VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 18 of 55
  • CVE-2025-23259MedSep 4, 2025
    risk 0.42cvss 6.5epss 0.00

    NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver (PMD), where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface.

  • CVE-2025-3608MedApr 15, 2025
    risk 0.42cvss 6.5epss 0.00

    A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability was fixed in Firefox 137.0.2.

  • CVE-2025-1013MedFeb 4, 2025
    risk 0.42cvss 6.5epss 0.00

    A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

  • CVE-2022-2160MedJul 28, 2022
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page.

  • CVE-2015-1862HigFeb 9, 2018
    risk 0.42cvss 7.0epss 0.03

    The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.

  • CVE-2017-14955MedOct 2, 2017
    risk 0.42cvss 5.9epss 0.12

    Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.

  • CVE-2015-8511MedJan 9, 2016
    risk 0.42cvss 6.4epss 0.00

    Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.

  • CVE-2026-9831MedMay 29, 2026
    risk 0.41cvss 6.3epss 0.00

    A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for…

  • CVE-2026-34862MedApr 13, 2026
    risk 0.41cvss 6.3epss 0.00

    Race condition vulnerability in the power consumption statistics module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-34861MedApr 13, 2026
    risk 0.41cvss 6.3epss 0.00

    Race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-32887HigMar 20, 2026
    risk 0.41cvss 7.4epss 0.00

    Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using `RpcServer.toWebHandler` (or `HttpApp.toWebHandlerRuntime`) inside a Next.js App Router route handler, any Node.js…

  • CVE-2024-0397HigJun 17, 2024
    risk 0.41cvss 7.4epss 0.01

    A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are…

  • CVE-2017-6615MedApr 20, 2017
    risk 0.41cvss 6.3epss 0.02

    A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software…

  • CVE-2016-7777MedOct 7, 2016
    risk 0.41cvss 6.3epss 0.00

    Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to…

  • CVE-2016-2069HigApr 27, 2016
    risk 0.41cvss 7.4epss 0.00

    Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.

  • CVE-2016-1975MedMar 13, 2016
    risk 0.41cvss 6.3epss 0.01

    Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown…

  • CVE-2026-32088MedApr 14, 2026
    risk 0.40cvss 6.1epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2024-40887MedFeb 12, 2025
    risk 0.40cvss 6.1epss 0.00

    Race condition in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

  • CVE-2024-35899MedMay 19, 2024
    risk 0.40cvss 6.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: flush pending destroy work before exit_net release Similar to 2c9f0293280e ("netfilter: nf_tables: flush pending destroy work before netlink notifier") to address a race between exit_net…

  • CVE-2018-0480MedOct 5, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and…