FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  566398
Date:      2021-02-23
Time:      13:57:29Z
Committer: osa

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
9347d82d-9a66-11db-b271-000e35248ad7w3m -- format string vulnerability

An anonymous person reports:

w3m-0.5.1 crashes when using the -dump or -backend options to open a HTTPS URL with a SSL certificate where the CN contains "%n%n%n%n%n%n".


Discovery 2006-12-10
Entry 2007-01-03
w3m
w3m-img
w3m-m17n
w3m-m17n-img
ja-w3m
ja-w3m-img
lt 0.5.1_6

21735
CVE-2006-6772
http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439
http://secunia.com/advisories/23492/
eafa3aec-211b-4dd4-9b8a-a664a3f0917aw3m -- multiple vulnerabilities

Multiple remote code execution and denial of service conditions present.


Discovery 2016-11-03
Entry 2017-01-01
Modified 2017-01-09
w3m
w3m-img
ja-w3m
ja-w3m-img
lt 0.5.3.20170102

http://seclists.org/oss-sec/2016/q4/452
http://seclists.org/oss-sec/2016/q4/516
CVE-2016-9422
CVE-2016-9423
CVE-2016-9424
CVE-2016-9425
CVE-2016-9426
CVE-2016-9428
CVE-2016-9429
CVE-2016-9430
CVE-2016-9431
CVE-2016-9432
CVE-2016-9433
CVE-2016-9434
CVE-2016-9435
CVE-2016-9436
CVE-2016-9437
CVE-2016-9438
CVE-2016-9439
CVE-2016-9440
CVE-2016-9441
CVE-2016-9442
CVE-2016-9443
CVE-2016-9622
CVE-2016-9623
CVE-2016-9624
CVE-2016-9625
CVE-2016-9626
CVE-2016-9627
CVE-2016-9628
CVE-2016-9629
CVE-2016-9630
CVE-2016-9631
CVE-2016-9632
CVE-2016-9633
e72d5bf5-07a0-11e8-8248-0021ccb9e74dw3m - multiple vulnerabilities

Tatsuya Kinoshita reports:

CVE-2018-6196 * table.c: Prevent negative indent value in feed_table_block_tag().

CVE-2018-6197 * form.c: Prevent invalid columnPos() call in formUpdateBuffer().

CVE-2018-6198 * config.h.dist, config.h.in, configure, configure.ac, main.c, rc.c: Make temporary directory safely when ~/.w3m is unwritable.


Discovery 2018-01-25
Entry 2018-02-01
Modified 2018-02-03
w3m
w3m-img
ja-w3m
ja-w3m-img
lt 0.5.3.20180125

https://github.com/tats/w3m/commit/e773a0e089276f82c546447c0fd1e6c0f9156628
CVE-2018-6196
CVE-2018-6197
CVE-2018-6198
9347d82d-9a66-11db-b271-000e35248ad7w3m -- format string vulnerability

An anonymous person reports:

w3m-0.5.1 crashes when using the -dump or -backend options to open a HTTPS URL with a SSL certificate where the CN contains "%n%n%n%n%n%n".


Discovery 2006-12-10
Entry 2007-01-03
w3m
w3m-img
w3m-m17n
w3m-m17n-img
ja-w3m
ja-w3m-img
lt 0.5.1_6

21735
CVE-2006-6772
http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439
http://secunia.com/advisories/23492/