| CWE-339 |
A PRNG uses a relatively small space of seeds. |
| CWE-34 |
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '....//' (doubled dot dot slash) sequences that can resolve to a location that is outside of that directory. |
| CWE-340 |
The product uses a scheme that generates numbers or identifiers that are more predictable than required. |
| CWE-341 |
A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc. |
| CWE-342 |
An exact value or random number can be precisely predicted by observing previous values. |
| CWE-343 |
The software's random number generator produces a series of values which, when observed, can be used to infer a relatively small range of possibilities for the next value that could be generated. |
| CWE-344 |
The product uses a constant value, name, or reference, but this value can (or should) vary across different environments. |
| CWE-345 |
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
| CWE-346 |
The software does not properly verify that the source of data or communication is valid. |
| CWE-347 |
The software does not verify, or incorrectly verifies, the cryptographic signature for data. |
