CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Description
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-26 · CAPEC-29
CVEs mapped to this weakness (1,091)
page 38 of 55| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-17534 | — | 0.00 | — | 0.00 | Jan 11, 2021 | There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7. A similar vulnerability has recently been disclosed in other Java projects and the fix in HTML/Java API… | ||
| CVE-2020-35866 | — | 0.00 | — | 0.02 | Dec 31, 2020 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via VTab / VTabCursor. | ||
| CVE-2020-35867 | — | 0.00 | — | 0.02 | Dec 31, 2020 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via create_module. | ||
| CVE-2020-35868 | — | 0.00 | — | 0.02 | Dec 31, 2020 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification. | ||
| CVE-2020-35871 | — | 0.00 | — | 0.01 | Dec 31, 2020 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API data race. | ||
| CVE-2020-35874 | — | 0.00 | — | 0.01 | Dec 31, 2020 | An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free. | ||
| CVE-2020-35879 | — | 0.00 | — | 0.02 | Dec 31, 2020 | An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifetime-boundary definitions for RowMut::raw_slice and RowMut::raw_slice_mut. | ||
| CVE-2020-35882 | — | 0.00 | — | 0.01 | Dec 31, 2020 | An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references to the same object, possibly causing a data race. | ||
| CVE-2020-35886 | — | 0.00 | — | 0.00 | Dec 31, 2020 | An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race. | ||
| CVE-2020-35897 | — | 0.00 | — | 0.00 | Dec 31, 2020 | An issue was discovered in the atom crate before 0.3.6 for Rust. An unsafe Send implementation allows a cross-thread data race. | ||
| CVE-2020-35905 | — | 0.00 | — | 0.00 | Dec 31, 2020 | An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code). | ||
| CVE-2020-35910 | — | 0.00 | — | 0.00 | Dec 31, 2020 | An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness. | ||
| CVE-2020-35911 | — | 0.00 | — | 0.00 | Dec 31, 2020 | An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness. | ||
| CVE-2020-35912 | — | 0.00 | — | 0.00 | Dec 31, 2020 | An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness. | ||
| CVE-2020-35913 | — | 0.00 | — | 0.00 | Dec 31, 2020 | An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness. | ||
| CVE-2020-35914 | — | 0.00 | — | 0.00 | Dec 31, 2020 | An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness. | ||
| CVE-2020-35915 | — | 0.00 | — | 0.00 | Dec 31, 2020 | An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types. | ||
| CVE-2020-35925 | — | 0.00 | — | 0.00 | Dec 31, 2020 | An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type. | ||
| CVE-2020-35928 | — | 0.00 | — | 0.00 | Dec 31, 2020 | An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync. | ||
| CVE-2020-13759 | — | 0.00 | — | 0.02 | Jun 2, 2020 | rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects aarch64 (with musl or glibc) and x86_64 (with musl). |
- CVE-2020-17534Jan 11, 2021risk 0.00cvss —epss 0.00
There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7. A similar vulnerability has recently been disclosed in other Java projects and the fix in HTML/Java API…
- CVE-2020-35866Dec 31, 2020risk 0.00cvss —epss 0.02
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via VTab / VTabCursor.
- CVE-2020-35867Dec 31, 2020risk 0.00cvss —epss 0.02
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via create_module.
- CVE-2020-35868Dec 31, 2020risk 0.00cvss —epss 0.02
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification.
- CVE-2020-35871Dec 31, 2020risk 0.00cvss —epss 0.01
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API data race.
- CVE-2020-35874Dec 31, 2020risk 0.00cvss —epss 0.01
An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free.
- CVE-2020-35879Dec 31, 2020risk 0.00cvss —epss 0.02
An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifetime-boundary definitions for RowMut::raw_slice and RowMut::raw_slice_mut.
- CVE-2020-35882Dec 31, 2020risk 0.00cvss —epss 0.01
An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references to the same object, possibly causing a data race.
- CVE-2020-35886Dec 31, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race.
- CVE-2020-35897Dec 31, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the atom crate before 0.3.6 for Rust. An unsafe Send implementation allows a cross-thread data race.
- CVE-2020-35905Dec 31, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code).
- CVE-2020-35910Dec 31, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness.
- CVE-2020-35911Dec 31, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness.
- CVE-2020-35912Dec 31, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness.
- CVE-2020-35913Dec 31, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness.
- CVE-2020-35914Dec 31, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness.
- CVE-2020-35915Dec 31, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types.
- CVE-2020-35925Dec 31, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type.
- CVE-2020-35928Dec 31, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync.
- CVE-2020-13759Jun 2, 2020risk 0.00cvss —epss 0.02
rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects aarch64 (with musl or glibc) and x86_64 (with musl).