CVEs from 2018
Total
3,844
critical
critical 225
high
high 266
medium
medium 224
low
low 32
% Critical
5.9%
% with KEV
2.3%
% with exploit
2.4%
Top vendors
- frappe 4
- redhat 2
- magix 1
- mybb 1
- gitbucket 1
- qemu 1
- dragonexpert 1
- kingsoftstore 1
Top products
- erpnext 4
- terminal_services_manager 1
- ultraiso 1
- dolibarr_erp\/crm 1
- gitbucket 1
- pdfunite 1
- qemu 1
- virtualization_manager 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2018-6789 | high | — | 9.5 | 5y ago | Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution. | |
| CVE-2018-25353 | high | 8.8 | 8.8 | 4d ago | Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accou… | |
| CVE-2018-25308 | high | 8.8 | 8.8 | 28d ago | BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attack… | |
| CVE-2018-3885 | high | 8.8 | 8.8 | 8y ago | An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The order_by para… | |
| CVE-2018-3884 | high | 8.8 | 8.8 | 8y ago | An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sort_by and s… | |
| CVE-2018-3883 | high | 8.8 | 8.8 | 8y ago | An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The employee and … | |
| CVE-2018-3882 | high | 8.8 | 8.8 | 8y ago | An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The searchfield p… | |
| CVE-2018-25377 | high | 8.4 | 8.4 | 3d ago | Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception ha… | |
| CVE-2018-25376 | high | 8.4 | 8.4 | 3d ago | Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling… | |
| CVE-2018-25375 | high | 8.4 | 8.4 | 3d ago | SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception ha… | |
| CVE-2018-25366 | high | 8.4 | 8.4 | 3d ago | CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a p… | |
| CVE-2018-25360 | high | 8.4 | 8.4 | 3d ago | AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured ex… | |
| CVE-2018-25359 | high | 8.4 | 8.4 | 3d ago | Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can … | |
| CVE-2018-25373 | high | 8.4 | 8.4 | 3d ago | SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting … | |
| CVE-2018-25356 | high | 8.4 | 8.4 | 4d ago | SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can tri… | |
| CVE-2018-25345 | high | 8.4 | 8.4 | 4d ago | 10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft… | |
| CVE-2018-25344 | high | 8.4 | 8.4 | 4d ago | 10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering … | |
| CVE-2018-25355 | high | 8.4 | 8.4 | 5d ago | Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious … | |
| CVE-2018-25328 | high | 8.4 | 8.4 | 11d ago | VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craf… | |
| CVE-2018-25323 | high | 8.4 | 8.4 | 11d ago | Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payl… | |
| CVE-2018-25322 | high | 8.4 | 8.4 | 11d ago | Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can… | |
| CVE-2018-25315 | high | 8.4 | 8.4 | 28d ago | Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can… | |
| CVE-2018-25314 | high | 8.4 | 8.4 | 28d ago | Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Na… | |
| CVE-2018-25307 | high | 8.4 | 8.4 | 28d ago | SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying a crafted unlock key… | |
| CVE-2018-25304 | high | 8.4 | 8.4 | 28d ago | Free Download Manager 2.0 Build 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploita… | |
| CVE-2018-25303 | high | 8.4 | 8.4 | 28d ago | Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured exce… | |
| CVE-2018-25301 | high | 8.4 | 8.4 | 28d ago | Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious userna… | |
| CVE-2018-25299 | high | 8.4 | 8.4 | 28d ago | Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malici… | |
| CVE-2018-25222 | high | 8.4 | 8.4 | 2mo ago | SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft ma… | |
| CVE-2018-25372 | high | 8.2 | 8.2 | 3d ago | MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email param… | |
| CVE-2018-25371 | high | 8.2 | 8.2 | 3d ago | mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality… | |
| CVE-2018-25364 | high | 8.2 | 8.2 | 3d ago | Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can sub… | |
| CVE-2018-25362 | high | 8.2 | 8.2 | 3d ago | Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit unio… | |
| CVE-2018-25379 | high | 8.2 | 8.2 | 3d ago | Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attacke… | |
| CVE-2018-25351 | high | 8.2 | 8.2 | 4d ago | Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the usernam… | |
| CVE-2018-25348 | high | 8.2 | 8.2 | 4d ago | Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attacker… | |
| CVE-2018-25342 | high | 8.2 | 8.2 | 4d ago | Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in sear… | |
| CVE-2018-25341 | high | 8.2 | 8.2 | 4d ago | Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET … | |
| CVE-2018-25340 | high | 8.2 | 8.2 | 4d ago | Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET … | |
| CVE-2018-25339 | high | 8.2 | 8.2 | 11d ago | Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the… | |
| CVE-2018-25338 | high | 8.2 | 8.2 | 11d ago | Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit th… | |
| CVE-2018-25333 | high | 8.2 | 8.2 | 11d ago | Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the … | |
| CVE-2018-25330 | high | 8.2 | 8.2 | 11d ago | Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. At… | |
| CVE-2018-25300 | high | 8.2 | 8.2 | 28d ago | XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers c… | |
| CVE-2018-25206 | high | 8.2 | 8.2 | 2mo ago | KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'my_item_search' parameter in edit.php. Attackers can submit POST requests with malici… | |
| CVE-2018-25203 | high | 8.2 | 8.2 | 2mo ago | Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers c… | |
| CVE-2018-16841 | high | — | 8.0 | — | Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() tw… | |
| CVE-2018-18226 | high | — | 8.0 | — | In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approa… | |
| CVE-2018-25011 | high | — | 8.0 | — | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). | |
| CVE-2018-10900 | high | — | 8.0 | — | Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into … | |
| CVE-2018-1120 | high | — | 8.0 | — | A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can ca… | |
| CVE-2018-3646 | high | — | 8.0 | — | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user acc… | |
| CVE-2018-20685 | high | — | 8.0 | — | In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the tar… | |
| CVE-2018-5784 | high | — | 8.0 | — | In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a cr… | |
| CVE-2018-8905 | high | — | 8.0 | — | In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. | |
| CVE-2018-7253 | high | — | 8.0 | — | The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a… | |
| CVE-2018-20593 | high | — | 8.0 | — | In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c. | |
| CVE-2018-15587 | high | — | 8.0 | — | GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated a… | |
| CVE-2018-5733 | high | — | 8.0 | — | A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash… | |
| CVE-2018-18065 | high | — | 8.0 | — | _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted… | |
| CVE-2018-17182 | high | — | 8.0 | — | An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possib… | |
| CVE-2018-5390 | high | — | 8.0 | — | Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. | |
| CVE-2018-5391 | high | — | 8.0 | — | The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service … | |
| CVE-2018-8897 | high | — | 8.0 | — | A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, result… | |
| CVE-2018-16857 | high | — | 8.0 | — | Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch f… | |
| CVE-2018-7184 | high | — | 8.0 | — | ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero… | |
| CVE-2018-12356 | high | — | 8.0 | — | An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, … | |
| CVE-2018-5702 | high | — | 8.0 | — | Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and cons… | |
| CVE-2018-9846 | high | — | 8.0 | — | In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mb… | |
| CVE-2018-10859 | high | — | 8.0 | — | git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key… | |
| CVE-2018-0488 | high | — | 8.0 | — | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap c… | |
| CVE-2018-0487 | high | — | 8.0 | — | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mi… | |
| CVE-2018-0497 | high | — | 8.0 | — | ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vu… | |
| CVE-2018-14360 | high | — | 8.0 | — | An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage. | |
| CVE-2018-20592 | high | — | 8.0 | — | In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted … | |
| CVE-2018-7050 | high | — | 8.0 | — | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick. | |
| CVE-2018-1000877 | high | — | 8.0 | — | libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_form… | |
| CVE-2018-11383 | high | — | 8.0 | — | The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in … | |
| CVE-2018-11382 | high | — | 8.0 | — | The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | |
| CVE-2018-11381 | high | — | 8.0 | — | The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | |
| CVE-2018-11375 | high | — | 8.0 | — | The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | |
| CVE-2018-11380 | high | — | 8.0 | — | The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file. | |
| CVE-2018-11384 | high | — | 8.0 | — | The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file. | |
| CVE-2018-16853 | high | — | 8.0 | — | Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba T… | |
| CVE-2018-14056 | high | — | 8.0 | — | ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. | |
| CVE-2018-10963 | high | — | 8.0 | — | The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a di… | |
| CVE-2018-16839 | high | — | 8.0 | — | Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. | |
| CVE-2018-19039 | high | — | 8.0 | — | arbitrary filesystem access in grafana | |
| CVE-2018-19931 | high | — | 8.0 | — | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfco… | |
| CVE-2018-10857 | high | — | 8.0 | — | git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on loca… | |
| CVE-2018-7889 | high | — | 8.0 | — | gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Pyt… | |
| CVE-2018-14352 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow. | |
| CVE-2018-3615 | high | — | 8.0 | — | Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enc… | |
| CVE-2018-14363 | high | — | 8.0 | — | An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames. | |
| CVE-2018-6126 | high | — | 8.0 | — | A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | |
| CVE-2018-6951 | high | — | 8.0 | — | An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c… | |
| CVE-2018-6791 | high | — | 8.0 | — | An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted th… | |
| CVE-2018-17407 | high | — | 8.0 | — | An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution wh… | |
| CVE-2018-7456 | high | — | 8.0 | — | A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.… | |
| CVE-2018-20030 | high | — | 8.0 | — | An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. |