CWE-667 · Improper Locking

697 CVEs classified under CWE-667 (Improper Locking). Browse by severity and year.

Top CVEs for CWE-667
CVESeverityScorePublishedSummary
CVE-2026-54906Critical9.82026-06-24concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calling thread ac…
CVE-2020-12658Critical9.82020-12-31gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We…
CVE-2019-5886Critical9.82019-01-10An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows…
CVE-2026-43215High8.82026-05-06In the Linux kernel, the following vulnerability has been resolved: cifs: Fix locking usage for tcon fields We used to use the cifs_tcp_ses_lock to protect a…
CVE-2026-31629High8.82026-04-24In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return after LLCP_CLOSED checks In nfc_llcp_recv_hdlc() and nfc_ll…
CVE-2020-15674High8.82020-10-01Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough e…
CVE-2020-0303High8.82020-09-17In the Media extractor, there is a possible use after free due to improper locking. This could lead to remote code execution in the media extractor with no add…
CVE-2021-1622High8.62021-09-23A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, r…
CVE-2020-24606High8.62020-08-24Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Ca…
CVE-2018-0228High8.62018-04-19A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause…
CVE-2020-11284High8.42021-05-07Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region untrusted source of input f…
CVE-2021-22530High8.22024-08-28A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This i…
CVE-2024-58087High8.12025-03-12In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference coun…
CVE-2023-32258High8.12023-07-24A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_C…
CVE-2023-32257High8.12023-07-24A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and…
CVE-2019-10494High8.12019-12-12Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdragon Cons…
CVE-2026-46112High7.82026-05-28In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hns_roce_qp_remove() Sashiko points out that hns_roce_qp_r…
CVE-2026-43211High7.82026-05-06In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pci_slot_trylock() error handling Commit a4e772898f8b ("PCI: Add missing bridge…
CVE-2026-31667High7.82026-04-24In the Linux kernel, the following vulnerability has been resolved: Input: uinput - fix circular locking dependency with ff-core A lockdep circular locking d…
CVE-2026-23103High7.82026-02-04In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrs_lock be per port Make the addrs_lock be per port, not per ipvlan d…