Lynx allows a local user to overwrite sensitive files through /tmp symlinks.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| university_of_kansas | lynx | * |
Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| university_of_kansas | lynx | * |
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-346,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| university_of_kansas | lynx | 2.8 |
| university_of_kansas | lynx | 2.7 |
Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| university_of_kansas | lynx | 2.8 |
| university_of_kansas | lynx | 2.7 |
| university_of_kansas | lynx | 2.8.3_dev22 |
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| links | links | 0.96 |
| university_of_kansas | lynx | 2.8.4_rel1 |
| university_of_kansas | lynx | 2.8.3_rel1 |
| elinks | elinks | 0.2.4 |
| university_of_kansas | lynx | 2.8.5_dev8 |
| university_of_kansas | lynx | 2.8.3 |
| university_of_kansas | lynx | 2.8.2_rel1 |
| university_of_kansas | lynx | 2.8.4 |
| elinks | elinks | 0.3.2 |
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| university_of_kansas | lynx | 2.8 |
| university_of_kansas | lynx | 2.8.3_rel1 |
| university_of_kansas | lynx | 2.8.5 |
| university_of_kansas | lynx | 2.8.5_dev8 |
| university_of_kansas | lynx | 2.8.5_dev4 |
| university_of_kansas | lynx | 2.8.2_rel1 |
| university_of_kansas | lynx | 2.8.4 |
| university_of_kansas | lynx | 2.8.1 |
| university_of_kansas | lynx | 2.8.3_pre5 |
| university_of_kansas | lynx | 2.8.5_dev5 |
| university_of_kansas | lynx | 2.8.4_rel1 |
| university_of_kansas | lynx | 2.8.5_dev3 |
| university_of_kansas | lynx | 2.8.3 |
| university_of_kansas | lynx | 2.7 |
| university_of_kansas | lynx | 2.8.3_dev22 |
| university_of_kansas | lynx | 2.8.5_dev2 |
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| university_of_kansas | lynx | 2.8.6 |
| university_of_kansas | lynx | 2.8.5 |
| university_of_kansas | lynx | 2.8.6_dev13 |