| CWE-413 |
The software does not lock or does not correctly lock a resource when the software must have exclusive access to the resource. |
| CWE-414 |
A product does not check to see if a lock is present before performing sensitive operations on a resource. |
| CWE-415 |
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. |
| CWE-416 |
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. |
| CWE-419 |
The software uses a primary channel for administration or restricted functionality, but it does not properly protect the channel. |
| CWE-42 |
A software system that accepts path input in the form of trailing dot ('filedir.') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
| CWE-420 |
The software protects a primary channel, but it does not use the same level of protection for an alternate channel. |
| CWE-421 |
The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors. |
| CWE-422 |
The software does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product. |
| CWE-423 |
This entry has been deprecated because it was a duplicate of CWE-441. All content has been transferred to CWE-441. |
