CWE-374 – Passing Mutable Objects to an Untrusted Method
Description The program sends non-cloned mutable data as an argument to a method or function. The function or method that has been called can alter...
CWE-375 – Returning a Mutable Object to an Untrusted Caller
Description Sending non-cloned mutable data as a return value may result in that data being altered or deleted by the calling function. In situations where...
CWE-337 – Predictable Seed in Pseudo-Random Number Generator (PRNG)
Description A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time. The use of predictable seeds...
CWE-338 – Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Description The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong. Modes of Introduction: -...
CWE-339 – Small Seed Space in PRNG
Description A Pseudo-Random Number Generator (PRNG) uses a relatively small seed space, which makes it more susceptible to brute force attacks. PRNGs are entirely deterministic...
CWE-34 – Path Traversal: ‘….//’
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '....//' (doubled...
CWE-340 – Generation of Predictable Numbers or Identifiers
Description The product uses a scheme that generates numbers or identifiers that are more predictable than required. Modes of Introduction: - Architecture and Design ...
CWE-341 – Predictable from Observable State
Description A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as...
CWE-342 – Predictable Exact Value from Previous Values
Description An exact value or random number can be precisely predicted by observing previous values. Modes of Introduction: - Architecture and Design Related...
CWE-343 – Predictable Value Range from Previous Values
Description The software's random number generator produces a series of values which, when observed, can be used to infer a relatively small range of possibilities...