VYPR

Lynx

by University Of Kansas

CVEs (6)

  • CVE-2002-1405Feb 19, 2003
    risk 0.03cvss epss 0.05

    CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.

  • CVE-2005-2929Nov 18, 2005
    risk 0.00cvss epss 0.05

    Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.

  • CVE-2004-1617Oct 18, 2004
    risk 0.00cvss epss 0.04

    Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not…

  • CVE-2000-0209Feb 27, 2000
    risk 0.00cvss epss 0.02

    Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page.

  • CVE-1999-0817Sep 15, 1999
    risk 0.00cvss epss 0.03

    Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.

  • CVE-1999-0371Feb 11, 1999
    risk 0.00cvss epss 0.00

    Lynx allows a local user to overwrite sensitive files through /tmp symlinks.