CWE-362

Medium likelihood

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Parent: CWE-662 - Improper Synchronization

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

2,400 vulnerabilities with CWE-362
CVE-2010-0017
Windows 7 and Server 2008 - Remote Code Execution via SMB Negotiate Response Race Condition
CVE-2009-4011 HIGH
dtc-xen <0.5.4 - Privilege Escalation
CVSS 8.1
CVE-2009-5152 MEDIUM
Absolute Computrace Agent - Race Condition via TaskResult.xml File
CVSS 4.1
CVE-2009-5011
pyftpdlib < 0.5.2 - Denial of Service via FTP Connection Race Condition
CVE-2009-5010
pyftpdlib < 0.5.1 - Denial of Service via FTP Connection Race Condition
CVE-2009-4895 MEDIUM
Linux Kernel < 2.6.32.6 - Race Condition in tty_fasync
CVSS 4.7
CVE-2009-4440
Sun Java System Directory Server 6.0-6.3.1 - Remote Privilege Escalation via Bind Hijacking
CVE-2009-4029
GNU Automake <1.11.1-branch-1-9 - Local Privilege Escalation
CVE-2009-4129
Firefox - Spoofed JavaScript Message via Race Condition
CVE-2009-4226
OpenSolaris snv_106-snv_124 - Denial of Service via Race Condition in IP Module
CVE-2009-4027
Linux Kernel <2.6.32-rc8-next - DoS
CVE-2009-2836
Mac OS X 10.6.x < 10.6.2 - Unauthenticated Password Authentication Bypass via Login Window Race Condition
CVE-2009-3547 HIGH
Linux Kernel < 2.6.32-rc6 - Race Condition in Pipe Handling via /proc/*/fd/ Pathname
CVSS 7.0
CVE-2009-3527
FreeBSD 6.3-6.4 - Race Condition in Pipe Close Function
CVE-2009-3447
RADactive I-Load < 2008.2.5.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Predictable Filename
CVE-2009-2794
Apple iPhone OS <3.1-3.1.1 - Privilege Escalation
CVE-2009-3110
Symantec Altiris Deployment Solution 6.9.x - Race Condition in File Transfer Functionality
CVE-2009-2724
Sun Java SE 5.0 <Update 20 - Unknown Impact
CVE-2009-2644
OpenSolaris - Denial of Service via Race Condition in Auditing Subsystem
CVE-2009-1894
PulseAudio <0.9.14 - Privilege Escalation
CVE-2009-2314
Sun Lightweight Availability Collection Tool <3.0 - Info Disclosure
CVE-2009-2135
OpenSolaris < snv_107 - Denial of Service via Event Port API Race Condition
CVE-2009-1837 HIGH
Firefox 3.0-3.0.10 - Remote Code Execution via Race Condition in Java Applet Loading
CVSS 7.5
CVE-2009-1707
Safari < 4.0 - Local Password Exposure via Reset Safari Race Condition
CVE-2009-1786
IBM AIX 5.3 and 6.1 - Arbitrary File Creation or Overwrite via MALLOCDEBUG Log File Symlink
Details
Vulnerabilities 2,400
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits