CWE-362

Medium likelihood

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Parent: CWE-662 - Improper Synchronization

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

2,400 vulnerabilities with CWE-362
CVE-2014-2706
Linux Kernel < 3.13.7 - Denial of Service via mac80211 WLAN Power-Save Mode Race Condition
CVE-2014-2848
Nessus 5.2.1 - Local Privilege Escalation via WMI Malware Scan Plugin Race Condition
CVE-2014-2672
Linux Kernel 3.2-3.2.56 - Denial of Service via ath_tx_aggr_sleep Race Condition
CVE-2014-0062
PostgreSQL < 8.4.19 - Authenticated Race Condition via CREATE INDEX or ALTER TABLE
CVE-2014-0100
Linux Kernel 3.9-3.10.37 - Use-After-Free via Fragmented ICMP Echo Request Packets
CVE-2014-0703
Cisco Wireless LAN Controller < 7.4.110.0 - Unauthenticated Administrative HTTP Server Bypass via Race Condition
CVE-2014-2243
MediaWiki <1.19.12, <1.20.x, <1.21.6, <1.22.3 - Info Disclosure
CVE-2014-0710
Cisco Firewall Services Module Software 3.x-4.x - Denial of Service via Cut-Through Proxy Race Condition
CVE-2014-1921
parcimonie <0.8.1 - Info Disclosure
CVE-2014-1490
Mozilla Firefox < 24.3 - Use-After-Free via Session Ticket Replacement in Resumption Handshake
CVE-2014-1447
libvirt < 1.2.1 - Denial of Service via Keepalive Response Race Condition
CVE-2014-0616
Juniper Junos DoS via BGP UPDATE Message Race Condition
CVE-2013-3685 HIGH
Sprite Software SpriteBackup and SpriteBud - Privilege Escalation via Race Condition in Spritebud Daemon
CVSS 7.0
CVE-2013-6458
libvirt < 1.2.1 - Denial of Service via Race Condition in Disk Attachment Verification
CVE-2013-7283
libreswan 3.6 - Race Condition via Temporary File Handling
CVE-2013-7026
Linux Kernel < 3.12.2 - Use-After-Free via shmctl IPC_RMID Race Condition
CVE-2013-4481
Luci 0.26.0 - Information Disclosure via Race Condition in File Permissions
CVE-2013-4740
Qualcomm QUIC Mobile Station Modem Kernel - Memory Corruption via Goodix gt915 Touchscreen Driver Procfs Handler
CVE-2013-5164
iPhone OS < 7.0.3 - Unauthenticated Race Condition in Phone App Contacts Pane
CVE-2013-5512
Cisco ASA 8.2-9.1 DoS via HTTP Deep Packet Inspection Race Condition
CVE-2013-4327
systemd < 207 - Local Privilege Escalation via PolkitUnixProcess Race Condition
CVE-2013-4288
Opensuse < 0.112.1 - Race Condition
CVE-2013-2906
Google Chrome < 30.0.1599.66 - Denial of Service via Web Audio Threading Race Conditions
CVE-2013-5474
Cisco IOS 12.2-12.4 and 15.0-15.3 - Denial of Service via IPv6 Virtual Fragmentation Reassembly
CVE-2013-5147
iPhone OS < 6.1.4 - Passcode Lock Bypass via Race Condition
Details
Vulnerabilities 2,400
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits