VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 30 of 55
  • CVE-2026-48066MedMay 27, 2026
    risk 0.30cvss 5.7epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement…

  • CVE-2024-24859MedFeb 5, 2024
    risk 0.30cvss 4.6epss 0.01

    A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.

  • CVE-2024-24858MedFeb 5, 2024
    risk 0.30cvss 4.6epss 0.00

    A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.

  • CVE-2024-24857MedFeb 5, 2024
    risk 0.30cvss 4.6epss 0.00

    A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.

  • CVE-2017-18347MedSep 12, 2018
    risk 0.30cvss 4.6epss 0.00

    Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full…

  • CVE-2026-5516MedMay 27, 2026
    risk 0.29cvss 4.4epss 0.00

    IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window.

  • CVE-2024-47968MedOct 7, 2024
    risk 0.29cvss 4.4epss 0.00

    Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an attacker to potentially enable denial of service.

  • CVE-2024-47974MedOct 7, 2024
    risk 0.29cvss 4.4epss 0.00

    Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service.

  • CVE-2024-3979MedApr 19, 2024
    risk 0.29cvss 4.4epss 0.00

    A vulnerability, which was classified as problematic, has been found in COVESA vsomeip up to 3.4.10. Affected by this issue is some unknown functionality. The manipulation leads to race condition. An attack has to be approached locally. The exploit has been disclosed to the…

  • CVE-2024-26810MedApr 5, 2024
    risk 0.29cvss 4.4epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Lock external INTx masking ops Mask operations through config space changes to DisINTx may race INTx configuration changes via ioctl. Create wrappers that add locking for paths outside of the core…

  • CVE-2020-35910MedDec 31, 2020
    risk 0.29cvss 5.5epss 0.00

    An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness.

  • CVE-2018-1121LowJun 13, 2018
    risk 0.29cvss 3.9epss 0.04

    procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and…

  • CVE-2015-7550MedFeb 8, 2016
    risk 0.29cvss 5.5epss 0.00

    The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted…

  • CVE-2013-0266MedMar 8, 2013
    risk 0.29cvss 5.5epss 0.00

    A flaw was found in the `puppetlabs-cinder` module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the `cinder.conf` and `api-paste.ini` configuration files. A local user can exploit this by reading…

  • CVE-2010-5160MedAug 25, 2012
    risk 0.29cvss 4.5epss 0.00

    Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory…

  • CVE-2026-11253MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-40155MedApr 17, 2026
    risk 0.28cvss 5.4epss 0.00

    The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users…

  • CVE-2026-46693MedJun 10, 2026
    risk 0.27cvss 4.1epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is…

  • CVE-2026-34858MedApr 13, 2026
    risk 0.27cvss 4.1epss 0.00

    UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-34363MedMar 31, 2026
    risk 0.27cvss 5.3epss 0.00

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.65 and 9.7.0-alpha.9, when multiple clients subscribe to the same class via LiveQuery, the event handlers process each subscriber concurrently using…