CWE-364
AllowedSignal Handler Race Condition
Abstraction: Base · Status: Incomplete
The product uses a signal handler that introduces a race condition.
30 vulnerabilities reference this CWE, most recent first.
GHSA-9329-MXXW-QWF8
Vulnerability from github – Published: 2025-10-16 19:49 – Updated: 2026-01-29 03:59Summary
A CORS misconfiguration vulnerability exists in default installations of Strapi where attacker-controlled origins are improperly reflected in API responses.
Technical Details
By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header without proper validation or whitelisting.
Example:
Origin: http://localhost:8888
Access-Control-Allow-Origin: http://localhost:8888
Access-Control-Allow-Credentials: true
This allows an attacker-controlled site (on a different port, like 8888) to send credentialed requests to the Strapi backend on 1337.
Suggested Fix
- Explicitly whitelist trusted origins
- Avoid reflecting dynamic origins
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@strapi/core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.20.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-53092"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-284",
"CWE-364",
"CWE-942"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-16T19:49:01Z",
"nvd_published_at": "2025-10-16T17:15:33Z",
"severity": "HIGH"
},
"details": "### Summary\n\nA CORS misconfiguration vulnerability exists in default installations of Strapi where attacker-controlled origins are improperly reflected in API responses.\n\n### Technical Details\n\nBy default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header without proper validation or whitelisting.\n\nExample:\n`Origin: http://localhost:8888`\n`Access-Control-Allow-Origin: http://localhost:8888`\n`Access-Control-Allow-Credentials: true`\n\nThis allows an attacker-controlled site (on a different port, like 8888) to send credentialed requests to the Strapi backend on 1337.\n\n### Suggested Fix\n\n1. Explicitly whitelist trusted origins\n2. Avoid reflecting dynamic origins",
"id": "GHSA-9329-mxxw-qwf8",
"modified": "2026-01-29T03:59:42Z",
"published": "2025-10-16T19:49:01Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/strapi/strapi/security/advisories/GHSA-9329-mxxw-qwf8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53092"
},
{
"type": "WEB",
"url": "https://github.com/strapi/strapi/commit/6e535cb756"
},
{
"type": "PACKAGE",
"url": "https://github.com/strapi/strapi"
},
{
"type": "WEB",
"url": "https://github.com/strapi/strapi/releases/tag/v5.20.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Strapi core vulnerable to sensitive data exposure via CORS misconfiguration"
}
GHSA-GJ4P-2QJV-WCHV
Vulnerability from github – Published: 2026-06-19 15:33 – Updated: 2026-06-30 03:37In the Linux kernel, the following vulnerability has been resolved:
bpf: Free reuseport cBPF prog after RCU grace period.
Eulgyu Kim reported the splat below with a repro. [0]
The repro sets up a UDP reuseport group with a cBPF prog and replaces it with a new one while another thread is sending a UDP packet to the group.
The reuseport prog is freed by sk_reuseport_prog_free(). bpf_prog_put() is called for "e"BPF prog to destruct through multiple stages while cBPF prog is freed immediately by bpf_release_orig_filter() and bpf_prog_free().
If a reuseport prog is detached from the setsockopt() path (reuseport_attach_prog() or reuseport_detach_prog()), sk_reuseport_prog_free() is called without waiting for RCU readers to complete, resulting in various bugs.
Let's defer freeing the reuseport cBPF prog after one RCU grace period.
Note "e"BPF prog is safe as is unless the fast path starts to touch fields destroyed in bpf_prog_put_deferred() and __bpf_prog_put_noref().
[0]: BUG: KASAN: vmalloc-out-of-bounds in reuseport_select_sock+0xedc/0x1220 net/core/sock_reuseport.c:596 Read of size 4 at addr ffffc9000051e004 by task slowme/10208 CPU: 6 UID: 1000 PID: 10208 Comm: slowme Not tainted 7.0.0-geb7ac95ff75e #32 PREEMPT(full) Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xca/0x240 mm/kasan/report.c:482 kasan_report+0x118/0x150 mm/kasan/report.c:595 reuseport_select_sock+0xedc/0x1220 net/core/sock_reuseport.c:596 udp4_lib_lookup2+0x3bc/0x950 net/ipv4/udp.c:495 __udp4_lib_lookup+0x768/0xe20 net/ipv4/udp.c:723 __udp4_lib_lookup_skb+0x297/0x390 net/ipv4/udp.c:752 __udp4_lib_rcv+0x1312/0x2620 net/ipv4/udp.c:2752 ip_protocol_deliver_rcu+0x282/0x440 net/ipv4/ip_input.c:207 ip_local_deliver_finish+0x3bb/0x6f0 net/ipv4/ip_input.c:241 NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318 NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318 __netif_receive_skb_one_core net/core/dev.c:6181 [inline] __netif_receive_skb net/core/dev.c:6294 [inline] process_backlog+0xaa4/0x1960 net/core/dev.c:6645 __napi_poll+0xae/0x340 net/core/dev.c:7709 napi_poll net/core/dev.c:7772 [inline] net_rx_action+0x5d7/0xf50 net/core/dev.c:7929 handle_softirqs+0x22b/0x870 kernel/softirq.c:622 do_softirq+0x76/0xd0 kernel/softirq.c:523 __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:924 [inline] __dev_queue_xmit+0x1dd7/0x3710 net/core/dev.c:4890 neigh_output include/net/neighbour.h:556 [inline] ip_finish_output2+0xca9/0x1070 net/ipv4/ip_output.c:237 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip_output+0x29f/0x450 net/ipv4/ip_output.c:438 ip_send_skb+0x45/0xc0 net/ipv4/ip_output.c:1508 udp_send_skb+0xb04/0x1510 net/ipv4/udp.c:1195 udp_sendmsg+0x1a71/0x2350 net/ipv4/udp.c:1485 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] __sys_sendto+0x554/0x680 net/socket.c:2206 __do_sys_sendto net/socket.c:2213 [inline] __se_sys_sendto net/socket.c:2209 [inline] __x64_sys_sendto+0xde/0x100 net/socket.c:2209 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x160/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x415a2d Code: b3 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f6bc31e41e8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f6bc31e4cdc RCX: 0000000000415a2d RDX: 0000000000000001 RSI: 00007f6bc31e421f RDI: 0000000000000003 RBP: 00007f6bc31e4240 R08: 00007f6bc31e4220 R09: 0000000000000010 R10: 0000000000000000 R11: ---truncated---
{
"affected": [],
"aliases": [
"CVE-2026-52910"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-364"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-19T15:16:35Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Free reuseport cBPF prog after RCU grace period.\n\nEulgyu Kim reported the splat below with a repro. [0]\n\nThe repro sets up a UDP reuseport group with a cBPF prog and\nreplaces it with a new one while another thread is sending\na UDP packet to the group.\n\nThe reuseport prog is freed by sk_reuseport_prog_free().\nbpf_prog_put() is called for \"e\"BPF prog to destruct through\nmultiple stages while cBPF prog is freed immediately by\nbpf_release_orig_filter() and bpf_prog_free().\n\nIf a reuseport prog is detached from the setsockopt() path\n(reuseport_attach_prog() or reuseport_detach_prog()),\nsk_reuseport_prog_free() is called without waiting for RCU\nreaders to complete, resulting in various bugs.\n\nLet\u0027s defer freeing the reuseport cBPF prog after one RCU\ngrace period.\n\nNote \"e\"BPF prog is safe as is unless the fast path starts\nto touch fields destroyed in bpf_prog_put_deferred() and\n__bpf_prog_put_noref().\n\n[0]:\nBUG: KASAN: vmalloc-out-of-bounds in reuseport_select_sock+0xedc/0x1220 net/core/sock_reuseport.c:596\nRead of size 4 at addr ffffc9000051e004 by task slowme/10208\nCPU: 6 UID: 1000 PID: 10208 Comm: slowme Not tainted 7.0.0-geb7ac95ff75e #32 PREEMPT(full)\nHardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n reuseport_select_sock+0xedc/0x1220 net/core/sock_reuseport.c:596\n udp4_lib_lookup2+0x3bc/0x950 net/ipv4/udp.c:495\n __udp4_lib_lookup+0x768/0xe20 net/ipv4/udp.c:723\n __udp4_lib_lookup_skb+0x297/0x390 net/ipv4/udp.c:752\n __udp4_lib_rcv+0x1312/0x2620 net/ipv4/udp.c:2752\n ip_protocol_deliver_rcu+0x282/0x440 net/ipv4/ip_input.c:207\n ip_local_deliver_finish+0x3bb/0x6f0 net/ipv4/ip_input.c:241\n NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318\n NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318\n __netif_receive_skb_one_core net/core/dev.c:6181 [inline]\n __netif_receive_skb net/core/dev.c:6294 [inline]\n process_backlog+0xaa4/0x1960 net/core/dev.c:6645\n __napi_poll+0xae/0x340 net/core/dev.c:7709\n napi_poll net/core/dev.c:7772 [inline]\n net_rx_action+0x5d7/0xf50 net/core/dev.c:7929\n handle_softirqs+0x22b/0x870 kernel/softirq.c:622\n do_softirq+0x76/0xd0 kernel/softirq.c:523\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:924 [inline]\n __dev_queue_xmit+0x1dd7/0x3710 net/core/dev.c:4890\n neigh_output include/net/neighbour.h:556 [inline]\n ip_finish_output2+0xca9/0x1070 net/ipv4/ip_output.c:237\n NF_HOOK_COND include/linux/netfilter.h:307 [inline]\n ip_output+0x29f/0x450 net/ipv4/ip_output.c:438\n ip_send_skb+0x45/0xc0 net/ipv4/ip_output.c:1508\n udp_send_skb+0xb04/0x1510 net/ipv4/udp.c:1195\n udp_sendmsg+0x1a71/0x2350 net/ipv4/udp.c:1485\n sock_sendmsg_nosec net/socket.c:727 [inline]\n __sock_sendmsg net/socket.c:742 [inline]\n __sys_sendto+0x554/0x680 net/socket.c:2206\n __do_sys_sendto net/socket.c:2213 [inline]\n __se_sys_sendto net/socket.c:2209 [inline]\n __x64_sys_sendto+0xde/0x100 net/socket.c:2209\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x160/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x415a2d\nCode: b3 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f6bc31e41e8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 00007f6bc31e4cdc RCX: 0000000000415a2d\nRDX: 0000000000000001 RSI: 00007f6bc31e421f RDI: 0000000000000003\nRBP: 00007f6bc31e4240 R08: 00007f6bc31e4220 R09: 0000000000000010\nR10: 0000000000000000 R11: \n---truncated---",
"id": "GHSA-gj4p-2qjv-wchv",
"modified": "2026-06-30T03:37:07Z",
"published": "2026-06-19T15:33:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52910"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-52910"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490779"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/08264d5bba0bdd3a79bc2984fee09286aba0c4eb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/18fc650ccd7fe3376eca89203668cfb8268f60df"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/298db6167f81e9c470a57cf652e4e47757b4293e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/87dfb977bdb6eaa47e9993a34e18f44970f88b1f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/90e47dc5c572d1c73971ac51c7428803f42b78eb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c3e3fddda6b5d9ba505d218b4055e7d8a282ac57"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f8b8f1d4bb76098e87b8269a0631019648330e6d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fec41484e7c2aa7ded44c541bba98872be937754"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-52910.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J7JM-6Q5X-FFR4
Vulnerability from github – Published: 2024-08-12 15:30 – Updated: 2024-08-12 18:30A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges.
This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD.
As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.
{
"affected": [],
"aliases": [
"CVE-2024-7589"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-364"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-12T13:38:44Z",
"severity": "HIGH"
},
"details": "A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)\u0027s privileged code, which is not sandboxed and runs with full root privileges.\n\nThis issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD.\n\nAs a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.",
"id": "GHSA-j7jm-6q5x-ffr4",
"modified": "2024-08-12T18:30:47Z",
"published": "2024-08-12T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7589"
},
{
"type": "WEB",
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:08.openssh.asc"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5051"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JX2M-WGQ5-5QCJ
Vulnerability from github – Published: 2025-05-30 15:30 – Updated: 2026-05-19 18:32A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.
A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.
{
"affected": [],
"aliases": [
"CVE-2025-4598"
],
"database_specific": {
"cwe_ids": [
"CWE-364"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-30T14:15:23Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original\u0027s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner\u0027s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original\u0027s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.",
"id": "GHSA-jx2m-wgq5-5qcj",
"modified": "2026-05-19T18:32:02Z",
"published": "2025-05-30T15:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:22660"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:22868"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:23227"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:23234"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:1652"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:18153"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-4598"
},
{
"type": "WEB",
"url": "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369242"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2025/05/29/3"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2025/08/18/3"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jun/9"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/06/05/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/06/05/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/08/18/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MV6M-PVCQ-372P
Vulnerability from github – Published: 2026-05-19 06:30 – Updated: 2026-05-19 06:30in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
{
"affected": [],
"aliases": [
"CVE-2026-24792"
],
"database_specific": {
"cwe_ids": [
"CWE-364"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-19T04:16:27Z",
"severity": "HIGH"
},
"details": "in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.",
"id": "GHSA-mv6m-pvcq-372p",
"modified": "2026-05-19T06:30:29Z",
"published": "2026-05-19T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24792"
},
{
"type": "WEB",
"url": "https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-04.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P2P6-FGMF-HP85
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
{
"affected": [],
"aliases": [
"CVE-2020-14317"
],
"database_specific": {
"cwe_ids": [
"CWE-364"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-02T12:15:00Z",
"severity": "MODERATE"
},
"details": "It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.",
"id": "GHSA-p2p6-fgmf-hp85",
"modified": "2022-05-24T19:03:55Z",
"published": "2022-05-24T19:03:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14317"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854251"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-P2VR-QM33-HRFC
Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2024-04-04 00:28A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
{
"affected": [],
"aliases": [
"CVE-2019-3805"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-364"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-03T20:29:00Z",
"severity": "MODERATE"
},
"details": "A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.",
"id": "GHSA-p2vr-qm33-hrfc",
"modified": "2024-04-04T00:28:34Z",
"published": "2022-05-24T16:45:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3805"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1106"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1107"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1108"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1140"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2413"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190517-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VX6M-M9QV-88Q3
Vulnerability from github – Published: 2026-05-21 12:31 – Updated: 2026-05-21 12:31Concurrency and locking defects in GSS-TSIG
{
"affected": [],
"aliases": [
"CVE-2026-42002"
],
"database_specific": {
"cwe_ids": [
"CWE-364"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-21T10:16:25Z",
"severity": "MODERATE"
},
"details": "Concurrency and locking defects in GSS-TSIG",
"id": "GHSA-vx6m-m9qv-88q3",
"modified": "2026-05-21T12:31:45Z",
"published": "2026-05-21T12:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42002"
},
{
"type": "WEB",
"url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W9FF-9CJH-6463
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-07-07 12:31In the Linux kernel, the following vulnerability has been resolved:
ALSA: aloop: Fix peer runtime UAF during format-change stop
loopback_check_format() may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 ("ALSA: aloop: Fix racy access at PCM trigger") moved the peer lookup under cable->lock, but the actual snd_pcm_stop() still runs after dropping that lock.
A concurrent close can clear the capture entry from cable->streams[] and detach or free its runtime while the playback trigger path still holds a stale peer substream pointer.
Keep a per-cable count of in-flight peer stops before dropping cable->lock, and make free_cable() wait for those stops before detaching the runtime. This preserves the existing behavior while making the peer runtime lifetime explicit.
{
"affected": [],
"aliases": [
"CVE-2026-46090"
],
"database_specific": {
"cwe_ids": [
"CWE-364",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:30Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: aloop: Fix peer runtime UAF during format-change stop\n\nloopback_check_format() may stop the capture side when playback starts\nwith parameters that no longer match a running capture stream. Commit\n826af7fa62e3 (\"ALSA: aloop: Fix racy access at PCM trigger\") moved\nthe peer lookup under cable-\u003elock, but the actual snd_pcm_stop() still\nruns after dropping that lock.\n\nA concurrent close can clear the capture entry from cable-\u003estreams[] and\ndetach or free its runtime while the playback trigger path still holds a\nstale peer substream pointer.\n\nKeep a per-cable count of in-flight peer stops before dropping\ncable-\u003elock, and make free_cable() wait for those stops before\ndetaching the runtime. This preserves the existing behavior while\nmaking the peer runtime lifetime explicit.",
"id": "GHSA-w9ff-9cjh-6463",
"modified": "2026-07-07T12:31:30Z",
"published": "2026-05-27T15:33:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46090"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46090.json"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e5c33cdc6f402eab8abd36ecf436b22c9d3a8aff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bdd9503c3d222d2735b56c7a8b4422ccf3de6e5c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/83bd62fa9620ac98d5d694bde14c50f98c8e7189"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5d45e34bf001344e2966dabca1897561bbc9e913"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/345c24b2bcf0923dfae1ab41497351c68214ff76"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/03f52a9c170431e8f10e156b9dc0dae80b3e9198"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481980"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-46090"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:35896"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:35863"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:35844"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34443"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34095"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34094"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33900"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33899"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33685"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33215"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30848"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27354"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27353"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X7WW-99CR-QMMW
Vulnerability from github – Published: 2022-04-30 18:09 – Updated: 2025-10-20 18:30Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.
{
"affected": [],
"aliases": [
"CVE-1999-0035"
],
"database_specific": {
"cwe_ids": [
"CWE-364"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "1997-05-29T04:00:00Z",
"severity": "MODERATE"
},
"details": "Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.",
"id": "GHSA-x7ww-99cr-qmmw",
"modified": "2025-10-20T18:30:28Z",
"published": "2022-04-30T18:09:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-0035"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0035"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-3
Strategy: Language Selection
Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
Mitigation
Design signal handlers to only set flags, rather than perform complex functionality. These flags can then be checked and acted upon within the main program loop.
Mitigation
Only use reentrant functions within signal handlers. Also, use validation to ensure that state is consistent while performing asynchronous actions that affect the state of execution.
No CAPEC attack patterns related to this CWE.