| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1000004 |
362 |
|
DoS |
2018-01-16 |
2018-08-15 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. |
|
2 |
CVE-2018-14329 |
362 |
|
|
2018-07-16 |
2018-09-13 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack. |
|
3 |
CVE-2018-12691 |
362 |
|
Bypass |
2018-07-05 |
2018-09-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection. |
|
4 |
CVE-2018-12633 |
362 |
|
DoS +Info |
2018-06-21 |
2018-08-21 |
6.3 |
None |
Local |
Medium |
Not required |
Complete |
None |
Complete |
|
An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage. |
|
5 |
CVE-2018-12232 |
362 |
|
|
2018-06-12 |
2018-08-29 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash. |
|
6 |
CVE-2018-12029 |
362 |
|
|
2018-06-17 |
2018-08-23 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation. |
|
7 |
CVE-2018-11324 |
362 |
|
|
2018-05-22 |
2018-06-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated. |
|
8 |
CVE-2018-10850 |
362 |
|
DoS |
2018-06-13 |
2018-08-06 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. |
|
9 |
CVE-2018-8885 |
362 |
|
Bypass |
2018-03-28 |
2018-04-27 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService._check_permission call. |
|
10 |
CVE-2018-8025 |
362 |
|
|
2018-06-27 |
2018-09-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1. |
|
11 |
CVE-2018-7998 |
362 |
|
DoS |
2018-03-09 |
2018-03-27 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads. |
|
12 |
CVE-2018-7995 |
362 |
|
DoS |
2018-03-09 |
2018-05-23 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. NOTE: a third party has indicated that this report is not security relevant. |
|
13 |
CVE-2018-7441 |
362 |
|
|
2018-02-23 |
2018-03-19 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c. |
|
14 |
CVE-2018-6236 |
362 |
|
Exec Code |
2018-05-25 |
2018-06-28 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
15 |
CVE-2018-5814 |
362 |
|
|
2018-06-12 |
2018-08-29 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets. |
|
16 |
CVE-2018-5236 |
362 |
|
|
2018-06-20 |
2018-08-11 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events. |
|
17 |
CVE-2018-4230 |
362 |
|
Exec Code |
2018-06-08 |
2018-07-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition. |
|
18 |
CVE-2018-4228 |
362 |
|
Exec Code |
2018-06-08 |
2018-07-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages a race condition. |
|
19 |
CVE-2018-4192 |
362 |
|
Exec Code |
2018-06-08 |
2018-07-27 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition. |
|
20 |
CVE-2018-4167 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
21 |
CVE-2018-4166 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
22 |
CVE-2018-4158 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
23 |
CVE-2018-4157 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
24 |
CVE-2018-4156 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
25 |
CVE-2018-4155 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
26 |
CVE-2018-4154 |
362 |
|
Exec Code |
2018-04-03 |
2018-09-06 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
27 |
CVE-2018-4152 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Notes" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
28 |
CVE-2018-4151 |
362 |
|
Exec Code |
2018-04-03 |
2018-04-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
29 |
CVE-2018-4092 |
362 |
|
Bypass |
2018-04-03 |
2018-05-04 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to bypass intended memory-read restrictions via a crafted app. |
|
30 |
CVE-2018-3759 |
362 |
|
|
2018-06-13 |
2018-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address. |
|
31 |
CVE-2018-1121 |
362 |
|
|
2018-06-13 |
2018-08-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also. |
|
32 |
CVE-2018-1049 |
362 |
|
DoS |
2018-02-16 |
2018-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. |
|
33 |
CVE-2018-0492 |
362 |
|
|
2018-04-03 |
2018-05-21 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation. |
|
34 |
CVE-2017-1000503 |
362 |
|
Exec Code |
2018-01-24 |
2018-02-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default. |
|
35 |
CVE-2017-1000405 |
362 |
|
|
2017-11-30 |
2018-02-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp. |
|
36 |
CVE-2017-1000112 |
362 |
|
Mem. Corr. |
2017-10-04 |
2018-08-05 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005. |
|
37 |
CVE-2017-18249 |
362 |
|
DoS |
2018-03-26 |
2018-08-08 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads. |
|
38 |
CVE-2017-18224 |
362 |
|
DoS |
2018-03-11 |
2018-05-02 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field. |
|
39 |
CVE-2017-18203 |
362 |
|
DoS |
2018-02-27 |
2018-06-19 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices. |
|
40 |
CVE-2017-18018 |
362 |
|
|
2018-01-03 |
2018-01-19 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. |
|
41 |
CVE-2017-17712 |
362 |
|
Exec Code +Priv |
2017-12-15 |
2018-04-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges. |
|
42 |
CVE-2017-15847 |
362 |
|
|
2018-01-10 |
2018-01-26 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the SPCom kernel driver, a race condition exists when creating a channel. |
|
43 |
CVE-2017-15829 |
362 |
|
|
2018-02-23 |
2018-03-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition. |
|
44 |
CVE-2017-15649 |
362 |
|
+Priv |
2017-10-19 |
2018-08-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. |
|
45 |
CVE-2017-15588 |
362 |
|
Exec Code |
2017-10-18 |
2018-02-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry. |
|
46 |
CVE-2017-15357 |
362 |
|
+Priv |
2017-12-01 |
2017-12-19 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself. |
|
47 |
CVE-2017-15038 |
362 |
|
+Info |
2017-10-09 |
2018-09-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. |
|
48 |
CVE-2017-14955 |
362 |
|
+Info |
2017-10-01 |
2017-10-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report. |
|
49 |
CVE-2017-14798 |
362 |
|
|
2018-03-01 |
2018-08-15 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. |
|
50 |
CVE-2017-14748 |
362 |
|
DoS |
2017-09-26 |
2017-10-06 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match. |
