VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 34 of 55
  • CVE-2024-48872Dec 16, 2024
    risk 0.00cvss epss 0.00

    Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login…

  • CVE-2024-36621Nov 29, 2024
    risk 0.00cvss epss 0.01

    moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.

  • CVE-2024-36623Nov 29, 2024
    risk 0.00cvss epss 0.01

    moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.

  • CVE-2024-47827Oct 28, 2024
    risk 0.00cvss epss 0.00

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a…

  • CVE-2024-47870Oct 10, 2024
    risk 0.00cvss epss 0.00

    Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to communicate with the backend. By…

  • CVE-2024-38229Oct 8, 2024
    risk 0.00cvss epss 0.02

    .NET and Visual Studio Remote Code Execution Vulnerability

  • CVE-2024-7885Aug 21, 2024
    risk 0.00cvss epss 0.03

    A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different…

  • CVE-2024-42488Aug 15, 2024
    risk 0.00cvss epss 0.01

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.14.14 and 1.15.8, a race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn cause…

  • CVE-2024-35255Jun 11, 2024
    risk 0.00cvss epss 0.01

    Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

  • CVE-2024-2032Jun 6, 2024
    risk 0.00cvss epss 0.00

    A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to…

  • CVE-2024-30046May 14, 2024
    risk 0.00cvss epss 0.02

    Visual Studio Denial of Service Vulnerability

  • CVE-2024-24770Mar 14, 2024
    risk 0.00cvss epss 0.00

    vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes…

  • CVE-2024-27102Mar 13, 2024
    risk 0.00cvss epss 0.01

    Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but…

  • CVE-2024-1949Feb 29, 2024
    risk 0.00cvss epss 0.00

    A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.

  • CVE-2024-26578Feb 22, 2024
    risk 0.00cvss epss 0.01

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users…

  • CVE-2023-47634Feb 20, 2024
    risk 0.00cvss epss 0.00

    Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To exploit this…

  • CVE-2024-23651Jan 31, 2024
    risk 0.00cvss epss 0.01

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host…

  • CVE-2023-49619Jan 10, 2024
    risk 0.00cvss epss 0.01

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number…

  • CVE-2022-3328Jan 8, 2024
    risk 0.00cvss epss 0.00

    Race condition in snap-confine's must_mkdir_and_open_with_perms()

  • CVE-2016-15036Dec 23, 2023
    risk 0.00cvss epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told…