CWE-363 – Race Condition Enabling Link Following
Description The software checks the status of a file or directory before accessing it, which produces a race condition in which the file can be...
CWE-362 – Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
Description The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared...
CWE-360 – Trust of System Event Data
Description Security based on event locations are insecure and can be spoofed. Events are a messaging system which may provide control data to programs listening...
CWE-36 – Absolute Path Traversal
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path...
CWE-359 – Exposure of Private Personal Information to an Unauthorized Actor
Description The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to...
CWE-358 – Improperly Implemented Security Check for Standard
Description The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or...
CWE-357 – Insufficient UI Warning of Dangerous Operations
Description The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention....
CWE-356 – Product UI does not Warn User of Unsafe Actions
Description The software's user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for...
CWE-354 – Improper Validation of Integrity Check Value
Description The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if...
CWE-353 – Missing Support for Integrity Check
Description The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a...