VYPR

CWE-821

Incorrect Synchronization

BaseIncomplete

Description

The product utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource.

If access to a shared resource is not correctly synchronized, then the resource may not be in a state that is expected by the product. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.

Hierarchy (View 1000)

CVEs mapped to this weakness (5)

  • CVE-2026-21919MedApr 9, 2026
    risk 0.42cvss 6.5epss 0.00

    An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Denial-of-Service (DoS) of the management plane. When NETCONF sessions are quickly…

  • CVE-2024-6657MedOct 11, 2024
    risk 0.42cvss 6.5epss 0.00

    A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. A hard reset is required to recover the peripheral device.

  • CVE-2024-58133MedApr 6, 2025
    risk 0.26cvss 4.0epss 0.00

    In chainmaker-go (aka ChainMaker) before 2.4.0, when making frequent updates to a node's configuration file and restarting this node, concurrent writes by logger.go to a map are mishandled. Creating other logs simultaneously can lead to a read-write conflict and panic.

  • CVE-2024-58132MedApr 6, 2025
    risk 0.26cvss 4.0epss 0.00

    In chainmaker-go (aka ChainMaker) before 2.3.6, multiple updates to a single node's configuration can cause other normal nodes to perform concurrent read and write operations on a map, leading to a panic.

  • CVE-2024-7043Mar 20, 2025
    risk 0.00cvss epss 0.01

    An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the GET /api/v1/files/ interface to retrieve…