insecure Default Initialization of Resource FFmpeg subsystem: avcodec Severity: Availability Impact - Partial Lifetime: Less than 30 days CWE-347: Improper Verification of Cryptographic Signature Django subsystem: backends Lesson: Fix Untested Language: Javascript Project: systemd Linux Kernel subsystem: lib Struts subsystem: resources Lesson: Complex Inputs Chromium subsystem: third_party FFmpeg subsystem: avformat CWE-290: Authentication Bypass by Spoofing CWE-281: Improper Preservation of Permissions Chromium subsystem: speech Severity: Attack Complexity - Low CWE-125: Out-of-bounds Read Chromium subsystem: appcache Severity: Confidentiality Impact - Partial systemd subsystem: core Linux Kernel subsystem: usb CWE-460: Improper Cleanup on Thrown Exception CWE-697: Incorrect Comparison Stacktrace with Fix CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') Chromium subsystem: views Lesson: Lacked Test CWE-327: Use of a Broken or Risky Cryptographic Algorithm Chromium subsystem: renderer_host Lifetime: 90 to 180 days Linux Kernel subsystem: net Severity: Integrity Impact - Partial CWE-825: Expired Pointer Dereference Django subsystem: http Severity: Privileges Required - None Team Discussed if Security Project: Django Project: HTTPD CWE-346: Origin Validation Error Lesson: Changing Owners CWE-672: Operation on a Resource after Expiration or Release CWE-303: Incorrect Implementation of Authentication Algorithm CWE-426: Untrusted Search Path Lifetime: 180 days to 1 year Django subsystem: urls Chromium subsystem: permissions Severity: Confidentiality Impact - High CWE-330: Use of Insufficiently Random Values CWE-23: Relative Path Traversal CWE-772: Missing Release of Resource after Effective Lifetime CWE-754: Improper Check for Unusual or Exceptional Conditions Chromium subsystem: svg Tomcat subsystem: catalina CWE-606: Unchecked Input for Loop Condition Django subsystem: admin Severity: Scope - Unchanged Chromium subsystem: websockets CWE-668: Exposure of Resource to Wrong Sphere CWE-674: Uncontrolled Recursion CWE-863: Incorrect Authorization Struts subsystem: interceptor Linux Kernel subsystem: svm Sandbox Lesson: Frameworks are Optional Severity: Availability Impact - High Tomcat subsystem: manager CWE-294: Authentication Bypass by Capture-replay systemd subsystem: basic Not Auto Discoverable Django subsystem: contrib CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE-807: Reliance on Untrusted Inputs in a Security Decision HTTPD subsystem: cache CWE-126: Buffer Over-read Tomcat subsystem: http11 Tomcat subsystem: authenticator CWE-189: Numeric Errors Chromium subsystem: parser HTTPD subsystem: ssl Chromium subsystem: clipboard Chromium subsystem: webdata Vouch CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference Linux Kernel subsystem: crypto CWE-16: Configuration CWE-276: Incorrect Default Permissions CWE-345: Insufficient Verification of Data Authenticity CWE-284: Improper Access Control Chromium subsystem: serviceworker Chromium subsystem: renderer systemd subsystem: systemd-journald i18n CWE-369: Divide By Zero CWE-190: Integer Overflow or Wraparound CWE-707: Improper Neutralization systemd subsystem: dbus Lesson: Secure By Default CWE-267: Privilege Defined With Unsafe Actions Severity: Attack Vector - Physical Chromium subsystem: extensions CWE-404: Improper Resource Shutdown or Release Chromium subsystem: downloads Django subsystem: auth Tomcat subsystem: coyote Django subsystem: middleware Linux Kernel subsystem: fs Severity: Privileges Required - Low CWE-297: Improper Validation of Certificate with Host Mismatch CWE-250: Execution with Unnecessary Privileges Chromium subsystem: network Chromium subsystem: libxml CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') Forgotten Check Project: Chromium Chromium subsystem: navigation Chromium subsystem: blink Severity: Attack Vector - Network CWE-201: Insertion of Sensitive Information Into Sent Data Specification CWE-400: Uncontrolled Resource Consumption Django subsystem: sessions CWE-352: Cross-Site Request Forgery (CSRF) CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages CWE-763: Release of Invalid Pointer or Reference CWE-131: Incorrect Calculation of Buffer Size systemd subsystem: polkit CWE-682: Incorrect Calculation CWE-862: Missing Authorization CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer
Tags are sized by the number of times they have been applied. Tags with zero or one vulnerability are not shown.