VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 35 of 55
  • CVE-2023-45286Nov 28, 2023
    risk 0.00cvss epss 0.01

    A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then…

  • CVE-2023-46132Nov 14, 2023
    risk 0.00cvss epss 0.01

    Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a…

  • CVE-2023-20902Nov 9, 2023
    risk 0.00cvss epss 0.00

    A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below,  Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information.

  • CVE-2023-47111Nov 8, 2023
    risk 0.00cvss epss 0.01

    ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a `Lockout Policy` with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum.…

  • CVE-2023-33170Jul 11, 2023
    risk 0.00cvss epss 0.02

    ASP.NET and Visual Studio Security Feature Bypass Vulnerability

  • CVE-2023-30543Apr 17, 2023
    risk 0.00cvss epss 0.00

    @web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In an application, this…

  • CVE-2022-48366Mar 12, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.

  • CVE-2023-0739Feb 8, 2023
    risk 0.00cvss epss 0.01

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in GitHub repository answerdev/answer prior to 1.0.4.

  • CVE-2023-22499Jan 17, 2023
    risk 0.00cvss epss 0.01

    Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program…

  • CVE-2022-46174Dec 28, 2022
    risk 0.00cvss epss 0.01

    efs-utils is a set of Utilities for Amazon Elastic File System (EFS). A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to…

  • CVE-2022-2583Dec 27, 2022
    risk 0.00cvss epss 0.00

    A race condition can cause incorrect HTTP request routing.

  • CVE-2022-39328Nov 8, 2022
    risk 0.00cvss epss 0.01

    Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load.…

  • CVE-2021-43980Sep 28, 2022
    risk 0.00cvss epss 0.02

    The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and…

  • CVE-2022-38170Sep 2, 2022
    risk 0.00cvss epss 0.01

    In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary…

  • CVE-2021-3702Aug 23, 2022
    risk 0.00cvss epss 0.00

    A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of…

  • CVE-2022-24800Jul 12, 2022
    risk 0.00cvss epss 0.01

    October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to specify their own filename in the `fromData` method, an unauthenticated user…

  • CVE-2022-31015May 31, 2022
    risk 0.00cvss epss 0.01

    Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not…

  • CVE-2021-3597May 24, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to…

  • CVE-2022-24302Mar 17, 2022
    risk 0.00cvss epss 0.02

    In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

  • CVE-2022-23639Feb 15, 2022
    risk 0.00cvss epss 0.01

    crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the…