| CWE-403 |
A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors. |
| CWE-404 |
The program does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-405 |
Software that does not appropriately monitor or control resource consumption can lead to adverse system performance. |
| CWE-406 |
The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. |
| CWE-407 |
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached. |
| CWE-408 |
The software allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place. |
| CWE-409 |
The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output. |
| CWE-41 |
The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. |
| CWE-410 |
The software's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources. |
| CWE-412 |
The software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control. |
