University Of Kansas
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1405 | 0.03 | — | 0.05 | Feb 19, 2003 | CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters. | |||
| CVE-2005-2929 | 0.00 | — | 0.05 | Nov 18, 2005 | Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments. | |||
| CVE-2004-1617 | 0.00 | — | 0.04 | Oct 18, 2004 | Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not… | |||
| CVE-2000-0209 | 0.00 | — | 0.02 | Feb 27, 2000 | Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. | |||
| CVE-1999-0817 | 0.00 | — | 0.03 | Sep 15, 1999 | Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. | |||
| CVE-1999-0371 | 0.00 | — | 0.00 | Feb 11, 1999 | Lynx allows a local user to overwrite sensitive files through /tmp symlinks. |
- CVE-2002-1405Feb 19, 2003risk 0.03cvss —epss 0.05
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
- CVE-2005-2929Nov 18, 2005risk 0.00cvss —epss 0.05
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
- CVE-2004-1617Oct 18, 2004risk 0.00cvss —epss 0.04
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not…
- CVE-2000-0209Feb 27, 2000risk 0.00cvss —epss 0.02
Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page.
- CVE-1999-0817Sep 15, 1999risk 0.00cvss —epss 0.03
Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.
- CVE-1999-0371Feb 11, 1999risk 0.00cvss —epss 0.00
Lynx allows a local user to overwrite sensitive files through /tmp symlinks.