libsass (SUSE:Package Hub 15) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 package libsass, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2018-11499 — CVSS 9.8 (critical): A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be…
CVE-2018-19827 — CVSS 8.8 (high): In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial…
CVE-2018-19837 — CVSS 6.5 (medium): In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service…
CVE-2018-19838 — CVSS 6.5 (medium): In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service…
CVE-2018-19839 — CVSS 6.5 (medium): In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a…
CVE-2018-20190 — CVSS 6.5 (medium): In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a…
CVE-2018-20821 — CVSS 6.5 (medium): The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in…
CVE-2018-20822 — CVSS 6.5 (medium): LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and…
CVE-2019-6283 — CVSS 6.5 (medium): In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
CVE-2019-6284 — CVSS 6.5 (medium): In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.
CVE-2019-6286 — CVSS 6.5 (medium): In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from…
CVE-2018-19797 — CVSS 6.5 (medium): In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and…