CVSS: 5.3EPSS: 3%CPEs: 6EXPL: 0CVE-2021-38165 – lynx: Disclosure of HTTP authentication credentials via SNI data
https://notcve.org/view.php?id=CVE-2021-38165
07 Aug 2021 — Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. HTParse en Lynx versiones hasta 2.8.9, maneja inapropiadamente el subcomponente userinfo de un URI, que permite a atacantes remotos descubrir credenciales en texto sin cifrar porque pueden aparecer en los datos SNI o en los encabezados HTTP A flaw was found in the way lynx parsed URLs with userinfo part containing authentication credentials. T... • http://www.openwall.com/lists/oss-security/2021/08/07/11 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2014-5002
https://notcve.org/view.php?id=CVE-2014-5002
10 Jan 2018 — The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes. El GEM de lynx versión anterior a 1.0.0 para Ruby fija la contraseña configurada en las líneas de comando, lo que permite a los usuarios locales obtener información confidencial mediante procesos de listado. • http://www.openwall.com/lists/oss-security/2014/07/07/23 • CWE-255: Credentials Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000211
https://notcve.org/view.php?id=CVE-2017-1000211
17 Nov 2017 — Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself. Lynx en versiones anteriores a la 2.8.9dev.16 es vulnerable a un uso de memoria previamente liberada en el analizador HTML, lo que resulta en una fuga de información, ya que HTML_put_string() puede acoplarse un fragmento de información (chunk). • http://lynx.invisible-island.net/current/CHANGES.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-1999-1549
https://notcve.org/view.php?id=CVE-1999-1549
16 Nov 1999 — Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands. • http://marc.info/?l=bugtraq&m=94286509804526&w=2 • CWE-346: Origin Validation Error •