CVEbaza.plSłownik CWECWE-412
Common Weakness Enumeration

CWE-412

Unrestricted Externally Accessible Lock

Kategoria: BaseCVE: 5
Opis

Produkt prawidłowo sprawdza istnienie blokady, ale blokada może być kontrolowana lub wpływana przez podmioty spoza zamierzonej sfery kontroli. Stanowi to zagrożenie bezpieczeństwa, ponieważ nieautoryzowani użytkownicy mogą manipulować mechanizmem blokady.

Description (EN)

The product properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control.

Podatności CVE z CWE-412 (5)
9.8
CVSS
CRITICAL
CVE-2019-18269

Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.

pub. 2019-12-16
7.5
CVSS
HIGH
CVE-2023-38505

DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won't provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections.

pub. 2023-07-27
7.5
CVSS
HIGH
CVE-2023-22318

Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5.

pub. 2023-05-15
7.1
CVSS
HIGH
CVE-2026-25612

The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks.

pub. 2026-02-10
3.3
CVSS
LOW
CVE-2019-11485

Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.

pub. 2020-02-08
Informacje
ID: CWE-412
Typ: Base
Podatności: 5
MITRE CWE ↗
← Słownik CWE