CWE-390(Detection of Error Condition Without Action)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
The product detects a specific error, but takes no actions to handle the error.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2026-48792 | 2026-05-27 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event* nodes, causing pusb_has_vir… |
| CVE-2026-44310 | 2026-05-15 | Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in pkg/git/verifier.go unconditionally dereferences… |
| CVE-2025-0029 | 2026-02-10 | Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory i… |
| CVE-2025-46367 | 2025-11-13 | Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A low privileged attacker with local access could potentiall… |
| CVE-2025-27039 | 2025-10-09 | Memory corruption may occur while processing IOCTL call for DMM/WARPNCC CONFIG request. |
| CVE-2024-49841 | 2025-05-06 | Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. |
| CVE-2025-26465 | 2025-02-18 | A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs… |
| CVE-2025-25204 | 2025-02-14 | `gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` c… |
| CVE-2024-12086 | 2025-01-14 | A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. Du… |
| CVE-2024-11942 | 2024-12-05 | A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10. |
| CVE-2024-30255 | 2024-04-04 | Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CO… |
| CVE-2024-27919 | 2024-04-04 | Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does … |
| CVE-2024-20316 | 2024-03-27 | A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured … |
| CVE-2021-40391 | 2021-11-19 | An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-c… |
| CVE-2019-5051 | 2019-07-03 | An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution.… |
| CVE-2017-7485 | 2017-05-12 | In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection… |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Relationships, Other_Notes, Taxonomy_Mappings |
| 2008-11-24 | CWE Content Team | 1.1 | — | updated Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations |
| 2009-03-10 | CWE Content Team | 1.3 | — | updated Relationships |
| 2009-07-27 | CWE Content Team | 1.5 | — | updated Demonstrative_Examples |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences, Relationships, Taxonomy_Mappings |
| 2011-06-27 | CWE Content Team | 2.0 | — | updated Common_Consequences |
| 2011-09-13 | CWE Content Team | 2.1 | — | updated Relationships, Taxonomy_Mappings |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Common_Consequences, References, Relationships |
| 2014-02-18 | CWE Content Team | 2.6 | — | updated Related_Attack_Patterns |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships, Taxonomy_Mappings |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms, Modes_of_Introduction, Relationships, Taxonomy_Mappings |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated Related_Attack_Patterns, Taxonomy_Mappings |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated References, Type |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Relationships |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description, Potential_Mitigations |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Detection_Factors, Relationships, Time_of_Introduction |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2023-10-26 | CWE Content Team | 4.13 | — | updated Observed_Examples |
| 2024-02-29 | CWE Content Team | 4.14 | — | updated Demonstrative_Examples |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Relationships, Weakness_Ordinalities |