6 results (0.011 seconds)

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2021-38165 – lynx: Disclosure of HTTP authentication credentials via SNI data

https://notcve.org/view.php?id=CVE-2021-38165

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. HTParse en Lynx versiones hasta 2.8.9, maneja inapropiadamente el subcomponente userinfo de un URI, que permite a atacantes remotos descubrir credenciales en texto sin cifrar porque pueden aparecer en los datos SNI o en los encabezados HTTP A flaw was found in the way lynx parsed URLs with userinfo part containing authentication credentials. These credentials were included in the Server Name Indication (SNI) TLS extension data and sent unencrypted during the TLS connection handshake. This could lead to exposure of authentication credentials to attackers able to eavesdrop on network connection between the lynx browser and the server. • http://www.openwall.com/lists/oss-security/2021/08/07/11 http://www.openwall.com/lists/oss-security/2021/08/07/12 http://www.openwall.com/lists/oss-security/2021/08/07/9 https://bugs.debian.org/991971 https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118 https://lists.debian.org/debian-lts-announce/2021/08/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7YMUHFJJWTZ6HBHTYXVDPNZINGGURHDW • CWE-522: Insufficiently Protected Credentials •

CVSS: 4.6EPSS: 0%CPEs: 179EXPL: 1

CVE-2006-7234 – Lynx 2.8 - '.mailcap'/'.mime.type' Local Code Execution

https://notcve.org/view.php?id=CVE-2006-7234

Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory. Vulnerabilidad de ruta de búsqueda no confiable en Lynx anterior a 2.8.6rel.4; permite a usuarios locales ejecutar código de su elección a través de los ficheros maliciosos (1) .mailcap y (2) mime.types en el directorio de trabajo actual. • https://www.exploit-db.com/exploits/32530 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396949 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://secunia.com/advisories/32407 http://secunia.com/advisories/32416 http://secunia.com/advisories/33568 http://www.mandriva.com/security/advisories?name=MDVSA-2008:217 http://www.openwall.com/lists/oss-security/2008/10/25/3 http://www.redhat.com/support/errata/RHSA-2008-0965.html http://www.sec •

CVSS: 10.0EPSS: 1%CPEs: 176EXPL: 0

CVE-2008-4690 – lynx: remote arbitrary command execution via a crafted lynxcgi: URL

https://notcve.org/view.php?id=CVE-2008-4690

lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler. lynx v2.8.6dev.15 y anteriores, cuando está activado el modo avanzado y lynx está configurado como manejador de URL, permite a atacantes remotos ejecutar comandos de su elección a través de un lynxcgi: URL manipulado. Cuestión relacionada con el CVE-2005-2929. NOTA: se trata de una vulnerabilidad únicamente en algunos desarrollos que tienen definido un lynxcgi: handler. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://secunia.com/advisories/32416 http://secunia.com/advisories/32967 http://secunia.com/advisories/33568 http://www.mandriva.com/security/advisories?name=MDVSA-2008:217 http://www.mandriva.com/security/advisories?name=MDVSA-2008:218 http://www.openwall.com/lists/oss-security/2008/10/09/2 http://www.redhat.com/support/errata/RHSA-2008-0965.html http://www.securitytracker.com/id?1021105 https://exchang • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 4%CPEs: 3EXPL: 1

CVE-2005-3120 – Lynx 2.8.6dev.13 - Remote Buffer Overflow (PoC)

https://notcve.org/view.php?id=CVE-2005-3120

Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. • https://www.exploit-db.com/exploits/1256 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://secunia.com/advisories/17150 http://secunia.com/advisories/17216 http://secunia.com/advisories/17230 http://secunia.com/advisories/1723 • CWE-131: Incorrect Calculation of Buffer Size •

CVSS: 5.0EPSS: 2%CPEs: 16EXPL: 1

CVE-2004-1617

https://notcve.org/view.php?id=CVE-2004-1617

Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value. • http://lcamtuf.coredump.cx/mangleme/gallery http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html http://marc.info/?l=bugtraq&m=109811406620511&w=2 http://secunia.com/advisories/20383 http://securitytracker.com/id?1011809 http://www.debian.org/security/2006/dsa-1076 http://www.debian.org/security/2006/dsa-1077 http://www.debian.org/security/2006/dsa-1085 http://www.securityfocus.com/archive/1/435689/30/4740/threaded http://www.securityfocus.com/ • CWE-20: Improper Input Validation •