| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1000004 |
362 |
|
DoS |
2018-01-16 |
2019-01-19 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. |
|
2 |
CVE-2018-19489 |
362 |
|
DoS |
2018-12-13 |
2019-01-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. |
|
3 |
CVE-2018-18559 |
362 |
|
|
2018-10-22 |
2018-12-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control. |
|
4 |
CVE-2018-16079 |
362 |
|
|
2019-01-09 |
2019-01-15 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
|
5 |
CVE-2018-15687 |
362 |
|
|
2018-10-26 |
2018-12-10 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239. |
|
6 |
CVE-2018-15499 |
362 |
|
DoS |
2018-08-24 |
2018-11-06 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow local users to cause a denial of service (Race Condition and BSoD on Windows) by not checking that user-mode memory is available right before writing to it. A check is only performed at the beginning of a long subroutine. |
|
7 |
CVE-2018-15332 |
362 |
|
|
2018-12-06 |
2019-01-09 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition. |
|
8 |
CVE-2018-14625 |
362 |
|
+Info |
2018-09-10 |
2018-11-16 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients. |
|
9 |
CVE-2018-14329 |
362 |
|
|
2018-07-16 |
2018-09-13 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack. |
|
10 |
CVE-2018-12691 |
362 |
|
Bypass |
2018-07-05 |
2018-09-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection. |
|
11 |
CVE-2018-12633 |
362 |
|
DoS +Info |
2018-06-21 |
2018-08-21 |
6.3 |
None |
Local |
Medium |
Not required |
Complete |
None |
Complete |
|
An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage. |
|
12 |
CVE-2018-12232 |
362 |
|
|
2018-06-12 |
2018-10-31 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash. |
|
13 |
CVE-2018-12029 |
362 |
|
|
2018-06-17 |
2018-10-21 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation. |
|
14 |
CVE-2018-11998 |
362 |
|
|
2019-01-18 |
2019-01-24 |
7.9 |
None |
Local Network |
Medium |
Not required |
Complete |
Complete |
Complete |
|
While processing a packet decode request in MQTT, Race condition can occur leading to an out-of-bounds access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 427, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016 |
|
15 |
CVE-2018-11324 |
362 |
|
|
2018-05-22 |
2018-06-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated. |
|
16 |
CVE-2018-10850 |
362 |
|
DoS |
2018-06-13 |
2018-09-26 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. |
|
17 |
CVE-2018-9539 |
362 |
|
|
2018-11-14 |
2018-12-17 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-113027383 |
|
18 |
CVE-2018-9519 |
362 |
|
|
2018-12-07 |
2019-01-08 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-69808833. |
|
19 |
CVE-2018-9069 |
362 |
|
|
2018-10-02 |
2019-01-02 |
7.0 |
None |
Remote |
Medium |
Single system |
None |
Partial |
Complete |
|
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS. |
|
20 |
CVE-2018-8885 |
362 |
|
Bypass |
2018-03-28 |
2018-04-27 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService._check_permission call. |
|
21 |
CVE-2018-8037 |
362 |
|
|
2018-08-02 |
2018-10-16 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31. |
|
22 |
CVE-2018-8025 |
362 |
|
|
2018-06-27 |
2018-09-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1. |
|
23 |
CVE-2018-7998 |
362 |
|
DoS |
2018-03-09 |
2018-03-27 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads. |
|
24 |
CVE-2018-7995 |
362 |
|
DoS |
2018-03-09 |
2018-05-23 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. NOTE: a third party has indicated that this report is not security relevant. |
|
25 |
CVE-2018-7441 |
362 |
|
|
2018-02-23 |
2018-03-19 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c. |
|
26 |
CVE-2018-7110 |
362 |
|
|
2018-10-17 |
2018-12-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. A race condition under high load in SGF exists where SGF transferred different parameter to the enabler. |
|
27 |
CVE-2018-6693 |
362 |
|
|
2018-09-18 |
2019-01-24 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files. |
|
28 |
CVE-2018-6258 |
362 |
|
+Info |
2018-08-31 |
2018-11-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information. |
|
29 |
CVE-2018-6236 |
362 |
|
Exec Code |
2018-05-25 |
2018-06-28 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
30 |
CVE-2018-6158 |
362 |
|
|
2019-01-09 |
2019-01-14 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
31 |
CVE-2018-6061 |
362 |
|
|
2018-11-14 |
2018-12-19 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
32 |
CVE-2018-5814 |
362 |
|
|
2018-06-12 |
2018-08-29 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets. |
|
33 |
CVE-2018-5236 |
362 |
|
|
2018-06-20 |
2018-08-11 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events. |
|
34 |
CVE-2018-5198 |
362 |
|
Exec Code |
2018-12-20 |
2019-01-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution. |
|
35 |
CVE-2018-4230 |
362 |
|
Exec Code |
2018-06-08 |
2018-07-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition. |
|
36 |
CVE-2018-4228 |
362 |
|
Exec Code |
2018-06-08 |
2018-07-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages a race condition. |
|
37 |
CVE-2018-4192 |
362 |
|
Exec Code |
2018-06-08 |
2018-10-21 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition. |
|
38 |
CVE-2018-4167 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
39 |
CVE-2018-4166 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
40 |
CVE-2018-4158 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
41 |
CVE-2018-4157 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
42 |
CVE-2018-4156 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
43 |
CVE-2018-4155 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
44 |
CVE-2018-4154 |
362 |
|
Exec Code |
2018-04-03 |
2018-09-06 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
45 |
CVE-2018-4152 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Notes" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
46 |
CVE-2018-4151 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
47 |
CVE-2018-4092 |
362 |
|
Bypass |
2018-04-03 |
2018-05-04 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to bypass intended memory-read restrictions via a crafted app. |
|
48 |
CVE-2018-3759 |
362 |
|
|
2018-06-13 |
2018-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address. |
|
49 |
CVE-2018-1121 |
362 |
|
|
2018-06-13 |
2018-10-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also. |
|
50 |
CVE-2018-1049 |
362 |
|
DoS |
2018-02-16 |
2018-11-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. |
