Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
w3m vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-1348
w3m prior to 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote malicious users to access files or cookies.
W3m W3m 0.2.1
W3m W3m 0.2.2
W3m W3m 0.3.2
W3m W3m 0.3.2.1
W3m W3m 0.3.2.2
W3m W3m 0.2.5
W3m W3m 0.2.5.1
W3m W3m 0.2.3
W3m W3m 0.2.4
W3m W3m 0.2
W3m W3m 0.3
W3m W3m 0.3.1
NA
CVE-2001-0700
Buffer overflow in w3m 0.2.1 and previous versions allows a remote malicious user to execute arbitrary code via a long base64 encoded MIME header.
W3m W3m 0.1.8
W3m W3m 0.1.9
W3m W3m 0.1.10
W3m W3m 0.2
W3m W3m
W3m W3m 0.1.3
W3m W3m 0.1.4
W3m W3m 0.1.6
W3m W3m 0.1.7
1 EDB exploit
NA
CVE-2002-1335
Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote malicious users to insert arbitrary web script or HTML and access files or cookies.
W3m W3m 0.3.2
NA
CVE-2006-6772
Format string vulnerability in the inputAnswer function in file.c in w3m prior to 0.5.2, when run with the dump or backend option, allows remote malicious users to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated w...
W3m W3m 0.5.1
NA
CVE-2010-2074
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the...
W3m W3m 0.5.2
5.5
CVSSv3
CVE-2023-4255
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to applic...
Tats W3m 0.5.3\\+git20230129
Tats W3m 0.5.3\\+git20230121-1
Tats W3m 0.5.3\\+git20230121-2
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 39
6.5
CVSSv3
CVE-2016-9633
An issue exists in the Tatsuya Kinoshita w3m fork prior to 0.5.3-33. w3m allows remote malicious users to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page.
Tats W3m
7.8
CVSSv3
CVE-2022-38223
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an malicious user to cause Denial of Service or possibly have unspecified other impact.
Tats W3m 0.5.3
Fedoraproject Fedora 36
Fedoraproject Fedora 37
4.7
CVSSv3
CVE-2018-6198
w3m up to and including 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local malicious user to craft a symlink attack to overwrite arbitrary files.
Tats W3m
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 17.10
5.5
CVSSv3
CVE-2023-38252
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an malicious user to cause a denial of service through a crafted HTML file.
Tats W3m 0.5.3\\+git20230121
Redhat Enterprise Linux 6.0
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 38
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »