VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 54 of 55
  • CVE-2008-0055Mar 18, 2008
    risk 0.00cvss epss 0.00

    Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges.

  • CVE-2008-0058Mar 18, 2008
    risk 0.00cvss epss 0.03

    Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.

  • CVE-2008-0933Feb 25, 2008
    risk 0.00cvss epss 0.00

    Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.

  • CVE-2007-6429Jan 18, 2008
    risk 0.00cvss epss 0.03

    Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a…

  • CVE-2007-6599Jan 4, 2008
    risk 0.00cvss epss 0.02

    Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to…

  • CVE-2007-5847Dec 19, 2007
    risk 0.00cvss epss 0.00

    Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.

  • CVE-2007-6216Dec 4, 2007
    risk 0.00cvss epss 0.00

    Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by the (1) cfgadm and (2) format programs.

  • CVE-2007-6180Nov 30, 2007
    risk 0.00cvss epss 0.01

    Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors.

  • CVE-2007-6077Nov 21, 2007
    risk 0.00cvss epss 0.03

    The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest,…

  • CVE-2007-4696Nov 15, 2007
    risk 0.00cvss epss 0.01

    Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.

  • CVE-2007-5794Nov 13, 2007
    risk 0.00cvss epss 0.01

    Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for…

  • CVE-2007-5154Oct 1, 2007
    risk 0.00cvss epss 0.01

    Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

  • CVE-2007-5132Sep 27, 2007
    risk 0.00cvss epss 0.00

    Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts."

  • CVE-2007-0997Sep 18, 2007
    risk 0.00cvss epss 0.00

    Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a…

  • CVE-2007-3970Jul 25, 2007
    risk 0.00cvss epss 0.06

    Race condition in ESET NOD32 Antivirus before 2.2289 allows remote attackers to execute arbitrary code via a crafted CAB file, which triggers heap corruption.

  • CVE-2007-3478Jun 28, 2007
    risk 0.00cvss epss 0.02

    Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.

  • CVE-2007-2400Jun 25, 2007
    risk 0.00cvss epss 0.03

    Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via…

  • CVE-2007-2654May 14, 2007
    risk 0.00cvss epss 0.00

    xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.

  • CVE-2007-1741Apr 13, 2007
    risk 0.00cvss epss 0.01

    Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is…

  • CVE-2007-1249Mar 3, 2007
    risk 0.00cvss epss 0.01

    MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.