CVSS: 5.3EPSS: 3%CPEs: 6EXPL: 0CVE-2021-38165 – lynx: Disclosure of HTTP authentication credentials via SNI data
https://notcve.org/view.php?id=CVE-2021-38165
07 Aug 2021 — Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. HTParse en Lynx versiones hasta 2.8.9, maneja inapropiadamente el subcomponente userinfo de un URI, que permite a atacantes remotos descubrir credenciales en texto sin cifrar porque pueden aparecer en los datos SNI o en los encabezados HTTP A flaw was found in the way lynx parsed URLs with userinfo part containing authentication credentials. T... • http://www.openwall.com/lists/oss-security/2021/08/07/11 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2010-2810
https://notcve.org/view.php?id=CVE-2010-2810
20 Aug 2010 — Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name. Desbordamiento de búfer basado en la memoria dinámica en la función convert_to_idna en WWW/Library/Implementation/HTParse.c en Lynx v2.8.8dev.1 hasta v2.8.8dev.4 permite a atacantes remotos pr... • http://marc.info/?l=oss-security&m=128151768510564&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •