CWE-362— Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
2,122 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-362page 21 of 43
- CVE-2022-2583LOWCVSS 3.7EG 3.72022-12-27
A race condition can cause incorrect HTTP request routing.
- CVE-2022-2590HIGHCVSS 7.0EG 7.02022-08-31
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only …
- CVE-2022-2607HIGHCVSS 8.8EG 8.82022-08-12
Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-2608HIGHCVSS 8.8EG 8.82022-08-12
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-2609HIGHCVSS 8.8EG 8.82022-08-12
Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-2617HIGHCVSS 8.8EG 8.82022-08-12
Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-2623HIGHCVSS 8.8EG 8.82022-08-12
Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-26357HIGHCVSS 7.0EG 7.02022-04-05
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are ma…
- CVE-2022-26362MEDIUMCVSS 6.4EG 6.42022-06-09
x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direc…
- CVE-2022-26428MEDIUMCVSS 6.4EG 6.42022-08-01
In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0652126…
- CVE-2022-26450MEDIUMCVSS 6.4EG 6.42022-09-06
In apusys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177801; Issue…
- CVE-2022-26690MEDIUMCVSS 4.7EG 4.72022-05-26
Description: A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to modify protected parts of the file system.
- CVE-2022-26701HIGHCVSS 7.5EG 7.52022-05-26
A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
- CVE-2022-26765MEDIUMCVSS 4.7EG 4.72022-05-26
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass …
- CVE-2022-26807HIGHCVSS 7.0EG 7.02022-04-15
Windows Work Folder Service Elevation of Privilege Vulnerability
- CVE-2022-26808HIGHCVSS 7.0EG 7.02022-04-15
Windows File Explorer Elevation of Privilege Vulnerability
- CVE-2022-26814MEDIUMCVSS 6.6EG 6.62022-04-15
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2022-26817MEDIUMCVSS 6.6EG 6.62022-04-15
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2022-26819MEDIUMCVSS 6.6EG 6.62022-04-15
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2022-26820MEDIUMCVSS 6.6EG 6.62022-04-15
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2022-26821MEDIUMCVSS 6.6EG 6.62022-04-15
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2022-26822MEDIUMCVSS 6.6EG 6.62022-04-15
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2022-26827HIGHCVSS 7.0EG 7.02022-04-15
Windows File Server Resource Management Service Elevation of Privilege Vulnerability
- CVE-2022-26828HIGHCVSS 7.0EG 7.02022-04-15
Windows Bluetooth Driver Elevation of Privilege Vulnerability
- CVE-2022-26829MEDIUMCVSS 6.6EG 6.62022-04-15
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2022-26904HIGHCVSS 7.0EG 9.0⚠ KEV2022-04-15
Windows User Profile Service Elevation of Privilege Vulnerability
- CVE-2022-26928HIGHCVSS 7.0EG 7.02022-09-13
Windows Photo Import API Elevation of Privilege Vulnerability
- CVE-2022-26939HIGHCVSS 7.0EG 7.02022-05-10
Storage Spaces Direct Elevation of Privilege Vulnerability
- CVE-2022-2742HIGHCVSS 8.8EG 8.82023-01-02
Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interact…
- CVE-2022-27481MEDIUMCVSS 5.3EG 5.32022-04-12
A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected d…
- CVE-2022-27626CRITICALCVSS 10.0EG 8.12022-10-20
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute…
- CVE-2022-2854HIGHCVSS 8.8EG 8.82022-09-26
Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-2857HIGHCVSS 8.8EG 8.82022-09-26
Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-28768HIGHCVSS 8.8EG 7.82022-11-17
The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process…
- CVE-2022-28796HIGHCVSS 7.0EG 7.02022-04-08
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
- CVE-2022-29113HIGHCVSS 7.8EG 7.82022-05-10
Windows Digital Media Receiver Elevation of Privilege Vulnerability
- CVE-2022-29116MEDIUMCVSS 4.7EG 4.72022-05-10
Windows Kernel Information Disclosure Vulnerability
- CVE-2022-29527HIGHCVSS 7.0EG 7.02022-04-20
Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition.
- CVE-2022-29582HIGHCVSS 7.0EG 7.02022-04-22
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only…
- CVE-2022-2959HIGHCVSS 7.0EG 7.02022-08-25
A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing opera…
- CVE-2022-2961HIGHCVSS 7.0EG 7.02022-08-29
A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or …
- CVE-2022-30028MEDIUMCVSS 5.9EG 5.92022-06-24
Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token.
- CVE-2022-30127HIGHCVSS 8.3EG 8.32022-06-01
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- CVE-2022-30128HIGHCVSS 8.3EG 8.32022-06-01
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- CVE-2022-30163HIGHCVSS 8.5EG 8.52022-06-15
Windows Hyper-V Remote Code Execution Vulnerability
- CVE-2022-30198HIGHCVSS 8.1EG 8.12022-10-11
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2022-30205MEDIUMCVSS 6.6EG 6.62022-07-12
Windows Group Policy Elevation of Privilege Vulnerability
- CVE-2022-30212MEDIUMCVSS 4.7EG 4.72022-07-12
Windows Connected Devices Platform Service Information Disclosure Vulnerability
- CVE-2022-30214MEDIUMCVSS 6.6EG 6.62022-07-12
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2022-3028HIGHCVSS 7.0EG 7.02022-08-31
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of…
Map vulnerabilities like CWE-362 to your infrastructure
EchelonGraph correlates every CVE — across CWE-362 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →