CWE-364— Signal Handler Race Condition
The product uses a signal handler that introduces a race condition.— MITRE CWE catalog
20 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-364page 1 of 1
- CVE-1999-0035MEDIUMCVSS 5.4EG 5.41997-05-29
Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.
- CVE-2019-3805MEDIUMCVSS 4.7EG 4.72019-05-03
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /va…
- CVE-2020-14317MEDIUMCVSS 5.5EG 5.52021-06-02
It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could exploit this by modifying the…
- CVE-2023-1285HIGHCVSS 7.5EG 5.92023-04-14
Signal Handler Race Condition vulnerability in Mitsubishi Electric India GC-ENET-COM whose first 2 digits of 11-digit serial number of unit are "16" allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in E…
- CVE-2023-5676MEDIUMCVSS 5.9EG 4.12023-11-15
In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.
- CVE-2024-6387HIGHCVSS 8.1EG 8.12024-07-01
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by fai…
- CVE-2024-6409HIGHCVSS 7.0EG 7.02024-07-08
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this s…
- CVE-2024-7589HIGHCVSS 8.1EG 8.12024-08-12
A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in …
- CVE-2025-4598MEDIUMCVSS 4.7EG 4.72025-05-30
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitiv…
- CVE-2025-53092MEDIUMCVSS 6.5EG 6.52025-10-16
Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Acc…
- CVE-2026-24792HIGHCVSS 8.1EG 8.12026-05-19
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
- CVE-2026-27766MEDIUMCVSS 5.5EG 5.52026-05-19
in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.
- CVE-2026-31474HIGHCVSS 7.8EG 7.82026-04-22
In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after-free in isotp_sendmsg() isotp_sendmsg() uses only cmpxchg() on so->tx.state to serialize access to so->tx.buf. isotp_release() waits for…
- CVE-2026-33565LOWCVSS 3.3EG 3.32026-05-19
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
- CVE-2026-34771HIGHCVSS 8.8EG 7.52026-04-04
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler() m…
- CVE-2026-42002MEDIUMCVSS 5.9EG 5.92026-05-21
Concurrency and locking defects in GSS-TSIG
- CVE-2026-46090HIGHCVSS 7.8EG 7.82026-05-27
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback_check_format() may stop the capture side when playback starts with parameters that no longer match a…
- CVE-2026-4684HIGHCVSS 7.5EG 7.52026-03-24
Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
- CVE-2026-52910HIGHCVSS 7.8EG 7.82026-06-19
In the Linux kernel, the following vulnerability has been resolved: bpf: Free reuseport cBPF prog after RCU grace period. Eulgyu Kim reported the splat below with a repro. [0] The repro sets up a UDP reuseport group with a cBPF prog and…
- CVE-2026-53185HIGHCVSS 7.8EG 7.82026-06-25
In the Linux kernel, the following vulnerability has been resolved: zram: fix use-after-free in zram_bvec_write_partial() zram_read_page() picks the sync or async backing device read path based on whether the parent bio is NULL. zram_bv…
Map vulnerabilities like CWE-364 to your infrastructure
EchelonGraph correlates every CVE — across CWE-364 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →