CWE is a community-developed list of common software and hardware weakness
types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or
service component that, under certain circumstances, could contribute to the introduction of
vulnerabilities. The CWE List and associated classification taxonomy serve as a language that can be used to
identify and describe these weaknesses in terms of CWEs.
CWE Number
Name
Action
CWE-334
Small Space of Random Values
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
CWE-336
Same Seed in Pseudo-Random Number Generator (PRNG)
CWE-337
Predictable Seed in Pseudo-Random Number Generator (PRNG)
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE-339
Small Seed Space in PRNG
CWE-340
Generation of Predictable Numbers or Identifiers
CWE-341
Predictable from Observable State
CWE-342
Predictable Exact Value from Previous Values
CWE-343
Predictable Value Range from Previous Values
CWE-344
Use of Invariant Value in Dynamically Changing Context
CWE-345
Insufficient Verification of Data Authenticity
CWE-346
Origin Validation Error
CWE-347
Improper Verification of Cryptographic Signature
CWE-348
Use of Less Trusted Source
CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-350
Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-351
Insufficient Type Distinction
CWE-352
Cross-Site Request Forgery (CSRF)
CWE-353
Missing Support for Integrity Check
CWE-354
Improper Validation of Integrity Check Value
CWE-356
Product UI does not Warn User of Unsafe Actions
CWE-357
Insufficient UI Warning of Dangerous Operations
CWE-358
Improperly Implemented Security Check for Standard
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CWE-360
Trust of System Event Data
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-363
Race Condition Enabling Link Following
CWE-364
Signal Handler Race Condition
CWE-365
DEPRECATED: Race Condition in Switch
CWE-366
Race Condition within a Thread
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-368
Context Switching Race Condition
CWE-369
Divide By Zero
CWE-370
Missing Check for Certificate Revocation after Initial Check
CWE-372
Incomplete Internal State Distinction
CWE-373
DEPRECATED: State Synchronization Error
CWE-374
Passing Mutable Objects to an Untrusted Method
CWE-375
Returning a Mutable Object to an Untrusted Caller
CWE-377
Insecure Temporary File
CWE-378
Creation of Temporary File With Insecure Permissions
CWE-379
Creation of Temporary File in Directory with Insecure Permissions
