CWE-364— Signal Handler Race Condition
14 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-364page 1 of 1
- CVE-1999-0035MEDIUMCVSS 5.4EG 5.41997-05-29
Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.
- CVE-2019-3805MEDIUMCVSS 4.7EG 4.72019-05-03
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /va…
- CVE-2020-14317MEDIUMCVSS 5.5EG 5.52021-06-02
It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could exploit this by modifying the…
- CVE-2023-1285HIGHCVSS 7.5EG 5.92023-04-14
Signal Handler Race Condition vulnerability in Mitsubishi Electric India GC-ENET-COM whose first 2 digits of 11-digit serial number of unit are "16" allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in E…
- CVE-2023-5676MEDIUMCVSS 4.1EG 4.12023-11-15
In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.
- CVE-2024-6387HIGHCVSS 8.1EG 8.12024-07-01
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by fai…
- CVE-2024-6409HIGHCVSS 7.0EG 7.02024-07-08
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this s…
- CVE-2024-7589HIGHCVSS 8.1EG 8.12024-08-12
A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in …
- CVE-2025-4598MEDIUMCVSS 4.7EG 4.72025-05-30
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitiv…
- CVE-2025-53092MEDIUMCVSS 6.5EG 6.52025-10-16
Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Acc…
- CVE-2026-24792HIGHCVSS 8.1EG 8.12026-05-19
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
- CVE-2026-27766MEDIUMCVSS 5.5EG 5.52026-05-19
in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.
- CVE-2026-33565LOWCVSS 3.3EG 3.32026-05-19
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
- CVE-2026-42002MEDIUMCVSS 5.9EG 5.92026-05-21
Concurrency and locking defects in GSS-TSIG
Map vulnerabilities like CWE-364 to your infrastructure
EchelonGraph correlates every CVE — across CWE-364 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →