CWE-42 – Path Equivalence: ‘filename.’ (Trailing Dot)
Description A software system that accepts path input in the form of trailing dot ('filedir.') without appropriate validation can lead to ambiguous path resolution and...
CWE-419 – Unprotected Primary Channel
Description The software uses a primary channel for administration or restricted functionality, but it does not properly protect the channel. Modes of Introduction: - Architecture...
CWE-416 – Use After Free
Description Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. Modes of Introduction: - Architecture...
CWE-415 – Double Free
Description The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. When a program calls free() twice...
CWE-414 – Missing Lock Check
Description A product does not check to see if a lock is present before performing sensitive operations on a resource. Modes of Introduction: - Architecture...
CWE-413 – Improper Resource Locking
Description The software does not lock or does not correctly lock a resource when the software must have exclusive access to the resource. When a...
CWE-412 – Unrestricted Externally Accessible Lock
Description The software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is...
CWE-410 – Insufficient Resource Pool
Description The software's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by...
CWE-41 – Improper Resolution of Path Equivalence
Description The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file...
CWE-409 – Improper Handling of Highly Compressed Data (Data Amplification)
Description The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output. An example...