VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 42 of 55
  • CVE-2015-0609Feb 16, 2015
    risk 0.00cvss epss 0.01

    Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that…

  • CVE-2015-0245Feb 13, 2015
    risk 0.00cvss epss 0.00

    D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving…

  • CVE-2014-8122Feb 13, 2015
    risk 0.00cvss epss 0.02

    Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state.

  • CVE-2014-4813Feb 13, 2015
    risk 0.00cvss epss 0.00

    Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root…

  • CVE-2015-0610Feb 12, 2015
    risk 0.00cvss epss 0.01

    Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF)…

  • CVE-2015-0608Feb 12, 2015
    risk 0.00cvss epss 0.02

    Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of…

  • CVE-2014-5332Feb 6, 2015
    risk 0.00cvss epss 0.00

    Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 allows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by using a race condition to escape the Chrome sandbox.

  • CVE-2015-1200Jan 23, 2015
    risk 0.00cvss epss 0.00

    Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to bypass the intended access restrictions.

  • CVE-2014-8640Jan 14, 2015
    risk 0.00cvss epss 0.02

    The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service…

  • CVE-2014-9529Jan 9, 2015
    risk 0.00cvss epss 0.00

    Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key…

  • CVE-2014-7170Dec 17, 2014
    risk 0.00cvss epss 0.00

    Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

  • CVE-2014-9150Nov 30, 2014
    risk 0.00cvss epss 0.02

    Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to…

  • CVE-2014-7842Nov 30, 2014
    risk 0.00cvss epss 0.00

    Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a…

  • CVE-2010-5313Nov 30, 2014
    risk 0.00cvss epss 0.00

    Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842.

  • CVE-2014-8005Nov 26, 2014
    risk 0.00cvss epss 0.01

    Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.

  • CVE-2014-2667Nov 16, 2014
    risk 0.00cvss epss 0.00

    Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has…

  • CVE-2014-3406Oct 19, 2014
    risk 0.00cvss epss 0.01

    Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP traffic that matches a problematic rule, aka Bug ID CSCud82085.

  • CVE-2014-4438Oct 18, 2014
    risk 0.00cvss epss 0.00

    Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted.

  • CVE-2014-8750Oct 15, 2014
    risk 0.00cvss epss 0.02

    Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.

  • CVE-2014-3385Oct 10, 2014
    risk 0.00cvss epss 0.01

    Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 before 8.5(1.19), 8.6 before 8.6(1.13), 8.7 before 8.7(1.11), 9.0 before 9.0(4.8), and 9.1 before 9.1(4.5) allows remote attackers…