CWE-362

Medium likelihood

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Parent: CWE-662 - Improper Synchronization

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

2,391 vulnerabilities with CWE-362
CVE-2023-21101 HIGH
Android - Use-After-Free via Race Condition in WVDrmPlugin.cpp
CVSS 7.0
CVE-2023-21095 MEDIUM
Android 12L 13 - Local Privilege Escalation via RecentsAnimationDeviceState Race Condition
CVSS 4.7
CVE-2023-20750 MEDIUM
Android - Local Information Disclosure via Race Condition in swpm
CVSS 4.1
CVE-2023-20736 MEDIUM
iot-yocto - Local Privilege Escalation via Race Condition in vcu
CVSS 6.4
CVE-2023-29537 HIGH
Firefox and Focus for Android < 112.0 - Remote Code Execution via Font Initialization Race Condition
CVSS 7.5
CVE-2023-33974 HIGH
RIOT-OS < 2023.01 - Denial of Service via 6LoWPAN Frame Race Condition
CVSS 7.5
CVE-2023-30571 LOW
libarchive < 3.6.2 - Race Condition Leading to World-Writable Directory Permissions
CVSS 3.9
CVE-2023-2898 MEDIUM
Linux Kernel - Denial of Service via Null Pointer Dereference in f2fs_write_end_io
CVSS 4.7
CVE-2023-28320 MEDIUM
curl < 8.1.0 - Denial of Service via Synchronous Resolver Race Condition
CVSS 5.9
CVE-2023-31225 LOW
Huawei EMUI - Race Condition in Gallery App
CVSS 3.3
CVE-2023-33203 MEDIUM
Linux kernel <6.2.9 - Use After Free
CVSS 6.4
CVE-2023-32570 MEDIUM
dav1d < 1.2.0 - Denial of Service via Race Condition in dav1d_decode_frame_exit
CVSS 5.9
CVE-2023-28126 MEDIUM
Ivanti Avalanche < 6.3.4.153 - Authentication Bypass via SetUser Method or Race Condition
CVSS 5.9
CVE-2023-28125 MEDIUM
Ivanti Avalanche < 6.3.4.153 - Authentication Bypass via Message Registration
CVSS 5.9
CVE-2023-24903 HIGH
Microsoft Windows SSTP - Remote Code Execution
CVSS 8.1
CVE-2023-24899 HIGH
Windows Graphics Component - Privilege Escalation
CVSS 7.0
CVE-2023-28201 CRITICAL
Safari < 16.4 - Remote Code Execution via Race Condition
CVSS 9.8
CVE-2023-27952 MEDIUM
macOS < 13.3 - Gatekeeper Bypass via Race Condition
CVSS 4.7
CVE-2023-21712 HIGH
Windows Point-to-Point Tunneling Protocol - Remote Code Execution
CVSS 8.1
CVE-2023-2006 HIGH
Linux Kernel >=5.10 <5.10.157 - Privilege Escalation via RxRPC Bundle Processing Race Condition
CVSS 7.0
CVE-2023-31083 MEDIUM
Linux kernel <6.2 - Info Disclosure
CVSS 4.7
CVE-2023-28142 MEDIUM
Qualys Cloud Agent 3.1.3.34-4.5.3.1 - Privilege Escalation via Uninstall Race Condition
CVSS 6.7
CVE-2023-30543 MEDIUM
Uniswap web3-react_coinbase-wallet 6.0.0-6.2.13 - Race Condition in Chain ID Update
CVSS 5.2
CVE-2023-28984 MEDIUM
Juniper Networks Junos OS - QFX Series - Use After Free
CVSS 5.3
CVE-2023-26980 HIGH
PAX Technology PAX A920 Pro PayDroid 8.1 - Privilege Escalation
CVSS 7.0
Details
Vulnerabilities 2,391
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits