CWE-364
Signal Handler Race Condition
Description
The product uses a signal handler that introduces a race condition.
Hierarchy (View 1000)
CVEs mapped to this weakness (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-6387 | Hig | 0.64 | 8.1 | 1.00 | Jul 1, 2024 | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time… | ||
| CVE-2026-24792 | Hig | 0.53 | 8.1 | 0.00 | May 19, 2026 | in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. | ||
| CVE-2024-6409 | Hig | 0.45 | 7.0 | 0.28 | Jul 8, 2024 | A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions… | ||
| CVE-2026-42002 | Med | 0.38 | 5.9 | 0.00 | May 21, 2026 | Concurrency and locking defects in GSS-TSIG | ||
| CVE-2026-27766 | Med | 0.36 | 5.5 | 0.00 | May 19, 2026 | in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak. | ||
| CVE-1999-0035 | Med | 0.35 | 5.4 | 0.01 | May 29, 1997 | Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. | ||
| CVE-2025-4598 | Med | 0.31 | 4.7 | 0.01 | May 30, 2025 | A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content,… | ||
| CVE-2026-33565 | Low | 0.21 | 3.3 | 0.00 | May 19, 2026 | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | ||
| CVE-2025-53092 | 0.00 | — | 0.00 | Oct 16, 2025 | Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header… |
- risk 0.64cvss 8.1epss 1.00
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time…
- risk 0.53cvss 8.1epss 0.00
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
- risk 0.45cvss 7.0epss 0.28
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions…
- risk 0.38cvss 5.9epss 0.00
Concurrency and locking defects in GSS-TSIG
- risk 0.36cvss 5.5epss 0.00
in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.
- risk 0.35cvss 5.4epss 0.01
Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.
- risk 0.31cvss 4.7epss 0.01
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content,…
- risk 0.21cvss 3.3epss 0.00
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
- CVE-2025-53092Oct 16, 2025risk 0.00cvss —epss 0.00
Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header…