11 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-6198
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - w3m through 0.5.3 does not properly handle temporary files when the /.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to...
SUSE: Security Advisory (SUSE-SU-2019:0776-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : w3m (openSUSE-2019-1142)
This update for w3m fixes the following issues : Security issues fixed : - CVE-2018-6196: Prevent infinite recursion in HTMLlineproc0 caused by the feedtableblocktag function which did not prevent a negative indent value bsc1077559 - CVE-2018-6197: Prevent NULL pointer dereference in...
SUSE SLED12 / SLES12 Security Update : w3m (SUSE-SU-2019:0776-1)
This update for w3m fixes several issues. These security issues were fixed : CVE-2018-6196: Prevent infinite recursion in HTMLlineproc0 caused by the feedtableblocktag function which did not prevent a negative indent value bsc1077559 CVE-2018-6197: Prevent NULL pointer dereference in...
Ubuntu: Security Advisory (USN-3555-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2018-0312 Updated w3m packages fix security vulnerability
It was discovered that w3m incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service CVE-2018-6196, CVE-2018-6197. It was discovered that w3m incorrectly handled temporary files. An attacker could possibly use this to overwrite arbitrary files...
Fedora 27 : w3m (2018-0ad6e73ac0)
Rebase to latest upstream gitrev 20180125 and Security fix for CVE-2018-6196, CVE-2018-6197, CVE-2018-6198 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...
FreeBSD : w3m - multiple vulnerabilities (e72d5bf5-07a0-11e8-8248-0021ccb9e74d)
Tatsuya Kinoshita reports : CVE-2018-6196 table.c: Prevent negative indent value in feedtableblocktag. CVE-2018-6197 form.c: Prevent invalid columnPos call in formUpdateBuffer. CVE-2018-6198 config.h.dist, config.h.in, configure, configure.ac, main.c, rc.c: Make temporary directory safely when...
Ubuntu 14.04 LTS / 16.04 LTS : w3m vulnerabilities (USN-3555-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3555-1 advisory. It was discovered that w3m incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. CVE-2018-619...
USN-3555-1: w3m vulnerabilities
It was discovered that w3m incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. CVE-2018-6196, CVE-2018-6197 It was discovered that w3m incorrectly handled temporary files. An attacker could possibly use this to overwrite arbitrary files...
CVE-2018-6198
CVE-2018-6198 affects w3m up to 0.5.3; when ~/.w3m is unwritable, a local attacker can craft a symlink attack to overwrite arbitrary files. Patches/fixes exist across distributions (e.g., openSUSE/SUSE updates and related advisories) addressing CVE-2018-6196–6198; apply vendor updates to mitigate.