Lynx Security Vulnerabilities and Issues — Lynx CVE List

Lucene search

University Of KansasLynx

6 matches found

CVE•added 2000/01/04 5:0 a.m.•143 views

CVE-1999-0817

Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.

10CVSS6.6AI score0.01271EPSS

CVE•added 2004/09/01 4:0 a.m.•53 views

CVE-2002-1405

CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.

5CVSS6.7AI score0.14084EPSS

CVE•added 2005/02/20 5:0 a.m.•52 views

CVE-2004-1617

Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstra...

5CVSS8.9AI score0.03666EPSS

CVE•added 2005/11/18 11:0 a.m.•50 views

CVE-2005-2929

Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.

7.5CVSS7.2AI score0.06003EPSS

CVE•added 1999/09/29 4:0 a.m.•40 views

CVE-1999-0371

Lynx allows a local user to overwrite sensitive files through /tmp symlinks.

1.2CVSS6.6AI score0.00077EPSS

CVE•added 2000/04/10 4:0 a.m.•38 views

CVE-2000-0209

Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page.

7.6CVSS7.8AI score0.03072EPSS