CWE-366 18 個 CVE MITRE 定義 ↗

CWE-366:Race Condition within a Thread

概覽

CWE-366(Race Condition within a Thread)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.

適用平台

類型 名稱 普遍性 OS / CPE
language C Undetermined
language C++ Undetermined
language Java Undetermined
language C# Undetermined
technology Not Technology-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-46181 2026-05-28 In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() Sashiko points out the radix_tree itself is RCU safe, but nothing ever frees the…
CVE-2026-23666 2026-04-14 Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-3904 2026-03-11 Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on i…
CVE-2026-23684 2026-02-09 A race condition vulnerability exists in the SAP Commerce cloud. Because of this when an attacker adds products to a cart, it may result in a cart entry being created with erroneous product value whic…
CVE-2026-22819 2026-01-14 Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main…
CVE-2025-58143 2025-09-11 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of gue…
CVE-2025-31115 2025-04-03 XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at leas…
CVE-2024-10630 2025-01-14 A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality.
CVE-2024-6778 2024-07-16 Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrom…
CVE-2024-2032 2024-06-06 A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. …
CVE-2023-6546 2023-12-21 A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line di…
CVE-2023-4732 2023-10-03 A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG …
CVE-2023-4127 2023-08-03 Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1.
CVE-2023-3218 2023-06-13 Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5.
CVE-2015-10067 2023-01-17 A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has been classified as problematic. This affects an unknown part of the file SSharpSmartThreadPool/SmartThreadPool.cs. The manipulati…
CVE-2022-1729 2022-09-01 A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kern…
CVE-2021-26569 2021-03-12 Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web re…
CVE-2020-1629 2020-04-08 A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. This issue affe…

內容提交

名稱
CLASP
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Applicable_Platforms, Common_Consequences, Relationships, Taxonomy_Mappings
2008-11-24 CWE Content Team 1.1 updated Relationships, Taxonomy_Mappings
2010-09-27 CWE Content Team 1.10 updated Potential_Mitigations, Relationships
2011-06-01 CWE Content Team 1.13 updated Common_Consequences, Relationships, Taxonomy_Mappings
2011-06-27 CWE Content Team 2.0 updated Common_Consequences
2011-09-13 CWE Content Team 2.1 updated Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated References, Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Demonstrative_Examples, Relationships, Taxonomy_Mappings
2019-01-03 CWE Content Team 3.2 updated Relationships, Taxonomy_Mappings
2020-02-24 CWE Content Team 4.0 updated References, Relationships
2020-08-20 CWE Content Team 4.2 updated Relationships
2020-12-10 CWE Content Team 4.3 updated Relationships
2021-03-15 CWE Content Team 4.4 updated Potential_Mitigations
2022-04-28 CWE Content Team 4.7 updated Relationships
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Observed_Examples
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Weakness_Ordinalities
cvelogic Threat Intelligence