Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
w3m w3m vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2002-1348
w3m prior to 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote malicious users to access files or cookies.
W3m W3m 0.2.1
W3m W3m 0.2.2
W3m W3m 0.3.2
W3m W3m 0.3.2.1
W3m W3m 0.3.2.2
W3m W3m 0.2.5
W3m W3m 0.2.5.1
W3m W3m 0.2.3
W3m W3m 0.2.4
W3m W3m 0.2
W3m W3m 0.3
W3m W3m 0.3.1
755
VMScore
CVE-2001-0700
Buffer overflow in w3m 0.2.1 and previous versions allows a remote malicious user to execute arbitrary code via a long base64 encoded MIME header.
W3m W3m 0.1.8
W3m W3m 0.1.9
W3m W3m 0.1.10
W3m W3m 0.2
W3m W3m
W3m W3m 0.1.3
W3m W3m 0.1.4
W3m W3m 0.1.6
W3m W3m 0.1.7
1 EDB exploit
605
VMScore
CVE-2010-2074
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the...
W3m W3m 0.5.2
383
VMScore
CVE-2002-1335
Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote malicious users to insert arbitrary web script or HTML and access files or cookies.
W3m W3m 0.3.2
828
VMScore
CVE-2006-6772
Format string vulnerability in the inputAnswer function in file.c in w3m prior to 0.5.2, when run with the dump or backend option, allows remote malicious users to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated w...
W3m W3m 0.5.1
NA
CVE-2023-4255
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to applic...
Tats W3m 0.5.3\\+git20230129
Tats W3m 0.5.3\\+git20230121-1
Tats W3m 0.5.3\\+git20230121-2
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 39
383
VMScore
CVE-2016-9633
An issue exists in the Tatsuya Kinoshita w3m fork prior to 0.5.3-33. w3m allows remote malicious users to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page.
Tats W3m
NA
CVE-2022-38223
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an malicious user to cause Denial of Service or possibly have unspecified other impact.
Tats W3m 0.5.3
Fedoraproject Fedora 36
Fedoraproject Fedora 37
NA
CVE-2023-38252
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an malicious user to cause a denial of service through a crafted HTML file.
Tats W3m 0.5.3\\+git20230121
Redhat Enterprise Linux 6.0
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 38
NA
CVE-2023-38253
An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an malicious user to cause a denial of service through a crafted HTML file.
Tats W3m 0.5.3\\+git20230121
Redhat Enterprise Linux 6.0
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 38
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »