CWE-390 is a common weakness enumeration in software security. This database tracks 11 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-390?

There are 11 CVE vulnerabilities classified as CWE-390 with an average CVSS score of 6.9272727272727.

What is the severity distribution for CWE-390?

CWE-390 contains 1 critical, 3 high, 7 medium, and 0 low severity vulnerabilities.

CWE-390

Total CVEs

Vulnerabilities

Avg CVSS v3

6.9

Medium

Avg CVSS v2

6.2

Medium

Latest CVE

2025

Most Recent

Severity Distribution

Critical 1

9.1%

High 3

27.3%

Medium 7

63.6%

Low 0

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (11)

Page 1 of 1

CVE-2021-40391

CRITICAL

CVSS:10.0(Critical)

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-c...

CWE-3902021

CVE-2019-5051

HIGH

CVSS:8.8(High)

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution....

CWE-3902019

CVE-2024-49841

HIGH

CVSS:7.8(High)

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.

CWE-3902024

CVE-2024-27919

HIGH

CVSS:7.5(High)

Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does ...

CWE-3902024

CVE-2025-26465

MEDIUM

CVSS:6.8(Medium)

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs...

CWE-3902025

CVE-2025-25204

MEDIUM

CVSS:6.3(Medium)

`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` c...

CWE-3902025

CVE-2024-12086

MEDIUM

CVSS:6.1(Medium)

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. Du...

CWE-3902024

CVE-2024-11942

MEDIUM

CVSS:5.9(Medium)

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.

CWE-3902024

CVE-2017-7485

MEDIUM

CVSS:5.9(Medium)

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection...

CWE-3902017

CVE-2024-20316

MEDIUM

CVSS:5.8(Medium)

A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured ...

CWE-3902024

CVE-2024-30255

MEDIUM

CVSS:5.3(Medium)

Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CO...

CWE-3902024