CWE-362

Medium likelihood

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Parent: CWE-662 - Improper Synchronization

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

2,400 vulnerabilities with CWE-362
CVE-2015-7613
Linux kernel <4.2.3 - Privilege Escalation
CVE-2015-6761
FFmpeg < 2.8.1 - Denial of Service via Race Condition in VP8 Update Dimensions
CVE-2015-4510
Firefox < 40.0.3 - Use-After-Free via Shared Worker and IndexedDB Interaction
CVE-2015-3247
SPICE 0.12.4 - DoS/Privilege Escalation
CVE-2015-5189
Pacemaker/PCS < 0.9.139 - Authenticated Privilege Escalation via Username Validation Race Condition
CVE-2015-3212
Linux Kernel < 4.1.1 - Denial of Service via SCTP Socket Race Condition
CVE-2015-5754
macOS < 10.10.5 - Privilege Escalation via Install Framework Legacy Runner Race Condition
CVE-2015-4481
Firefox < 40.0 - Race Condition via Hard Link to Log File
CVE-2015-2418
Microsoft Malicious Software Removal Tool < 5.25 - Privilege Escalation via DLL Race Condition
CVE-2015-3216
Red Hat Enterprise Linux 7 - Denial of Service via PRNG Lock Race Condition
CVE-2015-3709
Apple OS X <10.10.4 - Privilege Escalation
CVE-2015-4199
Cisco IOS 15.3S - Denial of Service via IPv6-to-IPv4 Race Condition
CVE-2015-4203
Cisco IOS 12.2SCH - Denial of Service via Malformed MPLS 6VPE Packets
CVE-2015-1791
OpenSSL < 0.9.8zg, 1.0.0 < 1.0.0s, 1.0.1 < 1.0.1n, 1.0.2 < 1.0.2b - DoS via Race Condition
CVE-2015-3339
Linux kernel <3.19.6 - Privilege Escalation
CVE-2015-2715
Firefox < 38.0 - Remote Code Execution via Media Decoder Thread Race Condition
CVE-2015-3081
Adobe Flash Player <13.0.0.289-17.0.0.188 - Info Disclosure
CVE-2015-2234
Lenovo System Update < 5.06.0027 - Privilege Escalation via Race Condition in Update Files Directory
CVE-2015-1882
IBM WebSphere Application Server 8.5 Liberty Profile < 8.5.5.5 - Privilege Escalation via EJB Race Condition
CVE-2015-2706
Firefox < 37.0.1 - Use-After-Free via Crafted Plugin Initialization
CVE-2015-1099
macOS < 10.10.3 - Denial of Service via setreuid Race Condition
CVE-2015-1234
Google Chrome <41.0.2272.118 - Buffer Overflow
CVE-2015-1420
Linux kernel <3.19.1 - Info Disclosure
CVE-2015-0654
Cisco Intrusion Prevention System - Denial of Service via TLS HTTPS Session Race Condition
CVE-2015-0632
Cisco IOS and IOS XE - Denial of Service via Neighbor Discovery Router Solicitation Flood
Details
Vulnerabilities 2,400
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits