CWE-392 is a common weakness enumeration in software security. This database tracks 5 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-392?

There are 5 CVE vulnerabilities classified as CWE-392 with an average CVSS score of 6.52.

What is the severity distribution for CWE-392?

CWE-392 contains 1 critical, 1 high, 2 medium, and 1 low severity vulnerabilities.

CWE-392

Total CVEs

Vulnerabilities

Avg CVSS v3

6.5

Medium

Avg CVSS v2

4.3

Medium

Latest CVE

2025

Most Recent

Severity Distribution

Critical 1

20%

High 1

20%

Medium 2

40%

Low 1

20%

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (5)

Page 1 of 1

CVE-2025-32743

CRITICAL

CVSS:9.0(Critical)

In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of se...

CWE-3922025

CVE-2017-2342

HIGH

CVSS:8.1(High)

MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It falls back to an unencrypted link. This ...

CWE-3922017

CVE-2025-26268

MEDIUM

CVSS:6.5(Medium)

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.

CWE-3922025

CVE-2024-12797

MEDIUM

CVSS:6.3(Medium)

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_V...

CWE-3922024

CVE-2023-48430

LOW

CVSS:2.7(Low)

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malic...

CWE-3922023