CWE-667 · Improper Locking
697 CVEs classified under CWE-667 (Improper Locking). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-54906 | Critical | 9.8 | 2026-06-24 | concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calling thread ac… |
CVE-2020-12658 | Critical | 9.8 | 2020-12-31 | gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We… |
CVE-2019-5886 | Critical | 9.8 | 2019-01-10 | An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows… |
CVE-2026-43215 | High | 8.8 | 2026-05-06 | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix locking usage for tcon fields We used to use the cifs_tcp_ses_lock to protect a… |
CVE-2026-31629 | High | 8.8 | 2026-04-24 | In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return after LLCP_CLOSED checks In nfc_llcp_recv_hdlc() and nfc_ll… |
CVE-2020-15674 | High | 8.8 | 2020-10-01 | Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough e… |
CVE-2020-0303 | High | 8.8 | 2020-09-17 | In the Media extractor, there is a possible use after free due to improper locking. This could lead to remote code execution in the media extractor with no add… |
CVE-2021-1622 | High | 8.6 | 2021-09-23 | A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, r… |
CVE-2020-24606 | High | 8.6 | 2020-08-24 | Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Ca… |
CVE-2018-0228 | High | 8.6 | 2018-04-19 | A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause… |
CVE-2020-11284 | High | 8.4 | 2021-05-07 | Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region untrusted source of input f… |
CVE-2021-22530 | High | 8.2 | 2024-08-28 | A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This i… |
CVE-2024-58087 | High | 8.1 | 2025-03-12 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference coun… |
CVE-2023-32258 | High | 8.1 | 2023-07-24 | A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_C… |
CVE-2023-32257 | High | 8.1 | 2023-07-24 | A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and… |
CVE-2019-10494 | High | 8.1 | 2019-12-12 | Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdragon Cons… |
CVE-2026-46112 | High | 7.8 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hns_roce_qp_remove() Sashiko points out that hns_roce_qp_r… |
CVE-2026-43211 | High | 7.8 | 2026-05-06 | In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pci_slot_trylock() error handling Commit a4e772898f8b ("PCI: Add missing bridge… |
CVE-2026-31667 | High | 7.8 | 2026-04-24 | In the Linux kernel, the following vulnerability has been resolved: Input: uinput - fix circular locking dependency with ff-core A lockdep circular locking d… |
CVE-2026-23103 | High | 7.8 | 2026-02-04 | In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrs_lock be per port Make the addrs_lock be per port, not per ipvlan d… |