CWE-390
16 CVEs classified under CWE-390. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-40391 | Critical | 10.0 | 2021-11-19 | An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version… |
CVE-2019-5051 | High | 8.8 | 2019-07-03 | An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buff… |
CVE-2025-46367 | High | 7.8 | 2025-11-13 | Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A low privileged at… |
CVE-2024-49841 | High | 7.8 | 2025-05-06 | Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. |
CVE-2024-27919 | High | 7.5 | 2024-04-04 | Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTIN… |
CVE-2025-26465 | Medium | 6.8 | 2025-02-18 | A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impers… |
CVE-2025-27039 | Medium | 6.6 | 2025-10-09 | Memory corruption may occur while processing IOCTL call for DMM/WARPNCC CONFIG request. |
CVE-2025-25204 | Medium | 6.3 | 2025-02-14 | `gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attes… |
CVE-2024-12086 | Medium | 6.1 | 2025-01-14 | A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are b… |
CVE-2017-7485 | Medium | 5.9 | 2017-05-12 | In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was… |
CVE-2024-20316 | Medium | 5.8 | 2024-03-27 | A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that sh… |
CVE-2026-44310 | Medium | 5.4 | 2026-05-15 | Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in pkg/git… |
CVE-2024-30255 | Medium | 5.3 | 2024-04-04 | Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulner… |
CVE-2026-48792 | Medium | 4.4 | 2026-05-27 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev… |
CVE-2025-0029 | | 2026-02-10 | Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resu… | |
CVE-2024-11942 | | 2024-12-05 | A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10. |