Lynx : Security Vulnerabilities, CVEs, CVSS score >= 5
lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.
Max CVSS
7.5
EPSS Score
0.09%
Published
2016-12-22
Updated
2016-12-23
Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.
Max CVSS
5.9
EPSS Score
0.23%
Published
2012-11-04
Updated
2024-02-09
Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name.
Max CVSS
6.8
EPSS Score
5.32%
Published
2010-08-20
Updated
2017-08-17
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.
Max CVSS
10.0
EPSS Score
1.54%
Published
2008-10-22
Updated
2017-09-29
4 vulnerabilities found