rpm package
opensuse/lynx&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/lynx&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-9179 | Hig | 7.5 | < 2.9.0~dev.9-1.2 | 2.9.0~dev.9-1.2 | Dec 22, 2016 | lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. | |
| CVE-2012-4929 | — | < 2.8.8rel.2-4.13 | 2.8.8rel.2-4.13 | Sep 15, 2012 | The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing | ||
| CVE-2006-7234 | — | < 2.9.0~dev.9-1.2 | 2.9.0~dev.9-1.2 | Oct 27, 2008 | Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory. | ||
| CVE-2008-4690 | — | < 2.8.8rel.2-4.13 | 2.8.8rel.2-4.13 | Oct 22, 2008 | lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployment |
- affected < 2.9.0~dev.9-1.2fixed 2.9.0~dev.9-1.2
lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.
- CVE-2012-4929Sep 15, 2012affected < 2.8.8rel.2-4.13fixed 2.8.8rel.2-4.13
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing
- CVE-2006-7234Oct 27, 2008affected < 2.9.0~dev.9-1.2fixed 2.9.0~dev.9-1.2
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
- CVE-2008-4690Oct 22, 2008affected < 2.8.8rel.2-4.13fixed 2.8.8rel.2-4.13
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployment