CVEs from 2016
Total
8,537
critical
critical 1,164
high
high 3,521
medium
medium 3,172
low
low 249
% Critical
13.6%
% with KEV
0.7%
% with exploit
0.9%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2016-5034 | medium | 6.5 | 6.5 | 9y ago | dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records. | |
| CVE-2016-5033 | medium | 6.5 | 6.5 | 9y ago | The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |
| CVE-2016-5032 | medium | 6.5 | 6.5 | 9y ago | The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file. | |
| CVE-2016-5030 | medium | 6.5 | 6.5 | 9y ago | The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |
| CVE-2016-5029 | medium | 6.5 | 6.5 | 9y ago | The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file. | |
| CVE-2016-5028 | medium | 6.5 | 6.5 | 9y ago | The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections. | |
| CVE-2016-8680 | medium | 6.5 | 6.5 | 9y ago | The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on … | |
| CVE-2016-8679 | medium | 6.5 | 6.5 | 9y ago | The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on … | |
| CVE-2016-8362 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-R… | |
| CVE-2016-4987 | medium | 6.5 | 6.5 | 9y ago | Jenkins Image Gallery Plugin allows Path Traversal | |
| CVE-2016-6188 | medium | 6.5 | 6.5 | 9y ago | Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files. | |
| CVE-2016-8933 | medium | 6.5 | 6.5 | 9y ago | IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitra… | |
| CVE-2016-6110 | medium | 6.5 | 6.5 | 9y ago | IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. | |
| CVE-2016-8913 | medium | 6.5 | 6.5 | 9y ago | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequenc… | |
| CVE-2016-6126 | medium | 6.5 | 6.5 | 9y ago | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequenc… | |
| CVE-2016-6085 | medium | 6.5 | 6.5 | 9y ago | IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers. | |
| CVE-2016-6084 | medium | 6.5 | 6.5 | 9y ago | IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request. | |
| CVE-2016-5994 | medium | 6.5 | 6.5 | 9y ago | IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents. | |
| CVE-2016-5988 | medium | 6.5 | 6.5 | 9y ago | IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user. | |
| CVE-2016-5950 | medium | 6.5 | 6.5 | 9y ago | IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user. | |
| CVE-2016-3027 | medium | 6.5 | 6.5 | 9y ago | IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnera… | |
| CVE-2016-3022 | medium | 6.5 | 6.5 | 9y ago | IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. | |
| CVE-2016-9413 | medium | 6.5 | 6.5 | 9y ago | The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |
| CVE-2016-2050 | medium | 6.5 | 6.5 | 9y ago | The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file. | |
| CVE-2016-8311 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |
| CVE-2016-5549 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easil… | |
| CVE-2016-5548 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111… | |
| CVE-2016-4055 | medium | 6.5 | 6.5 | 10y ago | The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Ser… | |
| CVE-2016-9436 | medium | 6.5 | 6.5 | 10y ago | parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. | |
| CVE-2016-9435 | medium | 6.5 | 6.5 | 10y ago | The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd… | |
| CVE-2016-5321 | medium | 6.5 | 6.5 | 10y ago | The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. | |
| CVE-2016-5319 | medium | 6.5 | 6.5 | 10y ago | Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. | |
| CVE-2016-5318 | medium | 6.5 | 6.5 | 10y ago | Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff. | |
| CVE-2016-5317 | medium | 6.5 | 6.5 | 10y ago | Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service atta… | |
| CVE-2016-5316 | medium | 6.5 | 6.5 | 10y ago | Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr too… | |
| CVE-2016-5223 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |
| CVE-2016-5222 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |
| CVE-2016-5220 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |
| CVE-2016-5218 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |
| CVE-2016-5217 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |
| CVE-2016-5212 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |
| CVE-2016-5201 | medium | 6.5 | 6.5 | 10y ago | A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged J… | |
| CVE-2016-3414 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029. | |
| CVE-2016-3401 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810. | |
| CVE-2016-6897 | medium | 6.5 | 6.5 | 10y ago | Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authenticatio… | |
| CVE-2016-7799 | medium | 6.5 | 6.5 | 10y ago | MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |
| CVE-2016-7101 | medium | 6.5 | 6.5 | 10y ago | The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. | |
| CVE-2016-9310 | medium | 6.5 | 6.5 | 10y ago | The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. | |
| CVE-2016-1549 | medium | 6.5 | 6.5 | 10y ago | A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a… | |
| CVE-2016-6595 | medium | 6.5 | 6.5 | 10y ago | The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor dis… | |
| CVE-2016-10106 | medium | 6.5 | 6.5 | 10y ago | Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitra… | |
| CVE-2016-9916 | medium | 6.5 | 6.5 | 10y ago | Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leverag… | |
| CVE-2016-9915 | medium | 6.5 | 6.5 | 10y ago | Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by levera… | |
| CVE-2016-9914 | medium | 6.5 | 6.5 | 10y ago | Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a … | |
| CVE-2016-9913 | medium | 6.5 | 6.5 | 10y ago | Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and … | |
| CVE-2016-9846 | medium | 6.5 | 6.5 | 10y ago | QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest… | |
| CVE-2016-9845 | medium | 6.5 | 6.5 | 10y ago | QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A … | |
| CVE-2016-9224 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. More Information: CSCvc31635. Known Affected Releases: 10.… | |
| CVE-2016-9921 | medium | 6.5 | 6.5 | 10y ago | Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. … | |
| CVE-2016-9912 | medium | 6.5 | 6.5 | 10y ago | Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. … | |
| CVE-2016-9911 | medium | 6.5 | 6.5 | 10y ago | Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process coul… | |
| CVE-2016-9907 | medium | 6.5 | 6.5 | 10y ago | Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest … | |
| CVE-2016-7968 | medium | 6.5 | 6.5 | 10y ago | KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed. | |
| CVE-2016-7257 | medium | 6.5 | 6.5 | 10y ago | The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive informati… | |
| CVE-2016-5192 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |
| CVE-2016-5189 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |
| CVE-2016-5187 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |
| CVE-2016-9951 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user click… | |
| CVE-2016-8827 | medium | 6.5 | 6.5 | 10y ago | NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter valid… | |
| CVE-2016-9964 | medium | 6.5 | 6.5 | 10y ago | redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. | |
| CVE-2016-9208 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files i… | |
| CVE-2016-9207 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full t… | |
| CVE-2016-9204 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. Affected Products: Cisco Nexus … | |
| CVE-2016-9199 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulne… | |
| CVE-2016-6473 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. More Information: CSCuu69332, CSCu… | |
| CVE-2016-6471 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage P… | |
| CVE-2016-9633 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page. | |
| CVE-2016-9632 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. | |
| CVE-2016-9631 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9630 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. | |
| CVE-2016-9629 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9628 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9627 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page. | |
| CVE-2016-9626 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |
| CVE-2016-9625 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |
| CVE-2016-9624 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9623 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9622 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9443 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9442 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page. | |
| CVE-2016-9441 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9440 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9439 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |
| CVE-2016-9438 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9437 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a… | |
| CVE-2016-9434 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9433 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (out-of-bounds array access) via a crafted HTML page. | |
| CVE-2016-9432 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (memory corruption, segmentation fault, and crash) via a crafted HT… | |
| CVE-2016-9431 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |
| CVE-2016-9430 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. |