VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 55 of 55
  • CVE-2006-6275Dec 4, 2006
    risk 0.00cvss epss 0.00

    Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals.

  • CVE-2006-4801Sep 14, 2006
    risk 0.00cvss epss 0.00

    Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are executed with raised privileges.

  • CVE-2006-0039May 19, 2006
    risk 0.00cvss epss 0.00

    Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which…

  • CVE-2006-1057Apr 25, 2006
    risk 0.00cvss epss 0.00

    Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.

  • CVE-2005-3240Dec 31, 2005
    risk 0.00cvss epss 0.06

    Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag…

  • CVE-2004-2659Dec 31, 2004
    risk 0.00cvss epss 0.01

    Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the…

  • CVE-2003-1562Dec 31, 2003
    risk 0.00cvss epss 0.06

    sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to…

  • CVE-2003-1438Dec 31, 2003
    risk 0.00cvss epss 0.01

    Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another…

  • CVE-2002-2244Dec 31, 2002
    risk 0.00cvss epss 0.00

    Akfingerd 0.5 and earlier versions allow local users to cause a denial of service (crash) via a .plan with a symlink to /dev/urandom or other device, then disconnecting while data is being transferred, which causes a SIGPIPE error that Akfingerd cannot handle.

  • CVE-2002-2374Dec 31, 2002
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."

  • CVE-1999-0861Aug 11, 1999
    risk 0.00cvss epss 0.03

    Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.