VYPR

CWE-413

Improper Resource Locking

BaseDraft

Description

The product does not lock or does not correctly lock a resource when the product must have exclusive access to the resource.

When a resource is not properly locked, an attacker could modify the resource while it is being operated on by the product. This might violate the product's assumption that the resource will not change, potentially leading to unexpected behaviors.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (7)

  • CVE-2025-3450CriOct 7, 2025
    risk 0.65cvss 10.0epss 0.00

    An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions.

  • CVE-2022-24946HigJun 15, 2022
    risk 0.49cvss 7.5epss 0.02

    Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. "24061" and prior, Mitsubishi Electric MELSEC-Q Series…

  • CVE-2025-0003HigNov 24, 2025
    risk 0.47cvss 7.3epss 0.00

    Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability

  • CVE-2022-49737HigMar 16, 2025
    risk 0.43cvss 7.7epss 0.00

    In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not…

  • CVE-2023-32253MedAug 2, 2025
    risk 0.38cvss 5.9epss 0.00

    A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service.

  • CVE-2026-44608MedMay 20, 2026
    risk 0.31cvss 5.9epss 0.00

    NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers) it could result in heap use-after-free and eventual…

  • CVE-2025-69198Jan 19, 2026
    risk 0.00cvss epss 0.00

    Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources (e.g. databases, port allocations, or backups) that can exist for an individual server. These resource limits are applied on a…