Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libsass vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-12963
There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from GitHub after 2017-07...
Libsass Libsass 3.4.5
6.5
CVSSv3
CVE-2018-19839
In LibSass before 3.5.5, the function handle_error in sass_context.cpp allows malicious users to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.
Sass-lang Libsass
9.8
CVSSv3
CVE-2018-11499
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x up to and including 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
Sass-lang Libsass
6.5
CVSSv3
CVE-2018-20821
The parsing component in LibSass up to and including 3.5.5 allows malicious users to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
Sass-lang Libsass
8.8
CVSSv3
CVE-2018-11694
An issue exists in LibSass up to and including 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an malicious user to cause a denial of service (application crash) or possibly have unspecified other impact.
Sass-lang Libsass
8.1
CVSSv3
CVE-2018-11693
An issue exists in LibSass up to and including 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an malicious user to disclose information or manipulated to read from unmapped memory causing a de...
Sass-lang Libsass
8.8
CVSSv3
CVE-2018-11695
An issue exists in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an malicious user to cause a denial of service (application crash) or possibly have unspecified other impact.
Sass-lang Libsass
8.8
CVSSv3
CVE-2018-11696
An issue exists in LibSass up to and including 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an malicious user to cause a denial of service (application crash) or possibly have unspecified other impact.
Sass-lang Libsass
8.1
CVSSv3
CVE-2018-11697
An issue exists in LibSass up to and including 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an malicious user to disclose information or manipulated to read from unmapped memory causing a denial of...
Sass-lang Libsass
8.1
CVSSv3
CVE-2018-11698
An issue exists in LibSass up to and including 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an malicious user to disclose information or manipulated to read from unmapped memory causing a denial of servic...
Sass-lang Libsass
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »