VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 9 of 55
  • CVE-2016-2812HigApr 30, 2016
    risk 0.49cvss 7.5epss 0.02

    Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.

  • CVE-2010-1437HigMay 7, 2010
    risk 0.49cvss 7.0epss 0.01

    Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands…

  • CVE-2009-3547HigNov 4, 2009
    risk 0.49cvss 7.0epss 0.05

    Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

  • CVE-2009-1837HigJun 12, 2009
    risk 0.49cvss 7.5epss 0.04

    Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free…

  • CVE-2026-35099HigApr 1, 2026
    risk 0.48cvss 7.4epss 0.00

    Lakeside SysTrack Agent 11 before 11.5.0.15 has a race condition with resultant local privilege escalation to SYSTEM. The fixed versions are 11.2.1.28, 11.3.0.38, 11.4.0.24, and 11.5.0.15.

  • CVE-2017-12410HigMar 26, 2018
    risk 0.48cvss 7.4epss 0.00

    It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in…

  • CVE-2016-6516HigAug 6, 2016
    risk 0.48cvss 7.4epss 0.01

    Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability.

  • CVE-2013-1292HigApr 9, 2013
    risk 0.48cvss 7.4epss 0.01

    Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages…

  • CVE-2013-1278HigFeb 13, 2013
    risk 0.48cvss 7.4epss 0.01

    Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted…

  • CVE-2026-34856HigApr 13, 2026
    risk 0.47cvss 7.3epss 0.00

    UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-23161HigFeb 14, 2026
    risk 0.47cvss 7.3epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mm/shmem, swap: fix race of truncate and swap entry split The helper for shmem swap freeing is not handling the order of swap entries correctly. It uses xa_cmpxchg_irq to erase the swap entry, but it gets the…

  • CVE-2025-20104HigMay 13, 2025
    risk 0.47cvss 7.3epss 0.00

    Race condition in some Administrative Tools for some Intel(R) Network Adapters package before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-36262HigFeb 12, 2025
    risk 0.47cvss 7.2epss 0.00

    Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2017-11823MedOct 13, 2017
    risk 0.47cvss 6.7epss 0.03

    The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".

  • CVE-2026-54229HigJun 13, 2026
    risk 0.46cvss 7.0epss 0.00

    A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DD_OPEN_READONLY and calls dd_chown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a…

  • CVE-2022-26758HigJun 10, 2026
    risk 0.46cvss 7.1epss 0.00

    A malicious application may cause unexpected changes in memory shared between processes. A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4.

  • CVE-2026-45603HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45601HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45598HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45597HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally.