Lynx
Products
1- 15 CVEs
Recent CVEs
15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-3120 | Cri | 0.69 | 9.8 | 0.23 | Oct 17, 2005 | Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. | ||
| CVE-1999-1549 | Hig | 0.51 | 7.8 | 0.01 | Nov 16, 1999 | Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands. | ||
| CVE-2016-9179 | Hig | 0.49 | 7.5 | 0.02 | Dec 22, 2016 | lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. | ||
| CVE-2012-5821 | Med | 0.38 | 5.9 | 0.01 | Nov 4, 2012 | Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function. | ||
| CVE-2017-1000211 | Med | 0.35 | 5.3 | 0.02 | Nov 17, 2017 | Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself. | ||
| CVE-2006-7234 | 0.03 | — | 0.01 | Oct 27, 2008 | Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory. | |||
| CVE-2002-1405 | 0.03 | — | 0.05 | Feb 19, 2003 | CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters. | |||
| CVE-2021-38165 | 0.00 | — | 0.04 | Aug 7, 2021 | Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. | |||
| CVE-2010-2810 | 0.00 | — | 0.04 | Aug 20, 2010 | Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a %… | |||
| CVE-2008-4690 | 0.00 | — | 0.05 | Oct 22, 2008 | lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited… | |||
| CVE-2005-2929 | 0.00 | — | 0.05 | Nov 18, 2005 | Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments. | |||
| CVE-2004-1617 | 0.00 | — | 0.04 | Oct 18, 2004 | Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not… | |||
| CVE-1999-0817 | 0.00 | — | 0.03 | Sep 15, 1999 | Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. | |||
| CVE-1999-0371 | 0.00 | — | 0.00 | Feb 11, 1999 | Lynx allows a local user to overwrite sensitive files through /tmp symlinks. | |||
| CVE-1999-0465 | 0.00 | — | 0.03 | Jan 1, 1999 | Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter. |
- risk 0.69cvss 9.8epss 0.23
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
- risk 0.51cvss 7.8epss 0.01
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands.
- risk 0.49cvss 7.5epss 0.02
lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.
- risk 0.38cvss 5.9epss 0.01
Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.
- risk 0.35cvss 5.3epss 0.02
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.
- CVE-2006-7234Oct 27, 2008risk 0.03cvss —epss 0.01
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
- CVE-2002-1405Feb 19, 2003risk 0.03cvss —epss 0.05
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
- CVE-2021-38165Aug 7, 2021risk 0.00cvss —epss 0.04
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
- CVE-2010-2810Aug 20, 2010risk 0.00cvss —epss 0.04
Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a %…
- CVE-2008-4690Oct 22, 2008risk 0.00cvss —epss 0.05
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited…
- CVE-2005-2929Nov 18, 2005risk 0.00cvss —epss 0.05
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
- CVE-2004-1617Oct 18, 2004risk 0.00cvss —epss 0.04
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not…
- CVE-1999-0817Sep 15, 1999risk 0.00cvss —epss 0.03
Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.
- CVE-1999-0371Feb 11, 1999risk 0.00cvss —epss 0.00
Lynx allows a local user to overwrite sensitive files through /tmp symlinks.
- CVE-1999-0465Jan 1, 1999risk 0.00cvss —epss 0.03
Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter.