Skip to main content

Race Condition

1817 CVEs technique

Monthly

CVE-2019-11191 LOW POC Monitor

The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is. Rated low severity (CVSS 2.5). Public exploit code available and no vendor patch available.

Authentication Bypass Race Condition Linux Linux Kernel
NVD
CVSS 3.0
2.5
EPSS
0.5%
CVE-2019-11190 MEDIUM POC PATCH This Month

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus. Rated medium severity (CVSS 4.7). Public exploit code available.

Authentication Bypass Race Condition Linux Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.5%
CVE-2019-3837 MEDIUM PATCH This Month

It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Race Condition Buffer Overflow Linux Kernel Enterprise Linux
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2019-0217 HIGH PATCH This Week

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Authentication Bypass Race Condition Apache Http Server Debian Linux +11
NVD
CVSS 3.1
7.5
EPSS
17.7%
CVE-2019-9710 PyPI HIGH POC PATCH This Week

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Webargs
NVD GitHub
CVSS 3.0
8.1
EPSS
1.1%
CVE-2019-1992 HIGH This Week

In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Google Android
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-6974 HIGH POC PATCH THREAT This Week

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel Debian Linux +22
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
16.5%
CVE-2019-7718 HIGH POC This Week

An issue was discovered in Metinfo 6.x. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition RCE PHP Metinfo
NVD GitHub
CVSS 3.0
8.1
EPSS
1.0%
CVE-2019-3461 HIGH This Week

Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Debian Tmpreaper Debian Linux
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2019-6133 MEDIUM PATCH This Month

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. Rated medium severity (CVSS 6.7).

Authentication Bypass Race Condition Polkit Debian Linux Enterprise Linux Desktop +6
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-17244 Maven MEDIUM PATCH This Month

Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Elastic Elasticsearch
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-5198 HIGH This Week

In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Apple Veraport G3
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2018-19489 MEDIUM PATCH This Month

v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Qemu Debian Linux Fedora +2
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2018-16867 HIGH PATCH This Week

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. Rated high severity (CVSS 7.8).

Race Condition RCE Path Traversal Qemu Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-9519 MEDIUM This Month

In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Privilege Escalation Buffer Overflow Google Android
NVD
CVSS 3.0
6.4
EPSS
0.1%
CVE-2018-15332 HIGH This Week

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Apple Big Ip Access Policy Manager Big Ip Access Policy Manager Client
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-19370 MEDIUM POC This Month

A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition WordPress Information Disclosure PHP Yoast Seo
NVD GitHub
CVSS 3.0
6.6
EPSS
3.2%
CVE-2018-9539 HIGH PATCH This Week

In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0).

Race Condition Privilege Escalation Denial Of Service Google Android
NVD
CVSS 3.0
7.0
EPSS
0.4%
CVE-2018-6061 HIGH This Week

A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Google Chrome Enterprise Linux Desktop +3
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-15687 HIGH POC PATCH This Week

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Information Disclosure Ubuntu Linux Systemd
NVD GitHub Exploit-DB
CVSS 3.1
7.0
EPSS
1.1%
CVE-2018-18559 HIGH POC This Week

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Linux Linux Kernel Openshift Container Platform +7
NVD
CVSS 3.1
8.1
EPSS
2.6%
CVE-2018-7110 MEDIUM This Month

A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Authentication Bypass Service Governance Framework
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2018-0480 MEDIUM This Month

A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS). Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Race Condition Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2018-17972 MEDIUM PATCH This Month

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Race Condition Information Disclosure Linux Linux Kernel Ubuntu Linux +7
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-9069 MEDIUM This Month

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Lenovo 310S 14Isk Firmware 320 15Ikbra Firmware +66
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2018-11818 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Rated high severity (CVSS 7.0).

Google Information Disclosure Linux Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2018-16976 HIGH PATCH This Week

Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Race Condition Information Disclosure Gitolite
NVD GitHub
CVSS 3.0
8.1
EPSS
1.2%
CVE-2018-15499 MEDIUM POC This Month

GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow local users to cause a denial of service (Race Condition and BSoD on Windows) by not checking that user-mode memory is available. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Race Condition Microsoft Denial Of Service Gearaspiwdm
NVD GitHub
CVSS 3.0
4.7
EPSS
0.4%
CVE-2018-15473 MEDIUM POC PATCH THREAT This Month

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Race Condition Information Disclosure SSH Openssh Debian Linux +20
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
98.6%
CVE-2018-8037 Maven MEDIUM PATCH This Month

If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Apache Information Disclosure Tomcat Debian Linux
NVD
CVSS 3.0
5.9
EPSS
12.1%
CVE-2018-5873 HIGH PATCH This Week

An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Rated high severity (CVSS 7.0).

Google Denial Of Service Linux Race Condition Mozilla +2
NVD GitHub
CVSS 3.1
7.0
EPSS
0.5%
CVE-2018-5859 HIGH PATCH This Week

Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use. Rated high severity (CVSS 7.0).

Google Denial Of Service Linux Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2018-5853 HIGH This Week

A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially. Rated high severity (CVSS 7.0). No vendor patch available.

Google Information Disclosure Linux Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2018-5832 HIGH This Week

Due to a race condition in a camera driver ioctl handler in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05,. Rated high severity (CVSS 7.0). No vendor patch available.

Google Denial Of Service Linux Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2018-12691 MEDIUM PATCH This Month

Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Race Condition Authentication Bypass Onos
NVD
CVSS 3.0
6.8
EPSS
0.7%
CVE-2018-8025 Maven HIGH PATCH This Week

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Atlassian Apache Information Disclosure Hbase
NVD
CVSS 3.0
8.1
EPSS
1.8%
CVE-2018-12633 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 4.17.2. Rated medium severity (CVSS 6.3).

Race Condition Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
6.3
EPSS
0.3%
CVE-2018-5236 MEDIUM This Month

Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Endpoint Protection
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-12029 Ruby HIGH PATCH This Week

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Nginx Passenger Debian Linux
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-10850 MEDIUM PATCH This Month

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service 389 Directory Server Debian Linux Enterprise Linux +6
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2018-3759 Ruby LOW PATCH Monitor

private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Private Address Check
NVD GitHub
CVSS 3.0
3.7
EPSS
0.7%
CVE-2018-5849 HIGH PATCH This Week

Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same. Rated high severity (CVSS 7.0).

Google Denial Of Service Linux Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2018-5814 HIGH PATCH This Week

In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Linux Linux Kernel Debian Linux +1
NVD
CVSS 3.0
7.0
EPSS
0.4%
CVE-2018-12232 MEDIUM PATCH This Month

In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.9
EPSS
6.6%
CVE-2018-4230 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Race Condition Nvidia RCE Apple Mac Os X
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
4.2%
CVE-2018-4228 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple Mac Os X
NVD
CVSS 3.0
7.0
EPSS
0.9%
CVE-2018-4192 HIGH POC THREAT This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Microsoft RCE Apple Safari +5
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
12.5%
CVE-2018-5845 HIGH PATCH This Week

A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Google Denial Of Service Linux Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-6236 HIGH This Week

A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Trend Micro Privilege Escalation Antivirus Internet Security +2
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-11324 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Joomla
NVD
CVSS 3.0
5.9
EPSS
1.3%
CVE-2018-8897 HIGH POC PATCH THREAT Act Now

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Privilege Escalation Linux Race Condition Intel +12
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
18.7%
CVE-2018-5826 MEDIUM This Month

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Denial Of Service Linux Race Condition Mozilla +2
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2018-0492 HIGH POC This Week

Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Privilege Escalation Beep Debian Linux
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
1.7%
CVE-2018-4167 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple Iphone Os Mac Os X +2
NVD
CVSS 3.0
7.0
EPSS
1.2%
CVE-2018-4166 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple Iphone Os Mac Os X +2
NVD
CVSS 3.0
7.0
EPSS
1.2%
CVE-2018-4158 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple Iphone Os Mac Os X +1
NVD
CVSS 3.0
7.0
EPSS
1.1%
CVE-2018-4157 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple Iphone Os Mac Os X +2
NVD
CVSS 3.0
7.0
EPSS
1.2%
CVE-2018-4156 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple Iphone Os Mac Os X
NVD
CVSS 3.0
7.0
EPSS
1.2%
CVE-2018-4155 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple Iphone Os Mac Os X +2
NVD
CVSS 3.0
7.0
EPSS
1.2%
CVE-2018-4154 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple Iphone Os Mac Os X
NVD
CVSS 3.0
7.0
EPSS
1.2%
CVE-2018-4152 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple Mac Os X
NVD
CVSS 3.0
7.0
EPSS
1.1%
CVE-2018-4151 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple Iphone Os Mac Os X
NVD
CVSS 3.0
7.0
EPSS
1.1%
CVE-2018-4092 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Race Condition Authentication Bypass Apple Apple Tv Iphone Os +2
NVD
CVSS 3.0
4.7
EPSS
0.7%
CVE-2018-8885 HIGH This Week

screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Authentication Bypass Screen Resolution Extra Ubuntu Linux
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2018-3561 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in diag_ioctl_lsm_deinit() leads to a Use After Free condition. Rated high severity (CVSS 7.0). No vendor patch available.

Google Denial Of Service Linux Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2018-7562 HIGH This Week

A remote code execution issue was discovered in GLPI through 9.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE PHP Glpi
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-7998 HIGH POC PATCH This Week

In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Denial Of Service Libvips Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-7995 MEDIUM PATCH This Month

Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Linux Linux Kernel Ubuntu Linux +1
NVD
CVSS 3.0
4.7
EPSS
0.3%
CVE-2018-7249 HIGH POC This Week

An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Microsoft RCE Windows 7 Windows 8 +3
NVD GitHub
CVSS 3.0
7.0
EPSS
1.5%
CVE-2018-7441 HIGH This Week

Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition RCE Leptonica
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-1049 MEDIUM PATCH This Month

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Systemd Enterprise Linux Enterprise Linux Aus +8
NVD
CVSS 3.1
5.9
EPSS
7.3%
CVE-2018-1000004 MEDIUM POC This Month

In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
5.9
EPSS
3.5%
CVE-2018-5344 HIGH PATCH This Week

In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Race Condition Denial Of Service Linux Linux Kernel Ubuntu Linux +4
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-6167 HIGH This Week

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager +7
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-17712 HIGH PATCH This Week

The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to. Rated high severity (CVSS 7.0).

Race Condition Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2017-14902 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can. Rated high severity (CVSS 7.0).

Denial Of Service Linux Google Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-9708 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the camera driver, the function "msm_ois_power_down" is called without a mutex and a. Rated high severity (CVSS 7.0).

Linux Google Race Condition Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-9703 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a Camera driver can lead to a Use After Free condition. Rated high severity (CVSS 7.0).

Denial Of Service Linux Google Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-11045 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a camera driver function, a race condition exists which can lead to a Use After Free. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service Linux Google Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-11044 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a KGSL driver function, a race condition exists which can lead to a Use After Free. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service Linux Google Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-16857 HIGH This Week

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Authentication Bypass Bitbucket Auto Unapprove Plugin
NVD
CVSS 3.0
8.5
EPSS
0.3%
CVE-2017-1000405 HIGH POC This Week

The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Linux Information Disclosure Linux Kernel
NVD Exploit-DB
CVSS 3.1
7.0
EPSS
7.6%
CVE-2017-8148 MEDIUM This Month

Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Race Condition P9 Firmware
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2017-8279 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Google Race Condition Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-11025 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the function audio_effects_shared_ioctl(), memory corruption. Rated high severity (CVSS 7.0).

Linux Buffer Overflow Google Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-2898 HIGH POC This Week

An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Race Condition Circle With Disney Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-16001 HIGH POC This Week

In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Race Condition Hashicorp VMware Privilege Escalation Vagrant
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-15884 HIGH POC This Week

In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Hashicorp VMware Privilege Escalation Vagrant Vmware Fusion
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-5068 HIGH This Week

Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Microsoft Information Disclosure Chrome +3
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-5061 MEDIUM This Month

A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Microsoft Information Disclosure Chrome +3
NVD
CVSS 3.1
5.3
EPSS
0.4%
EPSS 0% CVSS 2.5
LOW POC Monitor

The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is. Rated low severity (CVSS 2.5). Public exploit code available and no vendor patch available.

Authentication Bypass Race Condition Linux +1
NVD
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus. Rated medium severity (CVSS 4.7). Public exploit code available.

Authentication Bypass Race Condition Linux +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Race Condition Buffer Overflow Linux Kernel +1
NVD
EPSS 18% CVSS 7.5
HIGH PATCH This Week

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Authentication Bypass Race Condition Apache +13
NVD
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Webargs
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Google +1
NVD
EPSS 17% CVSS 8.1
HIGH POC PATCH THREAT This Week

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Linux Information Disclosure +24
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.1
HIGH POC This Week

An issue was discovered in Metinfo 6.x. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition RCE PHP +1
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Debian +2
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. Rated medium severity (CVSS 6.7).

Authentication Bypass Race Condition Polkit +8
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Elastic +1
NVD
EPSS 1% CVSS 8.1
HIGH This Week

In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Apple +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Qemu +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. Rated high severity (CVSS 7.8).

Race Condition RCE Path Traversal +3
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Privilege Escalation Buffer Overflow +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Apple +2
NVD
EPSS 3% CVSS 6.6
MEDIUM POC This Month

A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition WordPress Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0).

Race Condition Privilege Escalation Denial Of Service +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Google +5
NVD
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Information Disclosure Ubuntu Linux +1
NVD GitHub Exploit-DB
EPSS 3% CVSS 8.1
HIGH POC This Week

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Linux +9
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Authentication Bypass Service Governance Framework
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS). Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Race Condition Cisco Denial Of Service +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Race Condition Information Disclosure Linux +9
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Lenovo +68
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Rated high severity (CVSS 7.0).

Google Information Disclosure Linux +3
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Race Condition Information Disclosure Gitolite
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM POC This Month

GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow local users to cause a denial of service (Race Condition and BSoD on Windows) by not checking that user-mode memory is available. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Race Condition Microsoft Denial Of Service +1
NVD GitHub
EPSS 99% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Race Condition Information Disclosure SSH +22
NVD GitHub Exploit-DB
EPSS 12% CVSS 5.9
MEDIUM PATCH This Month

If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Apache Information Disclosure +2
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Rated high severity (CVSS 7.0).

Google Denial Of Service Linux +4
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use. Rated high severity (CVSS 7.0).

Google Denial Of Service Linux +3
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially. Rated high severity (CVSS 7.0). No vendor patch available.

Google Information Disclosure Linux +3
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Due to a race condition in a camera driver ioctl handler in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05,. Rated high severity (CVSS 7.0). No vendor patch available.

Google Denial Of Service Linux +3
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Race Condition Authentication Bypass Onos
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Atlassian Apache +2
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 4.17.2. Rated medium severity (CVSS 6.3).

Race Condition Denial Of Service Linux +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Endpoint Protection
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Nginx +2
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service 389 Directory Server +8
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Private Address Check
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same. Rated high severity (CVSS 7.0).

Google Denial Of Service Linux +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Linux +3
NVD
EPSS 7% CVSS 5.9
MEDIUM PATCH This Month

In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Linux +1
NVD GitHub
EPSS 4% CVSS 7.0
HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Race Condition Nvidia RCE +2
NVD Exploit-DB
EPSS 1% CVSS 7.0
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple +1
NVD
EPSS 12% CVSS 7.5
HIGH POC THREAT This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Microsoft RCE +7
NVD Exploit-DB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Google Denial Of Service Linux +3
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Trend Micro Privilege Escalation +4
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Joomla
NVD
EPSS 19% CVSS 7.8
HIGH POC PATCH THREAT Act Now

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Privilege Escalation Linux +14
NVD GitHub Exploit-DB
EPSS 0% CVSS 5.9
MEDIUM This Month

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Denial Of Service Linux +4
NVD
EPSS 2% CVSS 7.0
HIGH POC This Week

Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Privilege Escalation Beep +1
NVD Exploit-DB
EPSS 1% CVSS 7.0
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple +4
NVD
EPSS 1% CVSS 7.0
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple +4
NVD
EPSS 1% CVSS 7.0
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple +3
NVD
EPSS 1% CVSS 7.0
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple +4
NVD
EPSS 1% CVSS 7.0
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple +2
NVD
EPSS 1% CVSS 7.0
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple +4
NVD
EPSS 1% CVSS 7.0
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple +2
NVD
EPSS 1% CVSS 7.0
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple +1
NVD
EPSS 1% CVSS 7.0
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple +2
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Race Condition Authentication Bypass Apple +4
NVD
EPSS 0% CVSS 7.0
HIGH This Week

screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Authentication Bypass Screen Resolution Extra +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in diag_ioctl_lsm_deinit() leads to a Use After Free condition. Rated high severity (CVSS 7.0). No vendor patch available.

Google Denial Of Service Linux +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A remote code execution issue was discovered in GLPI through 9.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE PHP +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Denial Of Service Libvips +1
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Linux +3
NVD
EPSS 1% CVSS 7.0
HIGH POC This Week

An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Microsoft RCE +5
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition RCE Leptonica
NVD
EPSS 7% CVSS 5.9
MEDIUM PATCH This Month

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Systemd +10
NVD
EPSS 4% CVSS 5.9
MEDIUM POC This Month

In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Denial Of Service Linux +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Race Condition Denial Of Service Linux +6
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Big Ip Local Traffic Manager +9
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to. Rated high severity (CVSS 7.0).

Race Condition Linux Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can. Rated high severity (CVSS 7.0).

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the camera driver, the function "msm_ois_power_down" is called without a mutex and a. Rated high severity (CVSS 7.0).

Linux Google Race Condition +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a Camera driver can lead to a Use After Free condition. Rated high severity (CVSS 7.0).

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a camera driver function, a race condition exists which can lead to a Use After Free. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a KGSL driver function, a race condition exists which can lead to a Use After Free. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 8.5
HIGH This Week

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Authentication Bypass Bitbucket Auto Unapprove Plugin
NVD
EPSS 8% CVSS 7.0
HIGH POC This Week

The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Linux Information Disclosure +1
NVD Exploit-DB
EPSS 0% CVSS 4.7
MEDIUM This Month

Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Race Condition P9 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Google Race Condition +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the function audio_effects_shared_ioctl(), memory corruption. Rated high severity (CVSS 7.0).

Linux Buffer Overflow Google +3
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Race Condition Circle With Disney Firmware
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Race Condition Hashicorp VMware +2
NVD Exploit-DB
EPSS 0% CVSS 7.0
HIGH POC This Week

In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Hashicorp VMware +2
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH This Week

Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Microsoft +5
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Microsoft +5
NVD
Prev Page 17 of 21 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy