Mity
Products
1- 8 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11547 | Cri | 0.64 | 9.8 | 0.02 | May 29, 2018 | md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination. | ||
| CVE-2018-11546 | Cri | 0.64 | 9.8 | 0.02 | May 29, 2018 | md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error. | ||
| CVE-2018-11545 | Cri | 0.64 | 9.8 | 0.02 | May 29, 2018 | md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes. | ||
| CVE-2018-11536 | Cri | 0.64 | 9.8 | 0.02 | May 29, 2018 | md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits. | ||
| CVE-2018-12112 | Hig | 0.51 | 7.8 | 0.01 | Jun 11, 2018 | md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file. | ||
| CVE-2018-12102 | Med | 0.36 | 5.5 | 0.01 | Jun 11, 2018 | md4c 0.2.6 has a NULL pointer dereference in the function md_process_line in md4c.c, related to ctx->current_block. | ||
| CVE-2021-30027 | 0.00 | — | 0.01 | Apr 29, 2021 | md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document. | |||
| CVE-2020-26148 | 0.00 | — | 0.01 | Sep 29, 2020 | md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. |
- risk 0.64cvss 9.8epss 0.02
md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination.
- risk 0.64cvss 9.8epss 0.02
md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error.
- risk 0.64cvss 9.8epss 0.02
md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes.
- risk 0.64cvss 9.8epss 0.02
md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits.
- risk 0.51cvss 7.8epss 0.01
md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.
- risk 0.36cvss 5.5epss 0.01
md4c 0.2.6 has a NULL pointer dereference in the function md_process_line in md4c.c, related to ctx->current_block.
- CVE-2021-30027Apr 29, 2021risk 0.00cvss —epss 0.01
md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document.
- CVE-2020-26148Sep 29, 2020risk 0.00cvss —epss 0.01
md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document.