VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 33 of 55
  • CVE-2023-53520MedOct 1, 2025
    risk 0.24cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix hci_suspend_sync crash If hci_unregister_dev() frees the hci_dev object but hci_suspend_notifier may still be accessing it, it can cause the program to crash. Here's the call trace: …

  • CVE-2024-41005MedJul 12, 2024
    risk 0.24cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpoll_owner_active KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb write (marked) to 0xffff8881164168b0 of 4 bytes by…

  • CVE-2022-48366LowMar 12, 2023
    risk 0.24cvss 3.7epss 0.00

    An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.

  • CVE-2022-38170MedSep 2, 2022
    risk 0.24cvss 4.7epss 0.01

    In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary…

  • CVE-2020-36203MedJan 26, 2021
    risk 0.24cvss 4.7epss 0.00

    An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption.

  • CVE-2020-35928MedDec 31, 2020
    risk 0.24cvss 4.7epss 0.00

    An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync.

  • CVE-2020-35905MedDec 31, 2020
    risk 0.24cvss 4.7epss 0.00

    An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code).

  • CVE-2019-16354MedSep 16, 2019
    risk 0.24cvss 4.7epss 0.00

    The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.

  • CVE-2015-4170MedMay 2, 2016
    risk 0.24cvss 4.7epss 0.00

    Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a…

  • CVE-2014-3611MedNov 10, 2014
    risk 0.24cvss 4.7epss 0.00

    Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.

  • CVE-2026-0995LowMar 2, 2026
    risk 0.23cvss 3.6epss 0.00

    An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME.

  • CVE-2025-30235LowMar 19, 2025
    risk 0.23cvss 3.5epss 0.00

    Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled.

  • CVE-2016-15036MedDec 23, 2023
    risk 0.23cvss 4.6epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told…

  • CVE-2016-10538LowMay 31, 2018
    risk 0.23cvss 3.5epss 0.01

    The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.

  • CVE-2026-44059MedMay 21, 2026
    risk 0.22cvss 4.5epss 0.00

    A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption.

  • CVE-2016-1000236MedNov 19, 2019
    risk 0.22cvss 4.4epss 0.01

    Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.

  • CVE-2025-59577MedSep 22, 2025
    risk 0.21cvss 4.3epss 0.00

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Leveraging Race Conditions.This issue affects MasterStudy LMS: from n/a through <= 3.6.20.

  • CVE-2026-9959LowMay 28, 2026
    risk 0.20cvss 3.1epss 0.00

    Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8741LowMay 17, 2026
    risk 0.20cvss 3.1epss 0.00

    A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_persistent_session_ds.erl of the component QoS 2 PUBLISH Packet Handler. Such manipulation leads to race condition. The attack may be performed from remote. A high…

  • CVE-2026-7954LowMay 6, 2026
    risk 0.20cvss 3.1epss 0.00

    Race in Shared Storage in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)