| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1000004 |
362 |
|
DoS |
2018-01-16 |
2018-05-03 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. |
|
2 |
CVE-2018-8885 |
362 |
|
Bypass |
2018-03-28 |
2018-04-27 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService._check_permission call. |
|
3 |
CVE-2018-7998 |
362 |
|
DoS |
2018-03-09 |
2018-03-27 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads. |
|
4 |
CVE-2018-7995 |
362 |
|
DoS |
2018-03-09 |
2018-05-23 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. NOTE: a third party has indicated that this report is not security relevant. |
|
5 |
CVE-2018-7441 |
362 |
|
|
2018-02-23 |
2018-03-19 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c. |
|
6 |
CVE-2018-4167 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
7 |
CVE-2018-4166 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
8 |
CVE-2018-4158 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
9 |
CVE-2018-4157 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
10 |
CVE-2018-4156 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
11 |
CVE-2018-4155 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
12 |
CVE-2018-4154 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
13 |
CVE-2018-4152 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Notes" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
14 |
CVE-2018-4151 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
15 |
CVE-2018-4092 |
362 |
|
Bypass |
2018-04-03 |
2018-05-04 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to bypass intended memory-read restrictions via a crafted app. |
|
16 |
CVE-2018-1049 |
362 |
|
DoS |
2018-02-16 |
2018-03-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. |
|
17 |
CVE-2018-0492 |
362 |
|
|
2018-04-03 |
2018-05-21 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation. |
|
18 |
CVE-2017-1000503 |
362 |
|
Exec Code |
2018-01-24 |
2018-02-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default. |
|
19 |
CVE-2017-1000405 |
362 |
|
|
2017-11-30 |
2018-02-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp. |
|
20 |
CVE-2017-1000112 |
362 |
|
Mem. Corr. |
2017-10-04 |
2017-12-22 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005. |
|
21 |
CVE-2017-18249 |
362 |
|
DoS |
2018-03-26 |
2018-04-18 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads. |
|
22 |
CVE-2017-18224 |
362 |
|
DoS |
2018-03-11 |
2018-05-02 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field. |
|
23 |
CVE-2017-18203 |
362 |
|
DoS |
2018-02-27 |
2018-05-23 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices. |
|
24 |
CVE-2017-18018 |
362 |
|
|
2018-01-03 |
2018-01-19 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. |
|
25 |
CVE-2017-17712 |
362 |
|
Exec Code +Priv |
2017-12-15 |
2018-04-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges. |
|
26 |
CVE-2017-15847 |
362 |
|
|
2018-01-10 |
2018-01-26 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the SPCom kernel driver, a race condition exists when creating a channel. |
|
27 |
CVE-2017-15829 |
362 |
|
|
2018-02-23 |
2018-03-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition. |
|
28 |
CVE-2017-15649 |
362 |
|
+Priv |
2017-10-19 |
2018-02-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. |
|
29 |
CVE-2017-15588 |
362 |
|
Exec Code |
2017-10-18 |
2018-02-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry. |
|
30 |
CVE-2017-15357 |
362 |
|
+Priv |
2017-12-01 |
2017-12-19 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself. |
|
31 |
CVE-2017-15038 |
362 |
|
+Info |
2017-10-09 |
2018-03-15 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. |
|
32 |
CVE-2017-14955 |
362 |
|
+Info |
2017-10-01 |
2017-10-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report. |
|
33 |
CVE-2017-14798 |
362 |
|
|
2018-03-01 |
2018-03-26 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. |
|
34 |
CVE-2017-14748 |
362 |
|
DoS |
2017-09-26 |
2017-10-06 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match. |
|
35 |
CVE-2017-14317 |
362 |
|
|
2017-09-12 |
2017-11-29 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.). |
|
36 |
CVE-2017-13183 |
362 |
|
Exec Code |
2018-01-12 |
2018-02-02 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.1. Android ID: A-38118127. |
|
37 |
CVE-2017-12410 |
362 |
|
|
2018-03-26 |
2018-04-27 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of arbitrary programs with "NT AUTHORITY\SYSTEM" privileges. |
|
38 |
CVE-2017-12146 |
362 |
|
+Priv |
2017-09-08 |
2017-11-05 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides. |
|
39 |
CVE-2017-12136 |
362 |
|
DoS +Priv |
2017-08-24 |
2018-01-15 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. |
|
40 |
CVE-2017-11353 |
362 |
|
|
2017-07-17 |
2017-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys. |
|
41 |
CVE-2017-11063 |
362 |
|
|
2017-10-10 |
2017-10-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, as a result of a race condition between two userspace processes that interact with the driver concurrently, a null pointer dereference can potentially occur. |
|
42 |
CVE-2017-11025 |
362 |
|
Mem. Corr. |
2017-11-16 |
2017-11-30 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the function audio_effects_shared_ioctl(), memory corruption can occur. |
|
43 |
CVE-2017-10915 |
362 |
|
|
2017-07-04 |
2017-11-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219. |
|
44 |
CVE-2017-9708 |
362 |
|
|
2017-12-05 |
2017-12-15 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the camera driver, the function "msm_ois_power_down" is called without a mutex and a race condition can occur in variable "*reg_ptr" of sub function "msm_camera_config_single_vreg". |
|
45 |
CVE-2017-9697 |
362 |
|
|
2017-10-10 |
2017-10-19 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diag_dbgfs_read_table. |
|
46 |
CVE-2017-9691 |
362 |
|
|
2018-03-30 |
2018-04-23 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver. |
|
47 |
CVE-2017-9682 |
362 |
|
|
2017-08-18 |
2017-08-21 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. |
|
48 |
CVE-2017-8342 |
362 |
|
|
2017-04-30 |
2017-05-11 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. |
|
49 |
CVE-2017-8281 |
362 |
|
|
2017-09-21 |
2017-12-05 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. |
|
50 |
CVE-2017-8242 |
362 |
|
|
2017-06-13 |
2017-07-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write. |
