CWE-397 – Declaration of Throws for Generic Exception
Description Throwing overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities. Declaring a method to throw Exception or...
CWE-40 – Path Traversal: ‘\UNCsharename’ (Windows UNC Share)
Description An attacker can inject a Windows UNC share ('\UNCsharename') into a software system to potentially redirect access to an unintended location or arbitrary file....
CWE-400 – Uncontrolled Resource Consumption
Description The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources...
CWE-356 – Product UI does not Warn User of Unsafe Actions
Description The software's user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for...
CWE-357 – Insufficient UI Warning of Dangerous Operations
Description The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention....
CWE-358 – Improperly Implemented Security Check for Standard
Description The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or...
CWE-359 – Exposure of Private Personal Information to an Unauthorized Actor
Description The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to...
CWE-36 – Absolute Path Traversal
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path...
CWE-360 – Trust of System Event Data
Description Security based on event locations are insecure and can be spoofed. Events are a messaging system which may provide control data to programs listening...
CWE-362 – Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
Description The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared...