| CWE-368 |
A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker to modify or misrepresent the product's behavior during the switch. |
| CWE-369 |
The product divides a value by zero. |
| CWE-37 |
A software system that accepts input in the form of a slash absolute path ('/absolute/pathname/here') without appropriate validation can allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
| CWE-370 |
The software does not check the revocation status of a certificate after its initial revocation check, which can cause the software to perform privileged actions even after the certificate is revoked at a later time. |
| CWE-372 |
The software does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner. |
| CWE-373 |
This entry was deprecated because it overlapped the same concepts as race condition (CWE-362) and Improper Synchronization (CWE-662). |
| CWE-374 |
The program sends non-cloned mutable data as an argument to a method or function. |
| CWE-375 |
Sending non-cloned mutable data as a return value may result in that data being altered or deleted by the calling function. |
| CWE-377 |
Creating and using insecure temporary files can leave application and system data vulnerable to attack. |
| CWE-378 |
Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack. |
