Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2010-2074 (GCVE-0-2010-2074)
Vulnerability from cvelistv5
Published
2010-06-16 20:00
Modified
2024-08-07 02:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:14.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100614 CVE Request: w3m does not check null bytes CN/subjAltName",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/4"
},
{
"name": "40134",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40134"
},
{
"name": "65538",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/65538"
},
{
"name": "1024252",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024252"
},
{
"name": "ADV-2010-1467",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1467"
},
{
"name": "ADV-2010-1879",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1879"
},
{
"name": "ADV-2010-1928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1928"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "RHSA-2010:0565",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0565.html"
},
{
"name": "40837",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40837"
},
{
"name": "40733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40733"
},
{
"name": "FEDORA-2010-10369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a \u0027\\0\u0027 character in a domain name in the (1) subject\u0027s Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-22T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20100614 CVE Request: w3m does not check null bytes CN/subjAltName",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/4"
},
{
"name": "40134",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40134"
},
{
"name": "65538",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/65538"
},
{
"name": "1024252",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024252"
},
{
"name": "ADV-2010-1467",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1467"
},
{
"name": "ADV-2010-1879",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1879"
},
{
"name": "ADV-2010-1928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1928"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "RHSA-2010:0565",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0565.html"
},
{
"name": "40837",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40837"
},
{
"name": "40733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40733"
},
{
"name": "FEDORA-2010-10369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2074",
"datePublished": "2010-06-16T20:00:00",
"dateReserved": "2010-05-25T00:00:00",
"dateUpdated": "2024-08-07T02:17:14.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2010-2074\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-06-16T20:30:02.607\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a \u0027\\\\0\u0027 character in a domain name in the (1) subject\u0027s Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.\"},{\"lang\":\"es\",\"value\":\"istream.c en w3m v0.5.2 y posiblemente otras versiones, cuando ssl_verify_server est\u00e1 activado, no maneja adecuadamente el car\u00e1cter \u0027\\\\0\u0027 en un nombre de dominio en el (1) subject\u0027s Common Name o (2) Subject Alternative Name field de un certificado X.509, lo que permite a atacantes en el medio (Man-in-the-middle) suplantar a servidores SSL a trav\u00e9s de certificados manipulados enviados por una Autoridad de Certificaci\u00f3n leg\u00edtima. Tema relacionado con el CVE-2009-2408.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w3m:w3m:0.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49051ADA-75C4-46AB-AF9F-B7A45EDD2F03\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://osvdb.org/65538\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/40134\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40733\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/06/14/4\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0565.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/40837\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id?1024252\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1467\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1879\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1928\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/65538\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/40134\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40733\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/06/14/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0565.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/40837\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1024252\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1467\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1879\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1928\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
gsd-2010-2074
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2010-2074",
"description": "istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a \u0027\\0\u0027 character in a domain name in the (1) subject\u0027s Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
"id": "GSD-2010-2074",
"references": [
"https://www.suse.com/security/cve/CVE-2010-2074.html",
"https://access.redhat.com/errata/RHSA-2010:0565",
"https://linux.oracle.com/cve/CVE-2010-2074.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2010-2074"
],
"details": "istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a \u0027\\0\u0027 character in a domain name in the (1) subject\u0027s Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
"id": "GSD-2010-2074",
"modified": "2023-12-13T01:21:31.548699Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a \u0027\\0\u0027 character in a domain name in the (1) subject\u0027s Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html"
},
{
"name": "http://osvdb.org/65538",
"refsource": "MISC",
"url": "http://osvdb.org/65538"
},
{
"name": "http://secunia.com/advisories/40134",
"refsource": "MISC",
"url": "http://secunia.com/advisories/40134"
},
{
"name": "http://secunia.com/advisories/40733",
"refsource": "MISC",
"url": "http://secunia.com/advisories/40733"
},
{
"name": "http://www.openwall.com/lists/oss-security/2010/06/14/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/4"
},
{
"name": "http://www.redhat.com/support/errata/RHSA-2010-0565.html",
"refsource": "MISC",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0565.html"
},
{
"name": "http://www.securityfocus.com/bid/40837",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/40837"
},
{
"name": "http://www.securitytracker.com/id?1024252",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id?1024252"
},
{
"name": "http://www.vupen.com/english/advisories/2010/1467",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2010/1467"
},
{
"name": "http://www.vupen.com/english/advisories/2010/1879",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2010/1879"
},
{
"name": "http://www.vupen.com/english/advisories/2010/1928",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2010/1928"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:w3m:w3m:0.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2074"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a \u0027\\0\u0027 character in a domain name in the (1) subject\u0027s Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40134",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40134"
},
{
"name": "[oss-security] 20100614 CVE Request: w3m does not check null bytes CN/subjAltName",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/4"
},
{
"name": "ADV-2010-1467",
"refsource": "VUPEN",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1467"
},
{
"name": "40837",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/40837"
},
{
"name": "65538",
"refsource": "OSVDB",
"tags": [],
"url": "http://osvdb.org/65538"
},
{
"name": "40733",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/40733"
},
{
"name": "ADV-2010-1928",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1928"
},
{
"name": "FEDORA-2010-10369",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html"
},
{
"name": "ADV-2010-1879",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1879"
},
{
"name": "RHSA-2010:0565",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0565.html"
},
{
"name": "1024252",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id?1024252"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2010-09-09T05:42Z",
"publishedDate": "2010-06-16T20:30Z"
}
}
}
opensuse-su-2024:10235-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
w3m-0.5.3.git20161120-1.1 on GA media
Notes
Title of the patch
w3m-0.5.3.git20161120-1.1 on GA media
Description of the patch
These are all security issues fixed in the w3m-0.5.3.git20161120-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10235
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "w3m-0.5.3.git20161120-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the w3m-0.5.3.git20161120-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10235",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10235-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-2074 page",
"url": "https://www.suse.com/security/cve/CVE-2010-2074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-4929 page",
"url": "https://www.suse.com/security/cve/CVE-2012-4929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9434 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9434/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9435 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9435/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9436 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9437 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9438 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9439 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9440 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9440/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9441 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9441/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9442 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9442/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9443 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9621 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9622 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9623 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9623/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9624 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9624/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9625 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9626 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9626/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9627 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9627/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9628 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9628/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9629 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9629/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9630 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9630/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9631 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9632 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9633 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9633/"
}
],
"title": "w3m-0.5.3.git20161120-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10235-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "w3m-0.5.3.git20161120-1.1.aarch64",
"product": {
"name": "w3m-0.5.3.git20161120-1.1.aarch64",
"product_id": "w3m-0.5.3.git20161120-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"product": {
"name": "w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"product_id": "w3m-inline-image-0.5.3.git20161120-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0.5.3.git20161120-1.1.ppc64le",
"product": {
"name": "w3m-0.5.3.git20161120-1.1.ppc64le",
"product_id": "w3m-0.5.3.git20161120-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"product": {
"name": "w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"product_id": "w3m-inline-image-0.5.3.git20161120-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0.5.3.git20161120-1.1.s390x",
"product": {
"name": "w3m-0.5.3.git20161120-1.1.s390x",
"product_id": "w3m-0.5.3.git20161120-1.1.s390x"
}
},
{
"category": "product_version",
"name": "w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"product": {
"name": "w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"product_id": "w3m-inline-image-0.5.3.git20161120-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0.5.3.git20161120-1.1.x86_64",
"product": {
"name": "w3m-0.5.3.git20161120-1.1.x86_64",
"product_id": "w3m-0.5.3.git20161120-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "w3m-inline-image-0.5.3.git20161120-1.1.x86_64",
"product": {
"name": "w3m-inline-image-0.5.3.git20161120-1.1.x86_64",
"product_id": "w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0.5.3.git20161120-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64"
},
"product_reference": "w3m-0.5.3.git20161120-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0.5.3.git20161120-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le"
},
"product_reference": "w3m-0.5.3.git20161120-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0.5.3.git20161120-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x"
},
"product_reference": "w3m-0.5.3.git20161120-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0.5.3.git20161120-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64"
},
"product_reference": "w3m-0.5.3.git20161120-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-inline-image-0.5.3.git20161120-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64"
},
"product_reference": "w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-inline-image-0.5.3.git20161120-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le"
},
"product_reference": "w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-inline-image-0.5.3.git20161120-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x"
},
"product_reference": "w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-inline-image-0.5.3.git20161120-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
},
"product_reference": "w3m-inline-image-0.5.3.git20161120-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-2074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-2074"
}
],
"notes": [
{
"category": "general",
"text": "istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a \u0027\\0\u0027 character in a domain name in the (1) subject\u0027s Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-2074",
"url": "https://www.suse.com/security/cve/CVE-2010-2074"
},
{
"category": "external",
"summary": "SUSE Bug 609451 for CVE-2010-2074",
"url": "https://bugzilla.suse.com/609451"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2010-2074"
},
{
"cve": "CVE-2012-4929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-4929"
}
],
"notes": [
{
"category": "general",
"text": "The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-4929",
"url": "https://www.suse.com/security/cve/CVE-2012-4929"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2012-4929",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 779952 for CVE-2012-4929",
"url": "https://bugzilla.suse.com/779952"
},
{
"category": "external",
"summary": "SUSE Bug 793420 for CVE-2012-4929",
"url": "https://bugzilla.suse.com/793420"
},
{
"category": "external",
"summary": "SUSE Bug 803004 for CVE-2012-4929",
"url": "https://bugzilla.suse.com/803004"
},
{
"category": "external",
"summary": "SUSE Bug 847895 for CVE-2012-4929",
"url": "https://bugzilla.suse.com/847895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2012-4929"
},
{
"cve": "CVE-2016-9434",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9434"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9434",
"url": "https://www.suse.com/security/cve/CVE-2016-9434"
},
{
"category": "external",
"summary": "SUSE Bug 1011283 for CVE-2016-9434",
"url": "https://bugzilla.suse.com/1011283"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9434",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9434"
},
{
"cve": "CVE-2016-9435",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9435"
}
],
"notes": [
{
"category": "general",
"text": "The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to \u003cdd\u003e tags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9435",
"url": "https://www.suse.com/security/cve/CVE-2016-9435"
},
{
"category": "external",
"summary": "SUSE Bug 1011284 for CVE-2016-9435",
"url": "https://bugzilla.suse.com/1011284"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9435",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9435"
},
{
"cve": "CVE-2016-9436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9436"
}
],
"notes": [
{
"category": "general",
"text": "parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a \u003ci\u003e tag.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9436",
"url": "https://www.suse.com/security/cve/CVE-2016-9436"
},
{
"category": "external",
"summary": "SUSE Bug 1011285 for CVE-2016-9436",
"url": "https://bugzilla.suse.com/1011285"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9436",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9436"
},
{
"cve": "CVE-2016-9437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9437"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9437",
"url": "https://www.suse.com/security/cve/CVE-2016-9437"
},
{
"category": "external",
"summary": "SUSE Bug 1011286 for CVE-2016-9437",
"url": "https://bugzilla.suse.com/1011286"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9437",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9437"
},
{
"cve": "CVE-2016-9438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9438"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9438",
"url": "https://www.suse.com/security/cve/CVE-2016-9438"
},
{
"category": "external",
"summary": "SUSE Bug 1011287 for CVE-2016-9438",
"url": "https://bugzilla.suse.com/1011287"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9438",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9438"
},
{
"cve": "CVE-2016-9439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9439"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9439",
"url": "https://www.suse.com/security/cve/CVE-2016-9439"
},
{
"category": "external",
"summary": "SUSE Bug 1011288 for CVE-2016-9439",
"url": "https://bugzilla.suse.com/1011288"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9439",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9439"
},
{
"cve": "CVE-2016-9440",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9440"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9440",
"url": "https://www.suse.com/security/cve/CVE-2016-9440"
},
{
"category": "external",
"summary": "SUSE Bug 1011289 for CVE-2016-9440",
"url": "https://bugzilla.suse.com/1011289"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9440",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9440"
},
{
"cve": "CVE-2016-9441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9441"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9441",
"url": "https://www.suse.com/security/cve/CVE-2016-9441"
},
{
"category": "external",
"summary": "SUSE Bug 1011290 for CVE-2016-9441",
"url": "https://bugzilla.suse.com/1011290"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9441",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9441"
},
{
"cve": "CVE-2016-9442",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9442"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9442",
"url": "https://www.suse.com/security/cve/CVE-2016-9442"
},
{
"category": "external",
"summary": "SUSE Bug 1011291 for CVE-2016-9442",
"url": "https://bugzilla.suse.com/1011291"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9442",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9442"
},
{
"cve": "CVE-2016-9443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9443"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9443",
"url": "https://www.suse.com/security/cve/CVE-2016-9443"
},
{
"category": "external",
"summary": "SUSE Bug 1011292 for CVE-2016-9443",
"url": "https://bugzilla.suse.com/1011292"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9443",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9443"
},
{
"cve": "CVE-2016-9621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9621"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9429. Reason: This candidate is a reservation duplicate of CVE-2016-9429. Notes: All CVE users should reference CVE-2016-9429 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9621",
"url": "https://www.suse.com/security/cve/CVE-2016-9621"
},
{
"category": "external",
"summary": "SUSE Bug 1011278 for CVE-2016-9621",
"url": "https://bugzilla.suse.com/1011278"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9621",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012020 for CVE-2016-9621",
"url": "https://bugzilla.suse.com/1012020"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9621"
},
{
"cve": "CVE-2016-9622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9622"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9622",
"url": "https://www.suse.com/security/cve/CVE-2016-9622"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9622",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012021 for CVE-2016-9622",
"url": "https://bugzilla.suse.com/1012021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9622"
},
{
"cve": "CVE-2016-9623",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9623"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9623",
"url": "https://www.suse.com/security/cve/CVE-2016-9623"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9623",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012022 for CVE-2016-9623",
"url": "https://bugzilla.suse.com/1012022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9623"
},
{
"cve": "CVE-2016-9624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9624"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9624",
"url": "https://www.suse.com/security/cve/CVE-2016-9624"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9624",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012023 for CVE-2016-9624",
"url": "https://bugzilla.suse.com/1012023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9624"
},
{
"cve": "CVE-2016-9625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9625"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9625",
"url": "https://www.suse.com/security/cve/CVE-2016-9625"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9625",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012024 for CVE-2016-9625",
"url": "https://bugzilla.suse.com/1012024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9625"
},
{
"cve": "CVE-2016-9626",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9626"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9626",
"url": "https://www.suse.com/security/cve/CVE-2016-9626"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9626",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012025 for CVE-2016-9626",
"url": "https://bugzilla.suse.com/1012025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9626"
},
{
"cve": "CVE-2016-9627",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9627"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9627",
"url": "https://www.suse.com/security/cve/CVE-2016-9627"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9627",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012026 for CVE-2016-9627",
"url": "https://bugzilla.suse.com/1012026"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9627"
},
{
"cve": "CVE-2016-9628",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9628"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9628",
"url": "https://www.suse.com/security/cve/CVE-2016-9628"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9628",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012027 for CVE-2016-9628",
"url": "https://bugzilla.suse.com/1012027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9628"
},
{
"cve": "CVE-2016-9629",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9629"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9629",
"url": "https://www.suse.com/security/cve/CVE-2016-9629"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9629",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012028 for CVE-2016-9629",
"url": "https://bugzilla.suse.com/1012028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9629"
},
{
"cve": "CVE-2016-9630",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9630"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9630",
"url": "https://www.suse.com/security/cve/CVE-2016-9630"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9630",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012029 for CVE-2016-9630",
"url": "https://bugzilla.suse.com/1012029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9630"
},
{
"cve": "CVE-2016-9631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9631"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9631",
"url": "https://www.suse.com/security/cve/CVE-2016-9631"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9631",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012030 for CVE-2016-9631",
"url": "https://bugzilla.suse.com/1012030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9631"
},
{
"cve": "CVE-2016-9632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9632"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9632",
"url": "https://www.suse.com/security/cve/CVE-2016-9632"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9632",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012031 for CVE-2016-9632",
"url": "https://bugzilla.suse.com/1012031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9632"
},
{
"cve": "CVE-2016-9633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9633"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9633",
"url": "https://www.suse.com/security/cve/CVE-2016-9633"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9633",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012032 for CVE-2016-9633",
"url": "https://bugzilla.suse.com/1012032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1.x86_64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.aarch64",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.ppc64le",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.s390x",
"openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9633"
}
]
}
ghsa-xwjm-4v2q-p47f
Vulnerability from github
Published
2022-05-17 05:48
Modified
2022-05-17 05:48
VLAI Severity ?
Details
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
{
"affected": [],
"aliases": [
"CVE-2010-2074"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-06-16T20:30:00Z",
"severity": "MODERATE"
},
"details": "istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a \u0027\\0\u0027 character in a domain name in the (1) subject\u0027s Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
"id": "GHSA-xwjm-4v2q-p47f",
"modified": "2022-05-17T05:48:31Z",
"published": "2022-05-17T05:48:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2074"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/65538"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40134"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40733"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/4"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0565.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/40837"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1024252"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1467"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1879"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1928"
}
],
"schema_version": "1.4.0",
"severity": []
}
rhsa-2010:0565
Vulnerability from csaf_redhat
Published
2010-07-27 12:58
Modified
2024-11-22 03:29
Summary
Red Hat Security Advisory: w3m security update
Notes
Topic
Updated w3m packages that fix one security issue are now available for Red
Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The w3m program is a pager (or text file viewer) that can also be used as a
text mode web browser.
It was discovered that w3m is affected by the previously published "null
prefix attack", caused by incorrect handling of NULL characters in X.509
certificates. If an attacker is able to get a carefully-crafted certificate
signed by a trusted Certificate Authority, the attacker could use the
certificate during a man-in-the-middle attack and potentially confuse w3m
into accepting it by mistake. (CVE-2010-2074)
All w3m users should upgrade to these updated packages, which contain a
backported patch to correct this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated w3m packages that fix one security issue are now available for Red\nHat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The w3m program is a pager (or text file viewer) that can also be used as a\ntext mode web browser.\n\nIt was discovered that w3m is affected by the previously published \"null\nprefix attack\", caused by incorrect handling of NULL characters in X.509\ncertificates. If an attacker is able to get a carefully-crafted certificate\nsigned by a trusted Certificate Authority, the attacker could use the\ncertificate during a man-in-the-middle attack and potentially confuse w3m\ninto accepting it by mistake. (CVE-2010-2074)\n\nAll w3m users should upgrade to these updated packages, which contain a\nbackported patch to correct this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0565",
"url": "https://access.redhat.com/errata/RHSA-2010:0565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "604855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=604855"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0565.json"
}
],
"title": "Red Hat Security Advisory: w3m security update",
"tracking": {
"current_release_date": "2024-11-22T03:29:36+00:00",
"generator": {
"date": "2024-11-22T03:29:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0565",
"initial_release_date": "2010-07-27T12:58:00+00:00",
"revision_history": [
{
"date": "2010-07-27T12:58:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-07-27T08:58:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:29:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0:0.5.1-17.el5_5.src",
"product": {
"name": "w3m-0:0.5.1-17.el5_5.src",
"product_id": "w3m-0:0.5.1-17.el5_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m@0.5.1-17.el5_5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0:0.5.1-17.el5_5.x86_64",
"product": {
"name": "w3m-0:0.5.1-17.el5_5.x86_64",
"product_id": "w3m-0:0.5.1-17.el5_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m@0.5.1-17.el5_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"product": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"product_id": "w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-debuginfo@0.5.1-17.el5_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "w3m-img-0:0.5.1-17.el5_5.x86_64",
"product": {
"name": "w3m-img-0:0.5.1-17.el5_5.x86_64",
"product_id": "w3m-img-0:0.5.1-17.el5_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-img@0.5.1-17.el5_5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0:0.5.1-17.el5_5.i386",
"product": {
"name": "w3m-0:0.5.1-17.el5_5.i386",
"product_id": "w3m-0:0.5.1-17.el5_5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m@0.5.1-17.el5_5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"product": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"product_id": "w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-debuginfo@0.5.1-17.el5_5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "w3m-img-0:0.5.1-17.el5_5.i386",
"product": {
"name": "w3m-img-0:0.5.1-17.el5_5.i386",
"product_id": "w3m-img-0:0.5.1-17.el5_5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-img@0.5.1-17.el5_5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0:0.5.1-17.el5_5.ia64",
"product": {
"name": "w3m-0:0.5.1-17.el5_5.ia64",
"product_id": "w3m-0:0.5.1-17.el5_5.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m@0.5.1-17.el5_5?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"product": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"product_id": "w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-debuginfo@0.5.1-17.el5_5?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "w3m-img-0:0.5.1-17.el5_5.ia64",
"product": {
"name": "w3m-img-0:0.5.1-17.el5_5.ia64",
"product_id": "w3m-img-0:0.5.1-17.el5_5.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-img@0.5.1-17.el5_5?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0:0.5.1-17.el5_5.ppc",
"product": {
"name": "w3m-0:0.5.1-17.el5_5.ppc",
"product_id": "w3m-0:0.5.1-17.el5_5.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m@0.5.1-17.el5_5?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"product": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"product_id": "w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-debuginfo@0.5.1-17.el5_5?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "w3m-img-0:0.5.1-17.el5_5.ppc",
"product": {
"name": "w3m-img-0:0.5.1-17.el5_5.ppc",
"product_id": "w3m-img-0:0.5.1-17.el5_5.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-img@0.5.1-17.el5_5?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0:0.5.1-17.el5_5.s390x",
"product": {
"name": "w3m-0:0.5.1-17.el5_5.s390x",
"product_id": "w3m-0:0.5.1-17.el5_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m@0.5.1-17.el5_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"product": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"product_id": "w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-debuginfo@0.5.1-17.el5_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "w3m-img-0:0.5.1-17.el5_5.s390x",
"product": {
"name": "w3m-img-0:0.5.1-17.el5_5.s390x",
"product_id": "w3m-img-0:0.5.1-17.el5_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-img@0.5.1-17.el5_5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-0:0.5.1-17.el5_5.i386"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-0:0.5.1-17.el5_5.ia64"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-0:0.5.1-17.el5_5.ppc"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-0:0.5.1-17.el5_5.s390x"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-0:0.5.1-17.el5_5.src"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-0:0.5.1-17.el5_5.x86_64"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-debuginfo-0:0.5.1-17.el5_5.i386"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-debuginfo-0:0.5.1-17.el5_5.ia64"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-debuginfo-0:0.5.1-17.el5_5.ppc"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-debuginfo-0:0.5.1-17.el5_5.s390x"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-debuginfo-0:0.5.1-17.el5_5.x86_64"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-img-0:0.5.1-17.el5_5.i386"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-img-0:0.5.1-17.el5_5.ia64"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-img-0:0.5.1-17.el5_5.ppc"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-img-0:0.5.1-17.el5_5.s390x"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-img-0:0.5.1-17.el5_5.x86_64"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-0:0.5.1-17.el5_5.i386"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-0:0.5.1-17.el5_5.ia64"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-0:0.5.1-17.el5_5.ppc"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-0:0.5.1-17.el5_5.s390x"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-0:0.5.1-17.el5_5.src"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-0:0.5.1-17.el5_5.x86_64"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-debuginfo-0:0.5.1-17.el5_5.i386"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-debuginfo-0:0.5.1-17.el5_5.ia64"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-debuginfo-0:0.5.1-17.el5_5.ppc"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-debuginfo-0:0.5.1-17.el5_5.s390x"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-debuginfo-0:0.5.1-17.el5_5.x86_64"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-img-0:0.5.1-17.el5_5.i386"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-img-0:0.5.1-17.el5_5.ia64"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-img-0:0.5.1-17.el5_5.ppc"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-img-0:0.5.1-17.el5_5.s390x"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-img-0:0.5.1-17.el5_5.x86_64"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-2074",
"discovery_date": "2010-06-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "604855"
}
],
"notes": [
{
"category": "description",
"text": "istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a \u0027\\0\u0027 character in a domain name in the (1) subject\u0027s Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "w3m: doesn\u0027t handle NULL in Common Name properly",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:w3m-0:0.5.1-17.el5_5.i386",
"5Client:w3m-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-0:0.5.1-17.el5_5.src",
"5Client:w3m-0:0.5.1-17.el5_5.x86_64",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"5Client:w3m-img-0:0.5.1-17.el5_5.i386",
"5Client:w3m-img-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-img-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-img-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-img-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-0:0.5.1-17.el5_5.i386",
"5Server:w3m-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-0:0.5.1-17.el5_5.src",
"5Server:w3m-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-img-0:0.5.1-17.el5_5.i386",
"5Server:w3m-img-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-img-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-img-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-img-0:0.5.1-17.el5_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2074"
},
{
"category": "external",
"summary": "RHBZ#604855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=604855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2074",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2074"
}
],
"release_date": "2010-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-07-27T12:58:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:w3m-0:0.5.1-17.el5_5.i386",
"5Client:w3m-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-0:0.5.1-17.el5_5.src",
"5Client:w3m-0:0.5.1-17.el5_5.x86_64",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"5Client:w3m-img-0:0.5.1-17.el5_5.i386",
"5Client:w3m-img-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-img-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-img-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-img-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-0:0.5.1-17.el5_5.i386",
"5Server:w3m-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-0:0.5.1-17.el5_5.src",
"5Server:w3m-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-img-0:0.5.1-17.el5_5.i386",
"5Server:w3m-img-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-img-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-img-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-img-0:0.5.1-17.el5_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0565"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client:w3m-0:0.5.1-17.el5_5.i386",
"5Client:w3m-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-0:0.5.1-17.el5_5.src",
"5Client:w3m-0:0.5.1-17.el5_5.x86_64",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"5Client:w3m-img-0:0.5.1-17.el5_5.i386",
"5Client:w3m-img-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-img-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-img-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-img-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-0:0.5.1-17.el5_5.i386",
"5Server:w3m-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-0:0.5.1-17.el5_5.src",
"5Server:w3m-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-img-0:0.5.1-17.el5_5.i386",
"5Server:w3m-img-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-img-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-img-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-img-0:0.5.1-17.el5_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "w3m: doesn\u0027t handle NULL in Common Name properly"
}
]
}
fkie_cve-2010-2074
Vulnerability from fkie_nvd
Published
2010-06-16 20:30
Modified
2025-04-11 00:51
Severity ?
Summary
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html | ||
| secalert@redhat.com | http://osvdb.org/65538 | ||
| secalert@redhat.com | http://secunia.com/advisories/40134 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/40733 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2010/06/14/4 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2010-0565.html | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/40837 | ||
| secalert@redhat.com | http://www.securitytracker.com/id?1024252 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1467 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1879 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1928 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/65538 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40134 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40733 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2010/06/14/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0565.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/40837 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1024252 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1467 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1879 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1928 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:w3m:w3m:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49051ADA-75C4-46AB-AF9F-B7A45EDD2F03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a \u0027\\0\u0027 character in a domain name in the (1) subject\u0027s Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
},
{
"lang": "es",
"value": "istream.c en w3m v0.5.2 y posiblemente otras versiones, cuando ssl_verify_server est\u00e1 activado, no maneja adecuadamente el car\u00e1cter \u0027\\0\u0027 en un nombre de dominio en el (1) subject\u0027s Common Name o (2) Subject Alternative Name field de un certificado X.509, lo que permite a atacantes en el medio (Man-in-the-middle) suplantar a servidores SSL a trav\u00e9s de certificados manipulados enviados por una Autoridad de Certificaci\u00f3n leg\u00edtima. Tema relacionado con el CVE-2009-2408."
}
],
"id": "CVE-2010-2074",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-16T20:30:02.607",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/65538"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40134"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/40733"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0565.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/40837"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1024252"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1467"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/1879"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/1928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/65538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0565.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/40837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1928"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
suse-su-2016:3046-1
Vulnerability from csaf_suse
Published
2016-12-07 15:45
Modified
2016-12-07 15:45
Summary
Security update for w3m
Notes
Title of the patch
Security update for w3m
Description of the patch
This update for w3m fixes the following issues:
- update to debian git version (bsc#1011293)
addressed security issues:
CVE-2016-9621: w3m: global-buffer-overflow write (bsc#1012020)
CVE-2016-9622: w3m: null deref (bsc#1012021)
CVE-2016-9623: w3m: null deref (bsc#1012022)
CVE-2016-9624: w3m: near-null deref (bsc#1012023)
CVE-2016-9625: w3m: stack overflow (bsc#1012024)
CVE-2016-9626: w3m: stack overflow (bsc#1012025)
CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026)
CVE-2016-9628: w3m: null deref (bsc#1012027)
CVE-2016-9629: w3m: null deref (bsc#1012028)
CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029)
CVE-2016-9631: w3m: null deref (bsc#1012030)
CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031)
CVE-2016-9633: w3m: OOM (bsc#1012032)
CVE-2016-9434: w3m: null deref (bsc#1011283)
CVE-2016-9435: w3m: use uninit value (bsc#1011284)
CVE-2016-9436: w3m: use uninit value (bsc#1011285)
CVE-2016-9437: w3m: write to rodata (bsc#1011286)
CVE-2016-9438: w3m: null deref (bsc#1011287)
CVE-2016-9439: w3m: stack overflow (bsc#1011288)
CVE-2016-9440: w3m: near-null deref (bsc#1011289)
CVE-2016-9441: w3m: near-null deref (bsc#1011290)
CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291)
CVE-2016-9443: w3m: null deref (bsc#1011292)
Patchnames
slessp4-w3m-12875
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for w3m",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for w3m fixes the following issues:\n\n- update to debian git version (bsc#1011293)\n addressed security issues:\n CVE-2016-9621: w3m: global-buffer-overflow write (bsc#1012020)\n CVE-2016-9622: w3m: null deref (bsc#1012021)\n CVE-2016-9623: w3m: null deref (bsc#1012022)\n CVE-2016-9624: w3m: near-null deref (bsc#1012023)\n CVE-2016-9625: w3m: stack overflow (bsc#1012024)\n CVE-2016-9626: w3m: stack overflow (bsc#1012025)\n CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026)\n CVE-2016-9628: w3m: null deref (bsc#1012027)\n CVE-2016-9629: w3m: null deref (bsc#1012028)\n CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029)\n CVE-2016-9631: w3m: null deref (bsc#1012030)\n CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031)\n CVE-2016-9633: w3m: OOM (bsc#1012032)\n CVE-2016-9434: w3m: null deref (bsc#1011283)\n CVE-2016-9435: w3m: use uninit value (bsc#1011284)\n CVE-2016-9436: w3m: use uninit value (bsc#1011285)\n CVE-2016-9437: w3m: write to rodata (bsc#1011286)\n CVE-2016-9438: w3m: null deref (bsc#1011287)\n CVE-2016-9439: w3m: stack overflow (bsc#1011288)\n CVE-2016-9440: w3m: near-null deref (bsc#1011289)\n CVE-2016-9441: w3m: near-null deref (bsc#1011290)\n CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291)\n CVE-2016-9443: w3m: null deref (bsc#1011292)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp4-w3m-12875",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_3046-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:3046-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:3046-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-December/002449.html"
},
{
"category": "self",
"summary": "SUSE Bug 1011269",
"url": "https://bugzilla.suse.com/1011269"
},
{
"category": "self",
"summary": "SUSE Bug 1011270",
"url": "https://bugzilla.suse.com/1011270"
},
{
"category": "self",
"summary": "SUSE Bug 1011271",
"url": "https://bugzilla.suse.com/1011271"
},
{
"category": "self",
"summary": "SUSE Bug 1011272",
"url": "https://bugzilla.suse.com/1011272"
},
{
"category": "self",
"summary": "SUSE Bug 1011283",
"url": "https://bugzilla.suse.com/1011283"
},
{
"category": "self",
"summary": "SUSE Bug 1011284",
"url": "https://bugzilla.suse.com/1011284"
},
{
"category": "self",
"summary": "SUSE Bug 1011285",
"url": "https://bugzilla.suse.com/1011285"
},
{
"category": "self",
"summary": "SUSE Bug 1011286",
"url": "https://bugzilla.suse.com/1011286"
},
{
"category": "self",
"summary": "SUSE Bug 1011287",
"url": "https://bugzilla.suse.com/1011287"
},
{
"category": "self",
"summary": "SUSE Bug 1011288",
"url": "https://bugzilla.suse.com/1011288"
},
{
"category": "self",
"summary": "SUSE Bug 1011289",
"url": "https://bugzilla.suse.com/1011289"
},
{
"category": "self",
"summary": "SUSE Bug 1011290",
"url": "https://bugzilla.suse.com/1011290"
},
{
"category": "self",
"summary": "SUSE Bug 1011291",
"url": "https://bugzilla.suse.com/1011291"
},
{
"category": "self",
"summary": "SUSE Bug 1011292",
"url": "https://bugzilla.suse.com/1011292"
},
{
"category": "self",
"summary": "SUSE Bug 1011293",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "self",
"summary": "SUSE Bug 1012020",
"url": "https://bugzilla.suse.com/1012020"
},
{
"category": "self",
"summary": "SUSE Bug 1012021",
"url": "https://bugzilla.suse.com/1012021"
},
{
"category": "self",
"summary": "SUSE Bug 1012022",
"url": "https://bugzilla.suse.com/1012022"
},
{
"category": "self",
"summary": "SUSE Bug 1012023",
"url": "https://bugzilla.suse.com/1012023"
},
{
"category": "self",
"summary": "SUSE Bug 1012024",
"url": "https://bugzilla.suse.com/1012024"
},
{
"category": "self",
"summary": "SUSE Bug 1012025",
"url": "https://bugzilla.suse.com/1012025"
},
{
"category": "self",
"summary": "SUSE Bug 1012026",
"url": "https://bugzilla.suse.com/1012026"
},
{
"category": "self",
"summary": "SUSE Bug 1012027",
"url": "https://bugzilla.suse.com/1012027"
},
{
"category": "self",
"summary": "SUSE Bug 1012028",
"url": "https://bugzilla.suse.com/1012028"
},
{
"category": "self",
"summary": "SUSE Bug 1012029",
"url": "https://bugzilla.suse.com/1012029"
},
{
"category": "self",
"summary": "SUSE Bug 1012030",
"url": "https://bugzilla.suse.com/1012030"
},
{
"category": "self",
"summary": "SUSE Bug 1012031",
"url": "https://bugzilla.suse.com/1012031"
},
{
"category": "self",
"summary": "SUSE Bug 1012032",
"url": "https://bugzilla.suse.com/1012032"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-2074 page",
"url": "https://www.suse.com/security/cve/CVE-2010-2074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9422 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9422/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9423 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9423/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9424 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9425 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9434 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9434/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9435 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9435/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9436 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9437 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9438 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9439 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9440 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9440/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9441 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9441/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9442 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9442/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9443 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9621 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9622 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9623 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9623/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9624 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9624/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9625 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9626 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9626/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9627 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9627/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9628 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9628/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9629 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9629/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9630 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9630/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9631 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9632 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9633 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9633/"
}
],
"title": "Security update for w3m",
"tracking": {
"current_release_date": "2016-12-07T15:45:29Z",
"generator": {
"date": "2016-12-07T15:45:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:3046-1",
"initial_release_date": "2016-12-07T15:45:29Z",
"revision_history": [
{
"date": "2016-12-07T15:45:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "w3m-0.5.3.git20161120-4.1.i586",
"product": {
"name": "w3m-0.5.3.git20161120-4.1.i586",
"product_id": "w3m-0.5.3.git20161120-4.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0.5.3.git20161120-4.1.ia64",
"product": {
"name": "w3m-0.5.3.git20161120-4.1.ia64",
"product_id": "w3m-0.5.3.git20161120-4.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0.5.3.git20161120-4.1.ppc64",
"product": {
"name": "w3m-0.5.3.git20161120-4.1.ppc64",
"product_id": "w3m-0.5.3.git20161120-4.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0.5.3.git20161120-4.1.s390x",
"product": {
"name": "w3m-0.5.3.git20161120-4.1.s390x",
"product_id": "w3m-0.5.3.git20161120-4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0.5.3.git20161120-4.1.x86_64",
"product": {
"name": "w3m-0.5.3.git20161120-4.1.x86_64",
"product_id": "w3m-0.5.3.git20161120-4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0.5.3.git20161120-4.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586"
},
"product_reference": "w3m-0.5.3.git20161120-4.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0.5.3.git20161120-4.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64"
},
"product_reference": "w3m-0.5.3.git20161120-4.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0.5.3.git20161120-4.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64"
},
"product_reference": "w3m-0.5.3.git20161120-4.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0.5.3.git20161120-4.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x"
},
"product_reference": "w3m-0.5.3.git20161120-4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0.5.3.git20161120-4.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
},
"product_reference": "w3m-0.5.3.git20161120-4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0.5.3.git20161120-4.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586"
},
"product_reference": "w3m-0.5.3.git20161120-4.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0.5.3.git20161120-4.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64"
},
"product_reference": "w3m-0.5.3.git20161120-4.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0.5.3.git20161120-4.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64"
},
"product_reference": "w3m-0.5.3.git20161120-4.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0.5.3.git20161120-4.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x"
},
"product_reference": "w3m-0.5.3.git20161120-4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0.5.3.git20161120-4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
},
"product_reference": "w3m-0.5.3.git20161120-4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-2074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-2074"
}
],
"notes": [
{
"category": "general",
"text": "istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a \u0027\\0\u0027 character in a domain name in the (1) subject\u0027s Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-2074",
"url": "https://www.suse.com/security/cve/CVE-2010-2074"
},
{
"category": "external",
"summary": "SUSE Bug 609451 for CVE-2010-2074",
"url": "https://bugzilla.suse.com/609451"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2010-2074"
},
{
"cve": "CVE-2016-9422",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9422"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn\u0027t properly validate the value of table span, which allows remote attackers to cause a denial of service (stack and/or heap buffer overflow) and possibly execute arbitrary code via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9422",
"url": "https://www.suse.com/security/cve/CVE-2016-9422"
},
{
"category": "external",
"summary": "SUSE Bug 1011269 for CVE-2016-9422",
"url": "https://bugzilla.suse.com/1011269"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9422",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "important"
}
],
"title": "CVE-2016-9422"
},
{
"cve": "CVE-2016-9423",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9423"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9423",
"url": "https://www.suse.com/security/cve/CVE-2016-9423"
},
{
"category": "external",
"summary": "SUSE Bug 1011270 for CVE-2016-9423",
"url": "https://bugzilla.suse.com/1011270"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9423",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "important"
}
],
"title": "CVE-2016-9423"
},
{
"cve": "CVE-2016-9424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9424"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn\u0027t properly validate the value of tag attribute, which allows remote attackers to cause a denial of service (heap buffer overflow crash) and possibly execute arbitrary code via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9424",
"url": "https://www.suse.com/security/cve/CVE-2016-9424"
},
{
"category": "external",
"summary": "SUSE Bug 1011271 for CVE-2016-9424",
"url": "https://bugzilla.suse.com/1011271"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9424",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "important"
}
],
"title": "CVE-2016-9424"
},
{
"cve": "CVE-2016-9425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9425"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9425",
"url": "https://www.suse.com/security/cve/CVE-2016-9425"
},
{
"category": "external",
"summary": "SUSE Bug 1011272 for CVE-2016-9425",
"url": "https://bugzilla.suse.com/1011272"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9425",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "important"
}
],
"title": "CVE-2016-9425"
},
{
"cve": "CVE-2016-9434",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9434"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9434",
"url": "https://www.suse.com/security/cve/CVE-2016-9434"
},
{
"category": "external",
"summary": "SUSE Bug 1011283 for CVE-2016-9434",
"url": "https://bugzilla.suse.com/1011283"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9434",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9434"
},
{
"cve": "CVE-2016-9435",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9435"
}
],
"notes": [
{
"category": "general",
"text": "The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to \u003cdd\u003e tags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9435",
"url": "https://www.suse.com/security/cve/CVE-2016-9435"
},
{
"category": "external",
"summary": "SUSE Bug 1011284 for CVE-2016-9435",
"url": "https://bugzilla.suse.com/1011284"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9435",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9435"
},
{
"cve": "CVE-2016-9436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9436"
}
],
"notes": [
{
"category": "general",
"text": "parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a \u003ci\u003e tag.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9436",
"url": "https://www.suse.com/security/cve/CVE-2016-9436"
},
{
"category": "external",
"summary": "SUSE Bug 1011285 for CVE-2016-9436",
"url": "https://bugzilla.suse.com/1011285"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9436",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9436"
},
{
"cve": "CVE-2016-9437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9437"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9437",
"url": "https://www.suse.com/security/cve/CVE-2016-9437"
},
{
"category": "external",
"summary": "SUSE Bug 1011286 for CVE-2016-9437",
"url": "https://bugzilla.suse.com/1011286"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9437",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9437"
},
{
"cve": "CVE-2016-9438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9438"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9438",
"url": "https://www.suse.com/security/cve/CVE-2016-9438"
},
{
"category": "external",
"summary": "SUSE Bug 1011287 for CVE-2016-9438",
"url": "https://bugzilla.suse.com/1011287"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9438",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9438"
},
{
"cve": "CVE-2016-9439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9439"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9439",
"url": "https://www.suse.com/security/cve/CVE-2016-9439"
},
{
"category": "external",
"summary": "SUSE Bug 1011288 for CVE-2016-9439",
"url": "https://bugzilla.suse.com/1011288"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9439",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9439"
},
{
"cve": "CVE-2016-9440",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9440"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9440",
"url": "https://www.suse.com/security/cve/CVE-2016-9440"
},
{
"category": "external",
"summary": "SUSE Bug 1011289 for CVE-2016-9440",
"url": "https://bugzilla.suse.com/1011289"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9440",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9440"
},
{
"cve": "CVE-2016-9441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9441"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9441",
"url": "https://www.suse.com/security/cve/CVE-2016-9441"
},
{
"category": "external",
"summary": "SUSE Bug 1011290 for CVE-2016-9441",
"url": "https://bugzilla.suse.com/1011290"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9441",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9441"
},
{
"cve": "CVE-2016-9442",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9442"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9442",
"url": "https://www.suse.com/security/cve/CVE-2016-9442"
},
{
"category": "external",
"summary": "SUSE Bug 1011291 for CVE-2016-9442",
"url": "https://bugzilla.suse.com/1011291"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9442",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9442"
},
{
"cve": "CVE-2016-9443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9443"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9443",
"url": "https://www.suse.com/security/cve/CVE-2016-9443"
},
{
"category": "external",
"summary": "SUSE Bug 1011292 for CVE-2016-9443",
"url": "https://bugzilla.suse.com/1011292"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9443",
"url": "https://bugzilla.suse.com/1011293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9443"
},
{
"cve": "CVE-2016-9621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9621"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9429. Reason: This candidate is a reservation duplicate of CVE-2016-9429. Notes: All CVE users should reference CVE-2016-9429 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9621",
"url": "https://www.suse.com/security/cve/CVE-2016-9621"
},
{
"category": "external",
"summary": "SUSE Bug 1011278 for CVE-2016-9621",
"url": "https://bugzilla.suse.com/1011278"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9621",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012020 for CVE-2016-9621",
"url": "https://bugzilla.suse.com/1012020"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9621"
},
{
"cve": "CVE-2016-9622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9622"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9622",
"url": "https://www.suse.com/security/cve/CVE-2016-9622"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9622",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012021 for CVE-2016-9622",
"url": "https://bugzilla.suse.com/1012021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9622"
},
{
"cve": "CVE-2016-9623",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9623"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9623",
"url": "https://www.suse.com/security/cve/CVE-2016-9623"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9623",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012022 for CVE-2016-9623",
"url": "https://bugzilla.suse.com/1012022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9623"
},
{
"cve": "CVE-2016-9624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9624"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9624",
"url": "https://www.suse.com/security/cve/CVE-2016-9624"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9624",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012023 for CVE-2016-9624",
"url": "https://bugzilla.suse.com/1012023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9624"
},
{
"cve": "CVE-2016-9625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9625"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9625",
"url": "https://www.suse.com/security/cve/CVE-2016-9625"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9625",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012024 for CVE-2016-9625",
"url": "https://bugzilla.suse.com/1012024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9625"
},
{
"cve": "CVE-2016-9626",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9626"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9626",
"url": "https://www.suse.com/security/cve/CVE-2016-9626"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9626",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012025 for CVE-2016-9626",
"url": "https://bugzilla.suse.com/1012025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9626"
},
{
"cve": "CVE-2016-9627",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9627"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9627",
"url": "https://www.suse.com/security/cve/CVE-2016-9627"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9627",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012026 for CVE-2016-9627",
"url": "https://bugzilla.suse.com/1012026"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9627"
},
{
"cve": "CVE-2016-9628",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9628"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9628",
"url": "https://www.suse.com/security/cve/CVE-2016-9628"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9628",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012027 for CVE-2016-9628",
"url": "https://bugzilla.suse.com/1012027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9628"
},
{
"cve": "CVE-2016-9629",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9629"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9629",
"url": "https://www.suse.com/security/cve/CVE-2016-9629"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9629",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012028 for CVE-2016-9629",
"url": "https://bugzilla.suse.com/1012028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9629"
},
{
"cve": "CVE-2016-9630",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9630"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9630",
"url": "https://www.suse.com/security/cve/CVE-2016-9630"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9630",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012029 for CVE-2016-9630",
"url": "https://bugzilla.suse.com/1012029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9630"
},
{
"cve": "CVE-2016-9631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9631"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9631",
"url": "https://www.suse.com/security/cve/CVE-2016-9631"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9631",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012030 for CVE-2016-9631",
"url": "https://bugzilla.suse.com/1012030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9631"
},
{
"cve": "CVE-2016-9632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9632"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9632",
"url": "https://www.suse.com/security/cve/CVE-2016-9632"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9632",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012031 for CVE-2016-9632",
"url": "https://bugzilla.suse.com/1012031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9632"
},
{
"cve": "CVE-2016-9633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9633"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9633",
"url": "https://www.suse.com/security/cve/CVE-2016-9633"
},
{
"category": "external",
"summary": "SUSE Bug 1011293 for CVE-2016-9633",
"url": "https://bugzilla.suse.com/1011293"
},
{
"category": "external",
"summary": "SUSE Bug 1012032 for CVE-2016-9633",
"url": "https://bugzilla.suse.com/1012032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-07T15:45:29Z",
"details": "moderate"
}
],
"title": "CVE-2016-9633"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…