CWE-362
Allowed-with-ReviewConcurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Abstraction: Class · Status: Draft
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
2909 vulnerabilities reference this CWE, most recent first.
GHSA-686H-J8R8-WMFM
Vulnerability from github – Published: 2021-08-25 20:57 – Updated: 2021-08-24 17:53Affected versions of this crate unconditionally implement Send/Sync for RcuCell<T>.
This allows users to send T: !Send to other threads (while T enclosed within RcuCell<T>), and allows users to concurrently access T: !Sync by using the APIs of RcuCell<T> that provide access to &T.
This can result in memory corruption caused by data races.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rcu_cell"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-36451"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-77"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-18T20:29:49Z",
"nvd_published_at": "2021-08-08T06:15:00Z",
"severity": "HIGH"
},
"details": "Affected versions of this crate unconditionally implement Send/Sync for `RcuCell\u003cT\u003e`.\nThis allows users to send `T: !Send` to other threads (while `T` enclosed within `RcuCell\u003cT\u003e`), and allows users to concurrently access `T: !Sync` by using the APIs of `RcuCell\u003cT\u003e` that provide access to `\u0026T`.\n\nThis can result in memory corruption caused by data races.",
"id": "GHSA-686h-j8r8-wmfm",
"modified": "2021-08-24T17:53:47Z",
"published": "2021-08-25T20:57:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36451"
},
{
"type": "WEB",
"url": "https://github.com/Xudong-Huang/rcu_cell/issues/3"
},
{
"type": "WEB",
"url": "https://github.com/Xudong-Huang/rcu_cell/pull/4"
},
{
"type": "WEB",
"url": "https://github.com/Xudong-Huang/rcu_cell/pull/4/commits/1faf18eee11f14969b77ae0f76dcd9ebd437d0c2"
},
{
"type": "PACKAGE",
"url": "https://github.com/Xudong-Huang/rcu_cell"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0131.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Data races in rcu_cell"
}
GHSA-6896-87QW-X945
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-20930"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T18:16:43Z",
"severity": "HIGH"
},
"details": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Management Services allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-6896-87qw-x945",
"modified": "2026-04-14T18:30:36Z",
"published": "2026-04-14T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20930"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20930"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-68R6-XQMG-XHXX
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.
{
"affected": [],
"aliases": [
"CVE-2014-1490"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-02-06T05:44:00Z",
"severity": "HIGH"
},
"details": "Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.",
"id": "GHSA-68r6-xqmg-xhxx",
"modified": "2022-05-13T01:24:47Z",
"published": "2022-05-13T01:24:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1490"
},
{
"type": "WEB",
"url": "https://8pecxstudios.com/?page_id=44080"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930857"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930874"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90885"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"type": "WEB",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/102876"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/56706"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/56767"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/56787"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/56858"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/56888"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/56922"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2014/dsa-2858"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/65335"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1029717"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1029720"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1029721"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2102-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2102-2"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2119-1"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-68RP-59F9-XH9X
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-32159"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T18:17:17Z",
"severity": "HIGH"
},
"details": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Push Notifications allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-68rp-59f9-xh9x",
"modified": "2026-04-14T18:30:41Z",
"published": "2026-04-14T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32159"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32159"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-68X2-MX4Q-78M7
Vulnerability from github – Published: 2025-09-10 21:56 – Updated: 2025-09-10 21:56Impact
Angular uses a DI container (the "platform injector") to hold request-specific state during server-side rendering. For historical reasons, the container was stored as a JavaScript module-scoped global variable. When multiple requests are processed concurrently, they could inadvertently share or overwrite the global injector state.
In practical terms, this can lead to one request responding with data meant for a completely different request, leaking data or tokens included on the rendered page or in response headers. As long as an attacker had network access to send any traffic that received a rendered response, they may have been able to send a large number of requests and then inspect the responses for information leaks.
The following APIs were vulnerable and required SSR-only breaking changes:
bootstrapApplication: This function previously implicitly retrieved the last platform injector that was created. It now requires an explicitBootstrapContextin a server environment. This function is only used for standalone applications. NgModule-based applications are not affected.getPlatform: This function previously returned the last platform instance that was created. It now always returnsnullin a server environment.destroyPlatform: This function previously destroyed the last platform instance that was created. It's now a no-op when called in a server environment.
For bootstrapApplication, the framework now provides a new argument to the application's bootstrap function:
// Before:
const bootstrap = () => bootstrapApplication(AppComponent, config);
// After:
const bootstrap = (context: BootstrapContext) =>
bootstrapApplication(AppComponent, config, context);
As is usually the case for changes to Angular, an automatic schematic will take care of these code changes as part of ng update:
# For apps on Angular v20:
ng update @angular/cli @angular/core
# For apps on Angular v19:
ng update @angular/cli@19 @angular/core@19
# For apps on Angular v18:
ng update @angular/cli@18 @angular/core@18
The schematic can also be invoked explicitly if the version bump was pulled in independently:
# For apps on Angular v20:
ng update @angular/core --name add-bootstrap-context-to-server-main
# For apps on Angular v19:
ng update @angular/core@19 --name add-bootstrap-context-to-server-main
# For apps on Angular v18:
ng update @angular/core@18 --name add-bootstrap-context-to-server-main
For applications that still use CommonEngine, the bootstrap property in CommonEngineOptions also gains the same context argument in the patched versions of Angular.
In local development (ng serve), Angular CLI triggered a codepath for Angular's "JIT" feature on the server even in applications that weren't using it in the browser. The codepath introduced async behavior between platform creation and application bootstrap, triggering the race condition even if an application didn't explicitly use getPlatform or custom async logic in bootstrap. Angular applications should never run in this mode outside of local development.
Patches
The issue has been patched in all active release lines as well as in the v21 prerelease:
@angular/platform-server: 21.0.0-next.3@angular/platform-server: 20.3.0@angular/platform-server: 19.2.15-
@angular/platform-server:18.2.14 -
@angular/ssr: 21.0.0-next.3 @angular/ssr: 20.3.0@angular/ssr: 19.2.16@angular/ssr: 18.2.21
Workarounds
- Disable SSR via Server Routes (v19+) or builder options.
- Remove any asynchronous behavior from custom
bootstrapfunctions. - Remove uses of
getPlatform()in application code. - Ensure that the server build defines
ngJitModeas false.
References
- https://github.com/angular/angular/pull/63562
- https://github.com/angular/angular-cli/pull/31108
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@angular/platform-server"
},
"ranges": [
{
"events": [
{
"introduced": "16.0.0-next.0"
},
{
"fixed": "18.2.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/platform-server"
},
"ranges": [
{
"events": [
{
"introduced": "20.0.0-next.0"
},
{
"fixed": "20.3.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/platform-server"
},
"ranges": [
{
"events": [
{
"introduced": "19.0.0-next.0"
},
{
"fixed": "19.2.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/platform-server"
},
"ranges": [
{
"events": [
{
"introduced": "21.0.0-next.0"
},
{
"fixed": "21.0.0-next.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/ssr"
},
"ranges": [
{
"events": [
{
"introduced": "17.0.0-next.0"
},
{
"fixed": "18.2.21"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/ssr"
},
"ranges": [
{
"events": [
{
"introduced": "19.0.0-next.0"
},
{
"fixed": "19.2.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/ssr"
},
"ranges": [
{
"events": [
{
"introduced": "20.0.0-next.0"
},
{
"fixed": "20.3.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/ssr"
},
"ranges": [
{
"events": [
{
"introduced": "21.0.0-next.0"
},
{
"fixed": "21.0.0-next.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@nguniversal/common"
},
"ranges": [
{
"events": [
{
"introduced": "16.0.0-next.0"
},
{
"last_affected": "16.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-59052"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-10T21:56:01Z",
"nvd_published_at": "2025-09-10T21:15:37Z",
"severity": "HIGH"
},
"details": "### Impact\n\nAngular uses a DI container (the \"platform injector\") to hold request-specific state during server-side rendering. For historical reasons, the container was stored as a JavaScript module-scoped global variable. When multiple requests are processed concurrently, they could inadvertently share or overwrite the global injector state.\n\nIn practical terms, this can lead to one request responding with data meant for a completely different request, leaking data or tokens included on the rendered page or in response headers. As long as an attacker had network access to send any traffic that received a rendered response, they may have been able to send a large number of requests and then inspect the responses for information leaks.\n\nThe following APIs were vulnerable and required SSR-only breaking changes:\n\n* `bootstrapApplication`: This function previously implicitly retrieved the last platform injector that was created. It now requires an explicit `BootstrapContext` in a server environment. This function is only used for standalone applications. NgModule-based applications are not affected.\n* `getPlatform`: This function previously returned the last platform instance that was created. It now always returns `null` in a server environment.\n* `destroyPlatform`: This function previously destroyed the last platform instance that was created. It\u0027s now a no-op when called in a server environment.\n\nFor `bootstrapApplication`, the framework now provides a new argument to the application\u0027s bootstrap function:\n\n```ts\n// Before:\nconst bootstrap = () =\u003e bootstrapApplication(AppComponent, config);\n\n// After:\nconst bootstrap = (context: BootstrapContext) =\u003e\n bootstrapApplication(AppComponent, config, context);\n```\n\nAs is usually the case for changes to Angular, an automatic schematic will take care of these code changes as part of ng update:\n\n```sh\n# For apps on Angular v20:\nng update @angular/cli @angular/core\n\n# For apps on Angular v19:\nng update @angular/cli@19 @angular/core@19\n\n# For apps on Angular v18:\nng update @angular/cli@18 @angular/core@18\n```\n\nThe schematic can also be invoked explicitly if the version bump was pulled in independently:\n\n```sh\n# For apps on Angular v20:\nng update @angular/core --name add-bootstrap-context-to-server-main\n\n# For apps on Angular v19:\nng update @angular/core@19 --name add-bootstrap-context-to-server-main\n\n# For apps on Angular v18:\nng update @angular/core@18 --name add-bootstrap-context-to-server-main\n```\n\nFor applications that still use `CommonEngine`, the `bootstrap` property in `CommonEngineOptions` also gains the same `context` argument in the patched versions of Angular.\n\nIn local development (`ng serve`), Angular CLI triggered a codepath for Angular\u0027s \"JIT\" feature on the server even in applications that weren\u0027t using it in the browser. The codepath introduced async behavior between platform creation and application bootstrap, triggering the race condition even if an application didn\u0027t explicitly use `getPlatform` or custom async logic in `bootstrap`. Angular applications should never run in this mode outside of local development.\n\n### Patches\n\nThe issue has been patched in [all active release lines](https://angular.dev/reference/releases#actively-supported-versions) as well as in the v21 prerelease:\n\n* `@angular/platform-server`: 21.0.0-next.3\n* `@angular/platform-server`: 20.3.0\n* `@angular/platform-server`: 19.2.15\n* `@angular/platform-server:` 18.2.14\n\n* `@angular/ssr`: 21.0.0-next.3\n* `@angular/ssr`: 20.3.0\n* `@angular/ssr`: 19.2.16\n* `@angular/ssr`: 18.2.21\n\n### Workarounds\n\n* Disable SSR via [Server Routes](https://angular.dev/guide/ssr#server-routing) (v19+) or builder options.\n* Remove any asynchronous behavior from custom `bootstrap` functions.\n* Remove uses of `getPlatform()` in application code.\n* Ensure that the server build defines `ngJitMode` as false.\n\n### References\n\n* https://github.com/angular/angular/pull/63562\n* https://github.com/angular/angular-cli/pull/31108",
"id": "GHSA-68x2-mx4q-78m7",
"modified": "2025-09-10T21:56:01Z",
"published": "2025-09-10T21:56:01Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/angular/angular/security/advisories/GHSA-68x2-mx4q-78m7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59052"
},
{
"type": "WEB",
"url": "https://github.com/angular/angular-cli/pull/31108"
},
{
"type": "WEB",
"url": "https://github.com/angular/angular/pull/63562"
},
{
"type": "PACKAGE",
"url": "https://github.com/angular/angular"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage"
}
GHSA-6946-M5H6-646G
Vulnerability from github – Published: 2022-03-10 00:00 – Updated: 2022-03-17 00:02Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23287, CVE-2022-24505.
{
"affected": [],
"aliases": [
"CVE-2022-23283"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-09T17:15:00Z",
"severity": "HIGH"
},
"details": "Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23287, CVE-2022-24505.",
"id": "GHSA-6946-m5h6-646g",
"modified": "2022-03-17T00:02:32Z",
"published": "2022-03-10T00:00:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23283"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23283"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23283"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-696H-4CCP-C9W4
Vulnerability from github – Published: 2022-05-01 23:27 – Updated: 2022-05-01 23:27Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."
{
"affected": [],
"aliases": [
"CVE-2008-0059"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-03-18T23:44:00Z",
"severity": "MODERATE"
},
"details": "Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to \"error handling logic.\"",
"id": "GHSA-696h-4ccp-c9w4",
"modified": "2022-05-01T23:27:24Z",
"published": "2022-05-01T23:27:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0059"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41296"
},
{
"type": "WEB",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29420"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/28304"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/28367"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1019650"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-698J-XV88-2HJ7
Vulnerability from github – Published: 2025-08-22 18:31 – Updated: 2025-11-26 00:30In the Linux kernel, the following vulnerability has been resolved:
xfrm: state: initialize state_ptrs earlier in xfrm_state_find
In case of preemption, xfrm_state_look_at will find a different pcpu_id and look up states for that other CPU. If we matched a state for CPU2 in the state_cache while the lookup started on CPU1, we will jump to "found", but the "best" state that we got will be ignored and we will enter the "acquire" block. This block uses state_ptrs, which isn't initialized at this point.
Let's initialize state_ptrs just after taking rcu_read_lock. This will also prevent a possible misuse in the future, if someone adjusts this function.
{
"affected": [],
"aliases": [
"CVE-2025-38675"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-22T16:15:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: state: initialize state_ptrs earlier in xfrm_state_find\n\nIn case of preemption, xfrm_state_look_at will find a different\npcpu_id and look up states for that other CPU. If we matched a state\nfor CPU2 in the state_cache while the lookup started on CPU1, we will\njump to \"found\", but the \"best\" state that we got will be ignored and\nwe will enter the \"acquire\" block. This block uses state_ptrs, which\nisn\u0027t initialized at this point.\n\nLet\u0027s initialize state_ptrs just after taking rcu_read_lock. This will\nalso prevent a possible misuse in the future, if someone adjusts this\nfunction.",
"id": "GHSA-698j-xv88-2hj7",
"modified": "2025-11-26T00:30:15Z",
"published": "2025-08-22T18:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38675"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/463562f9591742be62ddde3b426a0533ed496955"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6bf2daafc51bcb9272c0fdff2afd38217337d0d3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/94d077c331730510d5611b438640a292097341f0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6999-6M26-M9XX
Vulnerability from github – Published: 2024-11-19 18:31 – Updated: 2025-06-05 15:31A remote code execution (RCE) vulnerability in the component /inventory/doCptimpoptInventory of Weaver Ecology v9.* allows attackers to execute arbitrary code via injecting a crafted payload into the name of an uploaded file.
{
"affected": [],
"aliases": [
"CVE-2024-48069"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-19T18:15:21Z",
"severity": "CRITICAL"
},
"details": "A remote code execution (RCE) vulnerability in the component /inventory/doCptimpoptInventory of Weaver Ecology v9.* allows attackers to execute arbitrary code via injecting a crafted payload into the name of an uploaded file.",
"id": "GHSA-6999-6m26-m9xx",
"modified": "2025-06-05T15:31:20Z",
"published": "2024-11-19T18:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48069"
},
{
"type": "WEB",
"url": "https://gist.github.com/CoinIsMoney/5dd555805e8f974630ced8a1df8182f1"
},
{
"type": "WEB",
"url": "https://github.com/stuven1989/TemporaryGuild/blob/main/guild2.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-699H-74GF-WCVM
Vulnerability from github – Published: 2023-04-04 15:30 – Updated: 2023-04-11 18:30An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This gives a standard user full SYSTEM code execution (elevation of privileges).
{
"affected": [],
"aliases": [
"CVE-2022-48221"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-04T15:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI\u0027s get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This gives a standard user full SYSTEM code execution (elevation of privileges).",
"id": "GHSA-699h-74gf-wcvm",
"modified": "2023-04-11T18:30:30Z",
"published": "2023-04-04T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48221"
},
{
"type": "WEB",
"url": "https://acuant.com"
},
{
"type": "WEB",
"url": "https://hackandpwn.com/disclosures/CVE-2022-48221.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.
Mitigation
Use thread-safe capabilities such as the data access abstraction in Spring.
Mitigation
- Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
- Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
When using multithreading and operating on shared variables, only use thread-safe functions.
Mitigation
Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.
Mitigation
Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.
Mitigation
Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.
Mitigation
Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.
Mitigation
Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
CAPEC-26: Leveraging Race Conditions
The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.