CWE-385 – Covert Timing Channel
Description Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system...
CWE-386 – Symbolic Name not Mapping to Correct Object
Description A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time. Modes of Introduction:...
CWE-39 – Path Traversal: ‘C:dirname’
Description An attacker can inject a drive letter or Windows volume letter ('C:dirname') into a software system to potentially redirect access to an unintended location...
CWE-390 – Detection of Error Condition Without Action
Description The software detects a specific error, but takes no actions to handle the error. Modes of Introduction: - Architecture and Design Likelihood of...
CWE-391 – Unchecked Error Condition
Description [PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce...
CWE-392 – Missing Report of Error Condition
Description The software encounters an error but does not provide a status code or return value to indicate that an error has occurred. Modes of...
CWE-393 – Return of Wrong Status Code
Description A function or operation returns an incorrect return value or status code that does not indicate an error, but causes the product to modify...
CWE-394 – Unexpected Status Code or Return Value
Description The software does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected...
CWE-395 – Use of NullPointerException Catch to Detect NULL Pointer Dereference
Description Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer. Modes of Introduction: - Implementation ...
CWE-396 – Declaration of Catch for Generic Exception
Description Catching overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities. Multiple catch blocks can get ugly and...