CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Description
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-26 · CAPEC-29
CVEs mapped to this weakness (1,091)
page 34 of 55| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-48872 | 0.00 | — | 0.00 | Dec 16, 2024 | Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login… | |||
| CVE-2024-36621 | 0.00 | — | 0.01 | Nov 29, 2024 | moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion. | |||
| CVE-2024-36623 | 0.00 | — | 0.01 | Nov 29, 2024 | moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes. | |||
| CVE-2024-47827 | 0.00 | — | 0.00 | Oct 28, 2024 | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a… | |||
| CVE-2024-47870 | 0.00 | — | 0.00 | Oct 10, 2024 | Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to communicate with the backend. By… | |||
| CVE-2024-38229 | — | 0.00 | — | 0.02 | Oct 8, 2024 | .NET and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2024-7885 | 0.00 | — | 0.03 | Aug 21, 2024 | A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different… | |||
| CVE-2024-42488 | 0.00 | — | 0.01 | Aug 15, 2024 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.14.14 and 1.15.8, a race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn cause… | |||
| CVE-2024-35255 | 0.00 | — | 0.01 | Jun 11, 2024 | Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | |||
| CVE-2024-2032 | 0.00 | — | 0.00 | Jun 6, 2024 | A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to… | |||
| CVE-2024-30046 | — | 0.00 | — | 0.02 | May 14, 2024 | Visual Studio Denial of Service Vulnerability | ||
| CVE-2024-24770 | 0.00 | — | 0.00 | Mar 14, 2024 | vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes… | |||
| CVE-2024-27102 | 0.00 | — | 0.01 | Mar 13, 2024 | Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but… | |||
| CVE-2024-1949 | 0.00 | — | 0.00 | Feb 29, 2024 | A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts. | |||
| CVE-2024-26578 | — | 0.00 | — | 0.01 | Feb 22, 2024 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users… | ||
| CVE-2023-47634 | 0.00 | — | 0.00 | Feb 20, 2024 | Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To exploit this… | |||
| CVE-2024-23651 | — | 0.00 | — | 0.01 | Jan 31, 2024 | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host… | ||
| CVE-2023-49619 | — | 0.00 | — | 0.01 | Jan 10, 2024 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number… | ||
| CVE-2022-3328 | — | 0.00 | — | 0.00 | Jan 8, 2024 | Race condition in snap-confine's must_mkdir_and_open_with_perms() | ||
| CVE-2016-15036 | 0.00 | — | 0.00 | Dec 23, 2023 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told… |
- CVE-2024-48872Dec 16, 2024risk 0.00cvss —epss 0.00
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login…
- CVE-2024-36621Nov 29, 2024risk 0.00cvss —epss 0.01
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.
- CVE-2024-36623Nov 29, 2024risk 0.00cvss —epss 0.01
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.
- CVE-2024-47827Oct 28, 2024risk 0.00cvss —epss 0.00
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a…
- CVE-2024-47870Oct 10, 2024risk 0.00cvss —epss 0.00
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to communicate with the backend. By…
- CVE-2024-38229Oct 8, 2024risk 0.00cvss —epss 0.02
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2024-7885Aug 21, 2024risk 0.00cvss —epss 0.03
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different…
- CVE-2024-42488Aug 15, 2024risk 0.00cvss —epss 0.01
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.14.14 and 1.15.8, a race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn cause…
- CVE-2024-35255Jun 11, 2024risk 0.00cvss —epss 0.01
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
- CVE-2024-2032Jun 6, 2024risk 0.00cvss —epss 0.00
A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to…
- CVE-2024-30046May 14, 2024risk 0.00cvss —epss 0.02
Visual Studio Denial of Service Vulnerability
- CVE-2024-24770Mar 14, 2024risk 0.00cvss —epss 0.00
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes…
- CVE-2024-27102Mar 13, 2024risk 0.00cvss —epss 0.01
Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but…
- CVE-2024-1949Feb 29, 2024risk 0.00cvss —epss 0.00
A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.
- CVE-2024-26578Feb 22, 2024risk 0.00cvss —epss 0.01
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users…
- CVE-2023-47634Feb 20, 2024risk 0.00cvss —epss 0.00
Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To exploit this…
- CVE-2024-23651Jan 31, 2024risk 0.00cvss —epss 0.01
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host…
- CVE-2023-49619Jan 10, 2024risk 0.00cvss —epss 0.01
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number…
- CVE-2022-3328Jan 8, 2024risk 0.00cvss —epss 0.00
Race condition in snap-confine's must_mkdir_and_open_with_perms()
- CVE-2016-15036Dec 23, 2023risk 0.00cvss —epss 0.00
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told…