Vulnerabilities > Lynx
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-22 | CVE-2016-9179 | Improper Input Validation vulnerability in Lynx lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. | 5.0 |
| 2012-11-04 | CVE-2012-5821 | Improper Certificate Validation vulnerability in multiple products Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function. | 5.9 |
| 2010-08-20 | CVE-2010-2810 | Buffer Errors vulnerability in Lynx 2.8.8 Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name. | 6.8 |
| 2008-10-27 | CVE-2006-7234 | Local Code Execution vulnerability in Lynx '.mailcap' and '.mime.type' Files Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory. | 4.6 |
| 2008-10-22 | CVE-2008-4690 | Unspecified vulnerability in Lynx lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. | 10.0 |