Filtered by vendor University Of Kansas
Subscribe
Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0817 | 1 University Of Kansas | 1 Lynx | 2022-08-17 | 10.0 HIGH | N/A |
Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. | |||||
CVE-1999-0371 | 1 University Of Kansas | 1 Lynx | 2022-08-17 | 1.2 LOW | N/A |
Lynx allows a local user to overwrite sensitive files through /tmp symlinks. | |||||
CVE-2005-2929 | 1 University Of Kansas | 1 Lynx | 2018-10-19 | 7.5 HIGH | N/A |
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments. | |||||
CVE-2005-3120 | 1 University Of Kansas | 1 Lynx | 2018-10-19 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. | |||||
CVE-2004-1617 | 1 University Of Kansas | 1 Lynx | 2018-10-19 | 5.0 MEDIUM | N/A |
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value. | |||||
CVE-2002-1405 | 3 Elinks, Links, University Of Kansas | 3 Elinks, Links, Lynx | 2016-10-17 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters. | |||||
CVE-1999-1549 | 1 University Of Kansas | 1 Lynx | 2016-10-17 | 5.0 MEDIUM | N/A |
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands. | |||||
CVE-2000-0209 | 1 University Of Kansas | 1 Lynx | 2008-09-10 | 7.6 HIGH | N/A |
Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. |