Vulnerabilities > Sass Lang

DATE CVE VULNERABILITY TITLE RISK
2018-11-12 CVE-2018-19218 Out-of-bounds Read vulnerability in Sass-Lang Libsass 3.5.0
In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack.
network
low complexity
sass-lang CWE-125
6.5
6.5
2018-06-04 CVE-2018-11698 Out-of-bounds Read vulnerability in Sass-Lang Libsass
An issue was discovered in LibSass through 3.5.4.
network
low complexity
sass-lang CWE-125
8.1
8.1
2018-06-04 CVE-2018-11697 Out-of-bounds Read vulnerability in Sass-Lang Libsass
An issue was discovered in LibSass through 3.5.4.
network
low complexity
sass-lang CWE-125
8.1
8.1
2018-06-04 CVE-2018-11696 NULL Pointer Dereference vulnerability in Sass-Lang Libsass
An issue was discovered in LibSass through 3.5.4.
network
low complexity
sass-lang CWE-476
8.8
8.8
2018-06-04 CVE-2018-11695 NULL Pointer Dereference vulnerability in Sass-Lang Libsass
An issue was discovered in LibSass <3.5.3.
network
low complexity
sass-lang CWE-476
8.8
8.8
2018-06-04 CVE-2018-11694 NULL Pointer Dereference vulnerability in Sass-Lang Libsass
An issue was discovered in LibSass through 3.5.4.
network
low complexity
sass-lang CWE-476
8.8
8.8
2018-06-04 CVE-2018-11693 Out-of-bounds Read vulnerability in Sass-Lang Libsass
An issue was discovered in LibSass through 3.5.4.
network
low complexity
sass-lang CWE-125
8.1
8.1
2018-05-26 CVE-2018-11499 Use After Free vulnerability in Sass-Lang Libsass
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
network
low complexity
sass-lang CWE-416
critical
 9.8
9.8