Skip to main content
CVE-2019-6286 MEDIUM POC This Month

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsass
NVD GitHub
CVSS 3.0
6.5
EPSS
2.1%
CVE-2019-6285 MEDIUM POC This Month

The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yaml Cpp
NVD GitHub
CVSS 3.0
6.5
EPSS
2.5%
CVE-2019-6284 MEDIUM POC This Month

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsass
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-6283 MEDIUM POC This Month

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsass
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-6278 MEDIUM POC This Month

XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jpress
NVD
CVSS 3.0
5.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy