VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 51 of 55
  • CVE-2010-3494Oct 19, 2010
    risk 0.00cvss epss 0.02

    Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None…

  • CVE-2010-3493Oct 19, 2010
    risk 0.00cvss epss 0.03

    Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected…

  • CVE-2009-5011Oct 19, 2010
    risk 0.00cvss epss 0.01

    Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a…

  • CVE-2009-5010Oct 19, 2010
    risk 0.00cvss epss 0.01

    Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value…

  • CVE-2010-2653Oct 5, 2010
    risk 0.00cvss epss 0.00

    Race condition in the hvc_close function in drivers/char/hvc_console.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service or possibly have unspecified other impact by closing a Hypervisor Virtual Console device, related to the hvc_open and…

  • CVE-2010-3412Sep 16, 2010
    risk 0.00cvss epss 0.01

    Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors.

  • CVE-2010-2792Aug 30, 2010
    risk 0.00cvss epss 0.00

    Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0,…

  • CVE-2010-1775Jun 22, 2010
    risk 0.00cvss epss 0.00

    Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.

  • CVE-2010-2024Jun 7, 2010
    risk 0.00cvss epss 0.00

    transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.

  • CVE-2010-2023Jun 7, 2010
    risk 0.00cvss epss 0.00

    transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's…

  • CVE-2010-1151Apr 20, 2010
    risk 0.00cvss epss 0.04

    Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.

  • CVE-2010-1161Apr 16, 2010
    risk 0.00cvss epss 0.00

    Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.

  • CVE-2010-0436Apr 15, 2010
    risk 0.00cvss epss 0.00

    Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related…

  • CVE-2010-1228Apr 1, 2010
    risk 0.00cvss epss 0.01

    Multiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and attack vectors.

  • CVE-2010-0532Mar 31, 2010
    risk 0.00cvss epss 0.00

    Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.

  • CVE-2010-1123Mar 26, 2010
    risk 0.00cvss epss 0.00

    Chip Salzenberg Deliver does not properly associate a lockfile with the user who created the file, which allows local users to cause a denial of service (blockage of incoming e-mail) by creating lockfiles for arbitrary mailboxes.

  • CVE-2010-0732Mar 19, 2010
    risk 0.00cvss epss 0.00

    gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking…

  • CVE-2010-0923Mar 3, 2010
    risk 0.00cvss epss 0.00

    Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to…

  • CVE-2009-4440Dec 28, 2009
    risk 0.00cvss epss 0.02

    Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and…

  • CVE-2009-4029Dec 20, 2009
    risk 0.00cvss epss 0.00

    The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a…