Zyingp

#10119de 53,635
27.3CVSS total
Vulnerabilidades · 4
Média
3
Alta
1
PT-2018-15289
6.5
2018-12-17
Sass · Libsass · CVE-2018-20190
**Name of the Vulnerable Software and Affected Versions** LibSass version 3.5.5 **Description** The issue is related to a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports Operator*) in eval.cpp. This may cause a Denial of Service, resulting in an application crash, when a crafted sass input file is processed. **Recommendations** For LibSass version 3.5.5, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-15099
6.5
2018-12-03
Sass · Libsass · CVE-2018-19797
**Name of the Vulnerable Software and Affected Versions** LibSass version 3.5.5 **Description** The issue is related to a NULL Pointer Dereference in the function Sass::Selector List::populate extends, which may cause a Denial of Service (application crash) via a crafted sass input file. **Recommendations** For LibSass version 3.5.5, consider updating to a newer version to mitigate the risk of a Denial of Service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-15116
8.8
2018-12-03
Sass · Libsass · CVE-2018-19827
**Name of the Vulnerable Software and Affected Versions** LibSass version 3.5.5 **Description** A use-after-free issue exists in the SharedPtr class that may cause a denial of service, potentially leading to an application crash, or possibly have other unspecified impacts. **Recommendations** For LibSass version 3.5.5, consider updating to a newer version to mitigate the risk, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the SharedPtr class until a patch is available.
PT-2018-3760
5.5
2018-11-25
Tcpdump · Tcpdump · CVE-2018-19519
**Name of the Vulnerable Software and Affected Versions** tcpdump version 4.9.2 **Description** A stack-based buffer over-read issue exists in the `print prefix` function of `print-hncp.c` due to missing initialization, which can be triggered by crafted packet data. This may allow a remote attacker to access confidential data. **Recommendations** For tcpdump version 4.9.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.