CWE-390— Detection of Error Condition Without Action
The product detects a specific error, but takes no actions to handle the error.— MITRE CWE catalog
18 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-390page 1 of 1
- CVE-2019-5051HIGHCVSS 8.8EG 8.82019-07-03
An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially cr…
- CVE-2021-40391CRITICALCVSS 9.8EG 9.82021-11-19
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code exec…
- CVE-2022-22532CRITICALCVSS 9.8EG 9.82022-02-09
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper…
- CVE-2024-11942MEDIUMCVSS 5.9EG 5.92024-12-05
A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.
- CVE-2024-12086MEDIUMCVSS 6.8EG 6.12025-01-14
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server wil…
- CVE-2024-20316MEDIUMCVSS 5.8EG 5.82024-03-27
A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL). This…
- CVE-2024-27919HIGHCVSS 7.5EG 7.52024-04-04
Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map lim…
- CVE-2024-30255MEDIUMCVSS 5.3EG 9.02024-04-04
Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec…
- CVE-2024-49841HIGHCVSS 7.8EG 7.82025-05-06
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
- CVE-2025-0029LOWCVSS 1.8EG 1.82026-02-10
Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory integrity
- CVE-2025-25204MEDIUMCVSS 6.3EG 6.32025-02-14
`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` causes it to return a zero exit status…
- CVE-2025-26465MEDIUMCVSS 6.8EG 6.82025-02-18
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error co…
- CVE-2025-27039MEDIUMCVSS 6.6EG 6.62025-10-09
Memory corruption may occur while processing IOCTL call for DMM/WARPNCC CONFIG request.
- CVE-2025-46367HIGHCVSS 7.8EG 7.82025-11-13
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading t…
- CVE-2026-44310MEDIUMCVSS 5.4EG 5.42026-05-15
Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in pkg/git/verifier.go unconditionally dereferences certs[0] after sd.GetCertificates() wi…
- CVE-2026-48792MEDIUMCVSS 4.4EG 4.42026-05-27
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event* nodes, causing pusb_has_virtual_input_device() to return 0 (no vir…
- CVE-2026-52989CRITICALCVSS 9.8EG 9.82026-06-24
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers Currently, when nvmet_tcp_build_pdu_iovec() detects an out-of-bounds PDU length or offset, it trig…
- CVE-2026-53434CRITICALCVSS 9.1EG 9.12026-06-29
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 thro…
Map vulnerabilities like CWE-390 to your infrastructure
EchelonGraph correlates every CVE — across CWE-390 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →