Vulnerabilities > Lynx

DATE CVE VULNERABILITY TITLE RISK
2016-12-22 CVE-2016-9179 Improper Input Validation vulnerability in Lynx
lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.
network
low complexity
lynx CWE-20
5.0
2012-11-04 CVE-2012-5821 Improper Certificate Validation vulnerability in multiple products
Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.
network
high complexity
lynx canonical CWE-295
5.9
2010-08-20 CVE-2010-2810 Buffer Errors vulnerability in Lynx 2.8.8
Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name.
network
lynx CWE-119
6.8
2008-10-27 CVE-2006-7234 Local Code Execution vulnerability in Lynx '.mailcap' and '.mime.type' Files
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
local
low complexity
lynx
4.6
2008-10-22 CVE-2008-4690 Unspecified vulnerability in Lynx
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929.
network
low complexity
lynx
critical
10.0