CWE-362— Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
2,125 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-362page 22 of 43
- CVE-2022-3042HIGHCVSS 8.8EG 8.82022-09-26
Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-3049HIGHCVSS 8.8EG 8.82022-09-26
Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-3071HIGHCVSS 8.8EG 8.82022-09-26
Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.
- CVE-2022-31015MEDIUMCVSS 6.5EG 6.52022-05-31
Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread…
- CVE-2022-31251MEDIUMCVSS 6.5EG 7.02022-09-07
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prio…
- CVE-2022-31645HIGHCVSS 7.8EG 7.82023-06-14
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
- CVE-2022-31758MEDIUMCVSS 4.7EG 4.72022-06-13
The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
- CVE-2022-32612MEDIUMCVSS 6.4EG 6.42022-11-08
In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID…
- CVE-2022-32613MEDIUMCVSS 6.4EG 6.42022-11-08
In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue…
- CVE-2022-32621MEDIUMCVSS 6.4EG 6.42022-12-05
In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310829; Iss…
- CVE-2022-32645MEDIUMCVSS 4.1EG 4.12023-01-03
In vow, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494477; I…
- CVE-2022-32764HIGHCVSS 7.5EG 7.02023-02-16
Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2022-32844MEDIUMCVSS 6.3EG 6.32023-02-27
A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication.
- CVE-2022-32895MEDIUMCVSS 4.7EG 4.72022-11-01
A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.
- CVE-2022-3303MEDIUMCVSS 4.7EG 4.72022-09-27
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) …
- CVE-2022-3307HIGHCVSS 8.8EG 8.82022-11-01
Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3328HIGHCVSS 7.8EG 7.82024-01-08
Race condition in snap-confine's must_mkdir_and_open_with_perms()
- CVE-2022-33634HIGHCVSS 8.1EG 8.12022-10-11
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2022-33636HIGHCVSS 8.3EG 8.32022-08-09
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CVE-2022-33915HIGHCVSS 7.0EG 7.02022-06-17
Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating t…
- CVE-2022-34696HIGHCVSS 7.8EG 7.82022-08-09
Windows Hyper-V Remote Code Execution Vulnerability
- CVE-2022-34702HIGHCVSS 8.1EG 8.12022-08-09
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
- CVE-2022-34725HIGHCVSS 7.0EG 7.02022-09-13
Windows ALPC Elevation of Privilege Vulnerability
- CVE-2022-34892HIGHCVSS 7.8EG 7.82022-07-18
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in orde…
- CVE-2022-3521LOWCVSS 2.6EG 2.52022-10-16
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommend…
- CVE-2022-3564MEDIUMCVSS 5.5EG 8.02022-10-17
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after fr…
- CVE-2022-3566MEDIUMCVSS 4.6EG 7.12022-10-17
A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a p…
- CVE-2022-3567MEDIUMCVSS 4.6EG 7.12022-10-17
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommend…
- CVE-2022-35796HIGHCVSS 7.5EG 7.52022-08-09
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- CVE-2022-3623MEDIUMCVSS 5.0EG 7.52022-10-20
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack …
- CVE-2022-36318MEDIUMCVSS 5.3EG 5.32022-12-22
When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.
- CVE-2022-3635MEDIUMCVSS 5.5EG 7.02022-10-21
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is …
- CVE-2022-36422MEDIUMCVSS 4.3EG 3.12022-09-09
Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP-PostRatings plugin <= 1.89 at WordPress.
- CVE-2022-37035HIGHCVSS 8.1EG 8.12022-08-02
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Inform…
- CVE-2022-38000HIGHCVSS 8.1EG 8.12022-10-11
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2022-38014HIGHCVSS 7.0EG 7.02022-11-09
Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
- CVE-2022-38021HIGHCVSS 7.0EG 7.02022-10-11
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
- CVE-2022-38027HIGHCVSS 7.0EG 7.02022-10-11
Windows Storage Elevation of Privilege Vulnerability
- CVE-2022-38029HIGHCVSS 7.0EG 7.02022-10-11
Windows ALPC Elevation of Privilege Vulnerability
- CVE-2022-38047HIGHCVSS 8.1EG 8.12022-10-11
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2022-39006MEDIUMCVSS 5.9EG 5.92022-09-16
The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart.
- CVE-2022-39134MEDIUMCVSS 4.7EG 4.72022-12-06
In audio driver, there is a use after free due to a race condition. This could lead to local denial of service in kernel.
- CVE-2022-39188MEDIUMCVSS 4.7EG 4.72022-09-02
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs i…
- CVE-2022-39328CRITICALCVSS 9.8EG 9.82022-11-08
Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an admi…
- CVE-2022-40130MEDIUMCVSS 4.3EG 3.12022-11-18
Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress.
- CVE-2022-40307MEDIUMCVSS 4.7EG 4.72022-09-09
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
- CVE-2022-40310MEDIUMCVSS 4.3EG 3.12022-09-23
Authenticated (subscriber+) Race Condition vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes.
- CVE-2022-4037MEDIUMCVSS 6.4EG 8.52023-01-12
An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeov…
- CVE-2022-41035MEDIUMCVSS 5.3EG 8.32022-10-11
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- CVE-2022-41039HIGHCVSS 8.1EG 8.12022-11-09
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Map vulnerabilities like CWE-362 to your infrastructure
EchelonGraph correlates every CVE — across CWE-362 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →