Vulnerabilities > Tats > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-21 CVE-2023-4255 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application.
local
low complexity
tats fedoraproject CWE-787
5.5
2023-07-14 CVE-2023-38252 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c.
local
low complexity
tats redhat fedoraproject CWE-125
5.5
2023-07-14 CVE-2023-38253 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c.
local
low complexity
tats redhat fedoraproject CWE-125
5.5
2018-01-25 CVE-2018-6198 Link Following vulnerability in multiple products
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
local
high complexity
tats canonical CWE-59
4.7
2017-01-20 CVE-2016-9436 Improper Input Validation vulnerability in multiple products
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
network
low complexity
opensuse-project opensuse tats CWE-20
6.5
2017-01-20 CVE-2016-9435 Improper Input Validation vulnerability in multiple products
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.
network
low complexity
opensuse-project opensuse tats CWE-20
6.5
2016-12-12 CVE-2016-9633 Resource Management Errors vulnerability in Tats W3M
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.
network
low complexity
tats CWE-399
6.5
2016-12-12 CVE-2016-9632 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tats W3M
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.
network
low complexity
tats CWE-119
6.5
2016-12-12 CVE-2016-9631 NULL Pointer Dereference vulnerability in Tats W3M
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.
network
low complexity
tats CWE-476
6.5
2016-12-12 CVE-2016-9630 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tats W3M
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.
network
low complexity
tats CWE-119
6.5