CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9817 | medium | 6.5 | 6.5 | 9y ago | Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. | |||
| CVE-2016-9816 | medium | 6.5 | 6.5 | 9y ago | Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2. | |||
| CVE-2016-9815 | medium | 6.5 | 6.5 | 9y ago | Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort. | |||
| CVE-2016-8105 | medium | 6.5 | 6.5 | 9y ago | Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations. | |||
| CVE-2016-8986 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648. | |||
| CVE-2016-8915 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649. | |||
| CVE-2016-3013 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661. | |||
| CVE-2016-9384 | medium | 6.5 | 6.5 | 9y ago | Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table. | |||
| CVE-2016-7627 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreGraphics" component. It… | |||
| CVE-2016-7623 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensi… | |||
| CVE-2016-7608 | medium | 5.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOFireWireFamily" component, which allows local users to obtain sensitive information from… | |||
| CVE-2016-7599 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7598 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7591 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOHIDFamily" component. It … | |||
| CVE-2016-7586 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7580 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted … | |||
| CVE-2016-4613 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue invol… | |||
| CVE-2016-7510 | medium | 6.5 | 6.5 | 9y ago | The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input. | |||
| CVE-2016-5037 | medium | 6.5 | 6.5 | 9y ago | The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2016-5035 | medium | 6.5 | 6.5 | 9y ago | The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||
| CVE-2016-5034 | medium | 6.5 | 6.5 | 9y ago | dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records. | |||
| CVE-2016-5033 | medium | 6.5 | 6.5 | 9y ago | The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||
| CVE-2016-5032 | medium | 6.5 | 6.5 | 9y ago | The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2016-5030 | medium | 6.5 | 6.5 | 9y ago | The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2016-5029 | medium | 6.5 | 6.5 | 9y ago | The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file. | |||
| CVE-2016-5028 | medium | 6.5 | 6.5 | 9y ago | The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections. | |||
| CVE-2016-8680 | medium | 6.5 | 6.5 | 9y ago | The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on … | |||
| CVE-2016-8679 | medium | 6.5 | 6.5 | 9y ago | The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on … | |||
| CVE-2016-8362 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-R… | |||
| CVE-2016-4987 | medium | 6.5 | 6.5 | 9y ago | Jenkins Image Gallery Plugin allows Path Traversal | |||
| CVE-2016-6188 | medium | 6.5 | 6.5 | 9y ago | Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files. | |||
| CVE-2016-8933 | medium | 6.5 | 6.5 | 10y ago | IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitra… | |||
| CVE-2016-6110 | medium | 6.5 | 6.5 | 10y ago | IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. | |||
| CVE-2016-8913 | medium | 6.5 | 6.5 | 10y ago | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequenc… | |||
| CVE-2016-6126 | medium | 6.5 | 6.5 | 10y ago | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequenc… | |||
| CVE-2016-6085 | medium | 6.5 | 6.5 | 10y ago | IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers. | |||
| CVE-2016-6084 | medium | 6.5 | 6.5 | 10y ago | IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request. | |||
| CVE-2016-5994 | medium | 6.5 | 6.5 | 10y ago | IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents. | |||
| CVE-2016-5988 | medium | 6.5 | 6.5 | 10y ago | IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user. | |||
| CVE-2016-5950 | medium | 6.5 | 6.5 | 10y ago | IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user. | |||
| CVE-2016-3027 | medium | 6.5 | 6.5 | 10y ago | IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnera… | |||
| CVE-2016-3022 | medium | 6.5 | 6.5 | 10y ago | IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. | |||
| CVE-2016-9413 | medium | 6.5 | 6.5 | 10y ago | The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2016-2050 | medium | 6.5 | 6.5 | 10y ago | The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file. | |||
| CVE-2016-8311 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |||
| CVE-2016-5549 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easil… | |||
| CVE-2016-5548 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111… | |||
| CVE-2016-4055 | medium | 6.5 | 6.5 | 10y ago | The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Ser… | |||
| CVE-2016-9436 | medium | 6.5 | 6.5 | 10y ago | parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. | |||
| CVE-2016-9435 | medium | 6.5 | 6.5 | 10y ago | The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd… | |||
| CVE-2016-5321 | medium | 6.5 | 6.5 | 10y ago | The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. | |||
| CVE-2016-5319 | medium | 6.5 | 6.5 | 10y ago | Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. | |||
| CVE-2016-5318 | medium | 6.5 | 6.5 | 10y ago | Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff. | |||
| CVE-2016-5317 | medium | 6.5 | 6.5 | 10y ago | Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service atta… | |||
| CVE-2016-5316 | medium | 6.5 | 6.5 | 10y ago | Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr too… | |||
| CVE-2016-5223 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5222 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5220 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5218 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5217 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5212 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5201 | medium | 6.5 | 6.5 | 10y ago | A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged J… | |||
| CVE-2016-3414 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029. | |||
| CVE-2016-3401 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810. | |||
| CVE-2016-7799 | medium | 6.5 | 6.5 | 10y ago | MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||
| CVE-2016-7101 | medium | 6.5 | 6.5 | 10y ago | The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. | |||
| CVE-2016-9813 | medium | 5.5 | 6.5 | 10y ago | The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | |||
| CVE-2016-9310 | medium | 6.5 | 6.5 | 10y ago | The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. | |||
| CVE-2016-1549 | medium | 6.5 | 6.5 | 10y ago | A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a… | |||
| CVE-2016-6595 | medium | 6.5 | 6.5 | 10y ago | The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor dis… | |||
| CVE-2016-10106 | medium | 6.5 | 6.5 | 10y ago | Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitra… | |||
| CVE-2016-9916 | medium | 6.5 | 6.5 | 10y ago | Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leverag… | |||
| CVE-2016-9915 | medium | 6.5 | 6.5 | 10y ago | Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by levera… | |||
| CVE-2016-9914 | medium | 6.5 | 6.5 | 10y ago | Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a … | |||
| CVE-2016-9913 | medium | 6.5 | 6.5 | 10y ago | Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and … | |||
| CVE-2016-9846 | medium | 6.5 | 6.5 | 10y ago | QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest… | |||
| CVE-2016-9845 | medium | 6.5 | 6.5 | 10y ago | QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A … | |||
| CVE-2016-9224 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. More Information: CSCvc31635. Known Affected Releases: 10.… | |||
| CVE-2016-9921 | medium | 6.5 | 6.5 | 10y ago | Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. … | |||
| CVE-2016-9912 | medium | 6.5 | 6.5 | 10y ago | Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. … | |||
| CVE-2016-9911 | medium | 6.5 | 6.5 | 10y ago | Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process coul… | |||
| CVE-2016-9907 | medium | 6.5 | 6.5 | 10y ago | Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest … | |||
| CVE-2016-7968 | medium | 6.5 | 6.5 | 10y ago | KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed. | |||
| CVE-2016-7257 | medium | 6.5 | 6.5 | 10y ago | The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive informati… | |||
| CVE-2016-5192 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5189 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5187 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-8827 | medium | 6.5 | 6.5 | 10y ago | NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter valid… | |||
| CVE-2016-9964 | medium | 6.5 | 6.5 | 10y ago | redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. | |||
| CVE-2016-9208 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files i… | |||
| CVE-2016-9207 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full t… | |||
| CVE-2016-9204 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. Affected Products: Cisco Nexus … | |||
| CVE-2016-9199 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulne… | |||
| CVE-2016-6473 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. More Information: CSCuu69332, CSCu… | |||
| CVE-2016-6471 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage P… | |||
| CVE-2016-9633 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page. | |||
| CVE-2016-9632 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. | |||
| CVE-2016-9631 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9630 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. | |||
| CVE-2016-9629 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. |