CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2008-7224 – elinks: entity_cache static array buffer overflow (off-by-one)
https://notcve.org/view.php?id=CVE-2008-7224
14 Sep 2009 — Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link. Desbordamiento de búfer en entity_cache de ELinks anterior a v0.11.4rc0, permite a atacantes remotos provocar una denegación de servicio (caída) a través de un enlace manipulado. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380347 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2007-5034 – elinks reveals POST data to HTTPS proxy
https://notcve.org/view.php?id=CVE-2007-5034
21 Sep 2007 — ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https. ELinks anterior a la versión 0.11.3, cuando envía una petición POST para un URL https, añade el cuerpo y cabeceras de contenido de la petición POST a la petición CONNECT en texto plano, lo que ... • http://bugzilla.elinks.cz/show_bug.cgi?id=937 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-2027 – ELinks Relative 0.10.6/011.1 - Path Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2007-2027
13 Apr 2007 — Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks. Una vulnerabilidad de ruta (path) de búsqueda no confiable en la función add_filename_to_string en el archivo intl/gettext/loadmsgcat.c para Elinks versión 0.11.1, permite a usuarios locales causar que Elinks use un cat... • https://www.exploit-db.com/exploits/29954 • CWE-134: Use of Externally-Controlled Format String •