| CWE-392 |
The software encounters an error but does not provide a status code or return value to indicate that an error has occurred. |
| CWE-393 |
A function or operation returns an incorrect return value or status code that does not indicate an error, but causes the product to modify its behavior based on the incorrect result. |
| CWE-394 |
The software does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the software. |
| CWE-395 |
Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer. |
| CWE-396 |
Catching overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities. |
| CWE-397 |
Throwing overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities. |
| CWE-40 |
An attacker can inject a Windows UNC share ('\\UNC\share\name') into a software system to potentially redirect access to an unintended location or arbitrary file. |
| CWE-400 |
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. |
| CWE-401 |
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. |
| CWE-402 |
The software makes resources available to untrusted parties when those resources are only intended to be accessed by the software. |
