threat
engine
.sh
Back
·
··:··
Home
/
Product
/
tats w3m
Product
tats w3m
45 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-4255
all versions
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M app
5.5
MEDIUM
CVE-2023-38253
all versions
An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause
4.7
MEDIUM
CVE-2023-38252
all versions
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a den
4.7
MEDIUM
CVE-2022-38223
all versions
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to
7.8
HIGH
CVE-2018-6198
<= 0.5.3
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker
4.7
MEDIUM
CVE-2018-6197
<= 0.5.3
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.
7.5
HIGH
CVE-2018-6196
<= 0.5.3
w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c doe
7.5
HIGH
CVE-2016-9436
<= 0.5.3\+git20160718
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the applic
6.5
MEDIUM
CVE-2016-9435
<= 0.5.3\+git20160718
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attac
6.5
MEDIUM
CVE-2016-9633
<= 0.5.3-32
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9632
<= 0.5.3-32
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9631
<= 0.5.3-32
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9630
<= 0.5.3-32
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9629
<= 0.5.3-32
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9628
<= 0.5.3-32
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9627
<= 0.5.3-32
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9626
<= 0.5.3-32
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote a
6.5
MEDIUM
CVE-2016-9625
<= 0.5.3-32
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote a
6.5
MEDIUM
CVE-2016-9624
<= 0.5.3-32
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9623
<= 0.5.3-32
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9622
<= 0.5.3-32
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9443
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9442
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption
6.5
MEDIUM
CVE-2016-9441
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9440
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9439
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote a
6.5
MEDIUM
CVE-2016-9438
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9437
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9434
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9433
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9432
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9431
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote a
6.5
MEDIUM
CVE-2016-9430
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of servic
6.5
MEDIUM
CVE-2016-9429
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Buffer overflow in the formUpdateBuffer function in w3m
8.8
HIGH
CVE-2016-9428
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm func
8.8
HIGH
CVE-2016-9426
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable funct
8.8
HIGH
CVE-2016-9425
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm func
8.8
HIGH
CVE-2016-9424
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn't properly validate the value of tag attribut
8.8
HIGH
CVE-2016-9423
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attacke
8.8
HIGH
CVE-2016-9422
<= 0.5.3-30
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly val
8.8
HIGH
CVE-2010-2074
all versions
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character i
CVE-2006-6772
all versions
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, a
CVE-2002-1348
all versions
w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to ac
CVE-2002-1335
all versions
Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to ins
CVE-2001-0700
<= 0.2.1
Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin