VYPR

rpm package

opensuse/lynx&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/lynx&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2016-9179HigDec 22, 2016
    affected < 2.9.0~dev.9-1.2fixed 2.9.0~dev.9-1.2

    lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.

  • CVE-2012-4929Sep 15, 2012
    affected < 2.8.8rel.2-4.13fixed 2.8.8rel.2-4.13

    The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing

  • CVE-2006-7234Oct 27, 2008
    affected < 2.9.0~dev.9-1.2fixed 2.9.0~dev.9-1.2

    Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.

  • CVE-2008-4690Oct 22, 2008
    affected < 2.8.8rel.2-4.13fixed 2.8.8rel.2-4.13

    lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployment