CVE-2016-9179
- EPSS 0.28%
- Veröffentlicht 22.12.2016 21:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.
CVE-2012-5821
- EPSS 0.24%
- Veröffentlicht 04.11.2012 22:55:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.
CVE-2010-2810
- EPSS 2.38%
- Veröffentlicht 20.08.2010 18:00:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a...
CVE-2006-7234
- EPSS 0.14%
- Veröffentlicht 27.10.2008 17:21:27
- Zuletzt bearbeitet 09.04.2025 00:30:58
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
- EPSS 17.54%
- Veröffentlicht 22.10.2008 18:00:01
- Zuletzt bearbeitet 09.04.2025 00:30:58
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulne...
- EPSS 1.27%
- Veröffentlicht 01.01.1999 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter.