CWE-362— Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
2,122 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-362page 1 of 43
- CVE-1999-0861NONECVSS 0.0EG 0.01999-08-11
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.
- CVE-2000-0864NONECVSS 0.0EG 0.02000-11-14
Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.
- CVE-2002-2244NONECVSS 0.0EG 0.02002-12-31
Akfingerd 0.5 and earlier versions allow local users to cause a denial of service (crash) via a .plan with a symlink to /dev/urandom or other device, then disconnecting while data is being transferred, which causes a SIGPIPE error that Akf…
- CVE-2002-2374NONECVSS 0.0EG 0.02002-12-31
Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."
- CVE-2003-1438NONECVSS 0.0EG 0.02003-12-31
Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see ses…
- CVE-2003-1562NONECVSS 0.0EG 0.02003-12-31
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attacke…
- CVE-2004-2491NONECVSS 0.0EG 0.02004-12-31
A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML …
- CVE-2004-2659NONECVSS 0.0EG 0.02004-12-31
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or k…
- CVE-2004-2697NONECVSS 0.0EG 0.02004-12-31
The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002.
- CVE-2004-2698NONECVSS 0.0EG 0.02004-12-31
Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file.
- CVE-2005-2352HIGHCVSS 8.1EG 8.12019-11-01
I race condition in Temp files was found in gs-gpl before 8.56 addons scripts.
- CVE-2005-3240NONECVSS 0.0EG 0.02005-12-31
Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within…
- CVE-2005-4883NONECVSS 0.0EG 0.02009-11-20
Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote attackers to cause a denial of service (daemon crash) via invalid "connect frames."
- CVE-2006-0039NONECVSS 0.0EG 0.02006-05-19
Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is incon…
- CVE-2006-1057NONECVSS 0.0EG 0.02006-04-25
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
- CVE-2006-2094NONECVSS 0.0EG 0.02006-04-29
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other…
- CVE-2006-4245HIGHCVSS 8.1EG 8.12019-11-06
archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.
- CVE-2006-4801NONECVSS 0.0EG 0.02006-09-14
Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are executed with raised privileges.
- CVE-2006-5051HIGHCVSS 8.1EG 8.12006-09-27
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
- CVE-2006-5178NONECVSS 0.0EG 0.02006-10-10
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check a…
- CVE-2006-6275NONECVSS 0.0EG 0.02006-12-04
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals.
- CVE-2007-0099NONECVSS 0.0EG 0.02007-01-08
Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nest…
- CVE-2007-0997NONECVSS 0.0EG 0.02007-09-18
Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via …
- CVE-2007-1249NONECVSS 0.0EG 0.02007-03-03
MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.
- CVE-2007-1741NONECVSS 0.0EG 0.02007-04-13
Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink at…
- CVE-2007-2654NONECVSS 0.0EG 0.02007-05-14
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
- CVE-2007-3091NONECVSS 0.0EG 0.02007-06-06
Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform ot…
- CVE-2007-3478NONECVSS 0.0EG 0.02007-06-28
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truety…
- CVE-2007-3970NONECVSS 0.0EG 0.02007-07-25
Race condition in ESET NOD32 Antivirus before 2.2289 allows remote attackers to execute arbitrary code via a crafted CAB file, which triggers heap corruption.
- CVE-2007-4696NONECVSS 0.0EG 0.02007-11-15
Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.
- CVE-2007-4774MEDIUMCVSS 5.9EG 5.92020-01-15
The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process.
- CVE-2007-5132NONECVSS 0.0EG 0.02007-09-27
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts."
- CVE-2007-5154NONECVSS 0.0EG 0.02007-10-01
Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
- CVE-2007-5794NONECVSS 0.0EG 0.02007-11-13
Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this …
- CVE-2007-5847NONECVSS 0.0EG 0.02007-12-19
Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.
- CVE-2007-6180NONECVSS 0.0EG 0.02007-11-30
Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors.
- CVE-2007-6216NONECVSS 0.0EG 0.02007-12-04
Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by t…
- CVE-2007-6599NONECVSS 0.0EG 0.02008-01-04
Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler …
- CVE-2008-0055NONECVSS 0.0EG 0.02008-03-18
Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service …
- CVE-2008-0058NONECVSS 0.0EG 0.02008-03-18
Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated o…
- CVE-2008-0059NONECVSS 0.0EG 0.02008-03-18
Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."
- CVE-2008-0933NONECVSS 0.0EG 0.02008-02-25
Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.
- CVE-2008-1375NONECVSS 0.0EG 0.02008-05-02
Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.
- CVE-2008-1570NONECVSS 0.0EG 0.02008-03-31
Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this …
- CVE-2008-1684NONECVSS 0.0EG 0.02008-04-06
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.
- CVE-2008-2311NONECVSS 0.0EG 0.02008-07-01
Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.
- CVE-2008-2365NONECVSS 0.0EG 0.02008-06-30
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls …
- CVE-2008-2418NONECVSS 0.0EG 0.02008-05-23
Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
- CVE-2008-2538NONECVSS 0.0EG 0.02008-06-03
Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors.
- CVE-2008-2958NONECVSS 0.0EG 0.02008-07-01
Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories.
Map vulnerabilities like CWE-362 to your infrastructure
EchelonGraph correlates every CVE — across CWE-362 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →