| CWE-67 |
The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application attempts to process the pathname as a regular file. |
| CWE-670 |
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated. |
| CWE-671 |
The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect the environment in which the product is being used. This introduces resultant weaknesses or prevents it from operating at a level of security that is desired by the administrator. |
| CWE-672 |
The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked. |
| CWE-673 |
The product does not prevent the definition of control spheres from external actors. |
| CWE-674 |
The product does not properly control the amount of recursion that takes place, which consumes excessive resources, such as allocated memory or the program stack. |
| CWE-675 |
The product performs the same operation on a resource two or more times, when the operation should only be applied once. |
| CWE-676 |
The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely. |
| CWE-680 |
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow. |
| CWE-681 |
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur. |
