rpm package
opensuse/w3m&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/w3m&distro=openSUSE%20Tumbleweed
Vulnerabilities (31)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-9443 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9442 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page. | |
| CVE-2016-9441 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9440 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9439 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |
| CVE-2016-9438 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9437 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page. | |
| CVE-2016-9434 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2012-4929 | — | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Sep 15, 2012 | The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing | ||
| CVE-2010-2074 | — | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Jun 16, 2010 | istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attacke | ||
| CVE-2006-6772 | — | < 0.5.3+git20180125-1.14 | 0.5.3+git20180125-1.14 | Dec 27, 2006 | Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an h |
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
- CVE-2012-4929Sep 15, 2012affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing
- CVE-2010-2074Jun 16, 2010affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attacke
- CVE-2006-6772Dec 27, 2006affected < 0.5.3+git20180125-1.14fixed 0.5.3+git20180125-1.14
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an h
Page 2 of 2