CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Description
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-26 · CAPEC-29
CVEs mapped to this weakness (1,091)
page 51 of 55| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-3494 | 0.00 | — | 0.02 | Oct 19, 2010 | Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None… | |||
| CVE-2010-3493 | 0.00 | — | 0.03 | Oct 19, 2010 | Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected… | |||
| CVE-2009-5011 | 0.00 | — | 0.01 | Oct 19, 2010 | Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a… | |||
| CVE-2009-5010 | 0.00 | — | 0.01 | Oct 19, 2010 | Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value… | |||
| CVE-2010-2653 | 0.00 | — | 0.00 | Oct 5, 2010 | Race condition in the hvc_close function in drivers/char/hvc_console.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service or possibly have unspecified other impact by closing a Hypervisor Virtual Console device, related to the hvc_open and… | |||
| CVE-2010-3412 | 0.00 | — | 0.01 | Sep 16, 2010 | Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors. | |||
| CVE-2010-2792 | 0.00 | — | 0.00 | Aug 30, 2010 | Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0,… | |||
| CVE-2010-1775 | 0.00 | — | 0.00 | Jun 22, 2010 | Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. | |||
| CVE-2010-2024 | 0.00 | — | 0.00 | Jun 7, 2010 | transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/. | |||
| CVE-2010-2023 | 0.00 | — | 0.00 | Jun 7, 2010 | transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's… | |||
| CVE-2010-1151 | 0.00 | — | 0.04 | Apr 20, 2010 | Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials. | |||
| CVE-2010-1161 | 0.00 | — | 0.00 | Apr 16, 2010 | Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files. | |||
| CVE-2010-0436 | 0.00 | — | 0.00 | Apr 15, 2010 | Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related… | |||
| CVE-2010-1228 | 0.00 | — | 0.01 | Apr 1, 2010 | Multiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and attack vectors. | |||
| CVE-2010-0532 | 0.00 | — | 0.00 | Mar 31, 2010 | Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. | |||
| CVE-2010-1123 | 0.00 | — | 0.00 | Mar 26, 2010 | Chip Salzenberg Deliver does not properly associate a lockfile with the user who created the file, which allows local users to cause a denial of service (blockage of incoming e-mail) by creating lockfiles for arbitrary mailboxes. | |||
| CVE-2010-0732 | 0.00 | — | 0.00 | Mar 19, 2010 | gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking… | |||
| CVE-2010-0923 | 0.00 | — | 0.00 | Mar 3, 2010 | Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to… | |||
| CVE-2009-4440 | 0.00 | — | 0.02 | Dec 28, 2009 | Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and… | |||
| CVE-2009-4029 | 0.00 | — | 0.00 | Dec 20, 2009 | The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a… |
- CVE-2010-3494Oct 19, 2010risk 0.00cvss —epss 0.02
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None…
- CVE-2010-3493Oct 19, 2010risk 0.00cvss —epss 0.03
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected…
- CVE-2009-5011Oct 19, 2010risk 0.00cvss —epss 0.01
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a…
- CVE-2009-5010Oct 19, 2010risk 0.00cvss —epss 0.01
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value…
- CVE-2010-2653Oct 5, 2010risk 0.00cvss —epss 0.00
Race condition in the hvc_close function in drivers/char/hvc_console.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service or possibly have unspecified other impact by closing a Hypervisor Virtual Console device, related to the hvc_open and…
- CVE-2010-3412Sep 16, 2010risk 0.00cvss —epss 0.01
Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors.
- CVE-2010-2792Aug 30, 2010risk 0.00cvss —epss 0.00
Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0,…
- CVE-2010-1775Jun 22, 2010risk 0.00cvss —epss 0.00
Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.
- CVE-2010-2024Jun 7, 2010risk 0.00cvss —epss 0.00
transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
- CVE-2010-2023Jun 7, 2010risk 0.00cvss —epss 0.00
transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's…
- CVE-2010-1151Apr 20, 2010risk 0.00cvss —epss 0.04
Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
- CVE-2010-1161Apr 16, 2010risk 0.00cvss —epss 0.00
Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.
- CVE-2010-0436Apr 15, 2010risk 0.00cvss —epss 0.00
Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related…
- CVE-2010-1228Apr 1, 2010risk 0.00cvss —epss 0.01
Multiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and attack vectors.
- CVE-2010-0532Mar 31, 2010risk 0.00cvss —epss 0.00
Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.
- CVE-2010-1123Mar 26, 2010risk 0.00cvss —epss 0.00
Chip Salzenberg Deliver does not properly associate a lockfile with the user who created the file, which allows local users to cause a denial of service (blockage of incoming e-mail) by creating lockfiles for arbitrary mailboxes.
- CVE-2010-0732Mar 19, 2010risk 0.00cvss —epss 0.00
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking…
- CVE-2010-0923Mar 3, 2010risk 0.00cvss —epss 0.00
Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to…
- CVE-2009-4440Dec 28, 2009risk 0.00cvss —epss 0.02
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and…
- CVE-2009-4029Dec 20, 2009risk 0.00cvss —epss 0.00
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a…