CWE-662
Improper Synchronization
Description
The product utilizes multiple threads, processes, components, or systems to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-25 · CAPEC-26 · CAPEC-27 · CAPEC-29
CVEs mapped to this weakness (27)
page 1 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8368 | Hig | 0.56 | 8.6 | 0.03 | Feb 13, 2017 | An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote… | ||
| CVE-2024-7409 | Hig | 0.49 | 7.5 | 0.01 | Aug 5, 2024 | A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline. | ||
| CVE-2026-39865 | Med | 0.31 | 5.9 | 0.01 | Apr 8, 2026 | Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures.… | ||
| CVE-2025-22853 | — | Low | 0.15 | 2.3 | 0.00 | Aug 12, 2025 | Improper synchronization in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. | |
| CVE-2026-47703 | 0.00 | — | 0.00 | Jun 4, 2026 | ## Summary This report covers the client-triggered DoQ forwarding path in: - `dnsproxy` `v0.81.2` (`adguard/dnsproxy:v0.81.2`) - `AdGuard Home` `v0.107.74` (`adguard/adguardhome:latest`, image version label `v0.107.74`) The issue was reproduced on `2026-04-25` with the… | |||
| CVE-2026-28789 | 0.00 | — | 0.00 | Mar 5, 2026 | OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared… | |||
| CVE-2025-27104 | 0.00 | — | 0.00 | Feb 21, 2025 | vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body (e.g. read a… | |||
| CVE-2024-32644 | 0.00 | — | 0.01 | Apr 19, 2024 | Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a… | |||
| CVE-2023-2801 | 0.00 | — | 0.01 | Jun 6, 2023 | Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at… | |||
| CVE-2022-25210 | — | 0.00 | — | 0.01 | Feb 15, 2022 | Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured. | ||
| CVE-2021-41213 | 0.00 | — | 0.00 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object.… | |||
| CVE-2020-36204 | — | 0.00 | — | 0.00 | Jan 22, 2021 | An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur. | ||
| CVE-2020-36206 | — | 0.00 | — | 0.00 | Jan 22, 2021 | An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur. | ||
| CVE-2020-36207 | — | 0.00 | — | 0.00 | Jan 22, 2021 | An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. | ||
| CVE-2020-36208 | — | 0.00 | — | 0.00 | Jan 22, 2021 | An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption. | ||
| CVE-2020-36209 | — | 0.00 | — | 0.00 | Jan 22, 2021 | An issue was discovered in the late-static crate before 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur. | ||
| CVE-2020-36211 | — | 0.00 | — | 0.00 | Jan 22, 2021 | An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. | ||
| CVE-2020-36214 | — | 0.00 | — | 0.01 | Jan 22, 2021 | An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust. Because a non-Send type can be sent to a different thread, a data race can occur. | ||
| CVE-2020-36215 | — | 0.00 | — | 0.01 | Jan 22, 2021 | An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur. | ||
| CVE-2020-36216 | — | 0.00 | — | 0.01 | Jan 22, 2021 | An issue was discovered in Input in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur. |
- risk 0.56cvss 8.6epss 0.03
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote…
- risk 0.49cvss 7.5epss 0.01
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
- risk 0.31cvss 5.9epss 0.01
Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures.…
- risk 0.15cvss 2.3epss 0.00
Improper synchronization in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2026-47703Jun 4, 2026risk 0.00cvss —epss 0.00
## Summary This report covers the client-triggered DoQ forwarding path in: - `dnsproxy` `v0.81.2` (`adguard/dnsproxy:v0.81.2`) - `AdGuard Home` `v0.107.74` (`adguard/adguardhome:latest`, image version label `v0.107.74`) The issue was reproduced on `2026-04-25` with the…
- CVE-2026-28789Mar 5, 2026risk 0.00cvss —epss 0.00
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared…
- CVE-2025-27104Feb 21, 2025risk 0.00cvss —epss 0.00
vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body (e.g. read a…
- CVE-2024-32644Apr 19, 2024risk 0.00cvss —epss 0.01
Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a…
- CVE-2023-2801Jun 6, 2023risk 0.00cvss —epss 0.01
Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at…
- CVE-2022-25210Feb 15, 2022risk 0.00cvss —epss 0.01
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured.
- CVE-2021-41213Nov 5, 2021risk 0.00cvss —epss 0.00
TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object.…
- CVE-2020-36204Jan 22, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur.
- CVE-2020-36206Jan 22, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur.
- CVE-2020-36207Jan 22, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.
- CVE-2020-36208Jan 22, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption.
- CVE-2020-36209Jan 22, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the late-static crate before 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur.
- CVE-2020-36211Jan 22, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.
- CVE-2020-36214Jan 22, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust. Because a non-Send type can be sent to a different thread, a data race can occur.
- CVE-2020-36215Jan 22, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur.
- CVE-2020-36216Jan 22, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Input in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur.