CWE-332 is a common weakness enumeration in software security. This database tracks 9 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-332?

There are 9 CVE vulnerabilities classified as CWE-332 with an average CVSS score of 7.275.

What is the severity distribution for CWE-332?

CWE-332 contains 1 critical, 5 high, 3 medium, and 0 low severity vulnerabilities.

CWE-332

Total CVEs

Vulnerabilities

Avg CVSS v3

7.3

High

Avg CVSS v2

5.0

Medium

Latest CVE

2023

Most Recent

Severity Distribution

Critical 1

11.1%

High 5

55.6%

Medium 3

33.3%

Low 0

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (9)

Page 1 of 1

CVE-2018-9057

CRITICAL

CVSS:9.8(Critical)

aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remo...

CWE-3322018

CVE-2019-1715

HIGH

CVSS:7.5(High)

A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threa...

CWE-3322019

CVE-2016-9154

HIGH

CVSS:7.5(High)

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modul...

CWE-3322016

CVE-2016-10743

HIGH

CVSS:7.5(High)

hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.

CWE-3322016

CVE-2014-9690

HIGH

CVSS:7.5(High)

Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator...

CWE-3322014

CVE-2017-18486

HIGH

CVSS:7.2(High)

Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset ...

CWE-3322017

CVE-2017-9371

MEDIUM

CVSS:5.9(Medium)

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able ...

CWE-3322017

CVE-2023-20107

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Def...

CWE-3322023

CVE-2014-0016

MEDIUM

CVSS:4.3(Medium)

stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to us...

CWE-3322014