CWE-667

Improper Locking

Parent: CWE-662 - Improper Synchronization

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

690 vulnerabilities with CWE-667
CVE-2019-2025 HIGH
Android - Use-After-Free in binder_thread_read
CVSS 7.8
CVE-2019-6322 MEDIUM
HP Z4 G4 Workstation Firmware < 1.70 - Improper Locking
CVSS 6.8
CVE-2019-6321 HIGH
HP Z4/Z6/Z8 G4 Workstation Firmware - Runtime BIOS Code Tampering via TPM Disabled State
CVSS 7.2
CVE-2019-1732 MEDIUM
Cisco NX-OS 7.0(3)I4-7.0(3)I7(4) & 7.0(3)-7.0(3)F3(5) - OS Command Injection via RPM Race Condition
CVSS 6.4
CVE-2019-1649 MEDIUM
Cisco ASA 5500 Firmware < 1.1.15 - Authenticated Arbitrary Firmware Write via FPGA Update Handler
CVSS 6.7
CVE-2019-2050 HIGH
Android 8.0-9 - Use-After-Free in WificondControl.java
CVSS 7.8
CVE-2019-11599 HIGH
Linux kernel <5.0.10 - Info Disclosure
CVSS 7.0
CVE-2019-3901 MEDIUM
Linux Kernel < 4.8 - Information Disclosure via Race Condition in perf_event_open()
CVSS 4.7
CVE-2019-6156 LOW
Lenovo 510-15IKL and other Ideacentre/Legion Firmware - Improper Locking in SPI Protected Range Registers
CVSS 3.3
CVE-2019-5886 CRITICAL
ShopXO 1.2.0 - Unauthenticated Database Reinstallation and Arbitrary Code Execution via Missing Lock File Validation
CVSS 9.8
CVE-2018-9344 HIGH
Android - Use-After-Free in DescramblerImpl.cpp
CVSS 7.8
CVE-2018-0381 MEDIUM
Cisco Aironet Series Access Points - Authenticated Denial of Service via SSID Transition Deadlock
CVSS 6.8
CVE-2018-15390 MEDIUM
Cisco Firepower Threat Defense - DoS
CVSS 6.8
CVE-2018-0228 HIGH
Cisco ASA 9.1-9.1.7.20, 9.2-9.2.4.27 & FTD 6.0-6.1.0.6 DoS via Ingress Flow Creation
CVSS 8.6
CVE-2018-1000127 HIGH
memcached <1.4.37 - Memory Corruption
CVSS 7.5
CVE-2010-4210 HIGH
FreeBSD 7.x < 7.3-RELEASE and 8.x < 8.0-RC1 - DoS and Memory Overwrite via pfs_getextattr
CVSS 7.8
CVE-2009-4272 HIGH
Linux Kernel 2.6.18 on RHEL 5 - Denial of Service via IPv4 Routing Hash Table Collision
CVSS 7.5
CVE-2009-2699 HIGH
Apache HTTP Server 2.2.0-2.2.13 DoS via Solaris Pollset Error Handling
CVSS 7.5
CVE-2009-2857 MEDIUM
OpenSolaris < snv_103 and Solaris 8-10 - Denial of Service via mmap and Write Deadlock
CVSS 5.5
CVE-2009-1388 MEDIUM
Linux Kernel 2.6.18 - Denial of Service via ptrace and do_coredump Deadlock
CVSS 5.5
CVE-2009-1961 MEDIUM
Linux Kernel < 2.6.19 - Denial of Service via Inode Double Locking Deadlock
CVSS 4.7
CVE-2009-1243 MEDIUM
Linux Kernel < 2.6.29.1 - Denial of Service via /proc/net/udp Read
CVSS 5.5
CVE-2009-0935 MEDIUM
Linux Kernel 2.6.27-2.6.27.13, 2.6.28-2.6.28.2, 2.6.29-rc3 - Denial of Service via inotify_read Function
CVSS 5.5
CVE-2008-4302 MEDIUM
Linux Kernel < 2.6.22.2 - Denial of Service via Splice Subsystem Page Unlock
CVSS 5.5
CVE-2006-4342 MEDIUM
Red Hat Enterprise Linux 3 - Denial of Service via shmat and shmctl Race Condition
CVSS 5.5
Details
Vulnerabilities 690
Links
MITRE CWE Entry Search this CWE With Exploits