CWE-362— Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
2,122 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-362page 11 of 43
- CVE-2019-11215HIGHCVSS 8.1EG 8.12020-02-14
In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration fil…
- CVE-2019-11486HIGHCVSS 7.0EG 7.02019-04-23
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
- CVE-2019-11546MEDIUMCVSS 5.3EG 5.32019-09-09
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially …
- CVE-2019-11675HIGHCVSS 7.0EG 7.02019-05-02
The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a ra…
- CVE-2019-11736HIGHCVSS 7.0EG 7.02019-09-27
The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged…
- CVE-2019-11761MEDIUMCVSS 5.4EG 5.42020-01-08
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in dept…
- CVE-2019-11815HIGHCVSS 8.1EG 8.12019-05-08
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
- CVE-2019-11922HIGHCVSS 8.1EG 8.12019-07-25
A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.
- CVE-2019-12263HIGHCVSS 8.1EG 8.12019-08-09
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.
- CVE-2019-12448HIGHCVSS 8.1EG 8.12019-05-29
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.
- CVE-2019-12450CRITICALCVSS 9.8EG 9.82019-05-29
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
- CVE-2019-13178HIGHCVSS 8.1EG 8.12019-07-02
modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.
- CVE-2019-13226HIGHCVSS 7.0EG 7.02019-07-04
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this l…
- CVE-2019-13233HIGHCVSS 7.0EG 7.02019-07-04
In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation.
- CVE-2019-13627MEDIUMCVSS 6.3EG 6.32019-09-25
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
- CVE-2019-14070HIGHCVSS 7.0EG 7.02020-04-16
Possible use after free issue in pcm volume controls due to race condition exist in private data used in mixer controls in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdrag…
- CVE-2019-14072HIGHCVSS 7.0EG 7.02020-03-05
Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free and sparse bind ioctls which access the same physical entry in Snapdragon Auto, Snapdragon Compute, Snapdragon …
- CVE-2019-1416HIGHCVSS 7.0EG 7.02019-11-12
An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.
- CVE-2019-14694MEDIUMCVSS 4.7EG 4.72019-08-28
A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the minifilter for directory change notifications.…
- CVE-2019-14711HIGHCVSS 7.0EG 7.02020-10-23
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.
- CVE-2019-14810MEDIUMCVSS 5.9EG 5.92019-10-10
A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer potentially allowing the possibility of …
- CVE-2019-14898HIGHCVSS 7.0EG 7.02020-05-08
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a …
- CVE-2019-15879HIGHCVSS 7.4EG 7.42020-05-13
In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowin…
- CVE-2019-16354MEDIUMCVSS 4.7EG 4.72019-09-16
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.
- CVE-2019-16779MEDIUMCVSS 5.8EG 5.82019-12-16
In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returni…
- CVE-2019-17010HIGHCVSS 7.5EG 7.52020-01-08
Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird …
- CVE-2019-17011HIGHCVSS 7.5EG 7.52020-01-08
Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Fire…
- CVE-2019-17021MEDIUMCVSS 5.3EG 5.32020-01-08
During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffect…
- CVE-2019-17341HIGHCVSS 7.8EG 7.82019-10-08
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.
- CVE-2019-17342HIGHCVSS 7.0EG 7.02019-10-08
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.
- CVE-2019-18421HIGHCVSS 7.5EG 7.52019-10-31
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operatio…
- CVE-2019-18567MEDIUMCVSS 6.3EG 6.32020-02-03
Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service.
- CVE-2019-18683HIGHCVSS 7.0EG 7.02019-11-04
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to …
- CVE-2019-18684HIGHCVSS 7.0EG 7.02019-11-04
Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. Th…
- CVE-2019-18827MEDIUMCVSS 5.9EG 5.92019-12-16
On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. This means that JTAG access is possible when the system is running code from ROM before handing control over t…
- CVE-2019-18932HIGHCVSS 7.0EG 7.02020-01-21
log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an inse…
- CVE-2019-19017HIGHCVSS 8.1EG 8.12019-12-02
An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system.
- CVE-2019-19278MEDIUMCVSS 6.8EG 6.82020-01-16
A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32..-.....-.... MLFB 6SR4...-.....-.... MLFB 6SR5...-.....-.... With option A30 (HMIs 12 inches or larger) (All versions), SINAMICS PERFECT HARMONY GH180 …
- CVE-2019-19537MEDIUMCVSS 4.2EG 4.22019-12-03
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.
- CVE-2019-19580MEDIUMCVSS 6.6EG 6.62019-12-11
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 …
- CVE-2019-1992HIGHCVSS 7.5EG 7.52019-02-28
In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation…
- CVE-2019-19965MEDIUMCVSS 4.7EG 4.72019-12-25
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
- CVE-2019-2006CRITICALCVSS 9.8EG 9.82019-06-19
In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction…
- CVE-2019-2008HIGHCVSS 7.5EG 7.52019-06-19
In createEffect of AudioFlinger.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitatio…
- CVE-2019-20384MEDIUMCVSS 5.5EG 5.52020-01-21
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a…
- CVE-2019-20568HIGHCVSS 8.1EG 8.12020-03-24
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos and Qualcomm chipsets) software. A race condition causes a Use-After-Free. The Samsung ID is SVE-2019-15067 (September 2019).
- CVE-2019-2095HIGHCVSS 7.0EG 7.02019-06-07
In callGenIDChangeListeners and related functions of SkPixelRef.cpp, there is a possible use after free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is n…
- CVE-2019-2121HIGHCVSS 7.0EG 7.02019-08-20
In ActivityManagerService.attachApplication of ActivityManagerService, there is a possible race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for …
- CVE-2019-2188MEDIUMCVSS 6.4EG 6.42019-09-27
In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers…
- CVE-2019-2189MEDIUMCVSS 6.4EG 6.42019-09-27
In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers…
Map vulnerabilities like CWE-362 to your infrastructure
EchelonGraph correlates every CVE — across CWE-362 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →