Search criteria
4 vulnerabilities by lynx_project
CVE-2021-38165 (GCVE-0-2021-38165)
Vulnerability from cvelistv5 – Published: 2021-08-07 17:33 – Updated: 2024-08-04 01:37
VLAI
Summary
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://bugs.debian.org/991971 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2021/… | x_refsource_MISC |
| https://lynx.invisible-island.net/current/CHANGES.html | x_refsource_MISC |
| https://github.com/w3c/libwww/blob/f010b4cc58d32f… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2021/08/07/9 | mailing-listx_refsource_MLIST |
| https://www.openwall.com/lists/oss-security/2021/… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2021/0… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/0… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2021/dsa-4953 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/991971"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/08/07/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lynx.invisible-island.net/current/CHANGES.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118"
},
{
"name": "[oss-security] 20210807 Re: Bug#991971: [Lynx-dev] bug in Lynx\u0027 SSL certificate validation -\u003e leaks password in clear text via SNI (under some circumstances)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/07/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/08/07/11"
},
{
"name": "[oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx\u0027 SSL certificate validation -\u003e leaks password in clear text via SNI (under some circumstances)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/07/12"
},
{
"name": "[oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx\u0027 SSL certificate validation -\u003e leaks password in clear text via SNI (under some circumstances)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/07/11"
},
{
"name": "[debian-lts-announce] 20210809 [SECURITY] [DLA 2736-1] lynx security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00010.html"
},
{
"name": "DSA-4953",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4953"
},
{
"name": "FEDORA-2021-f59bda7d94",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKNK7GQBJBUBMJVNKVC7RTCYWUYMFJQW/"
},
{
"name": "FEDORA-2021-232161e4d5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K6PZF7JNTFCOJ62HXZG4Q2NEHSZ6IO2V/"
},
{
"name": "FEDORA-2021-57287bd052",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7YMUHFJJWTZ6HBHTYXVDPNZINGGURHDW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-24T22:06:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/991971"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/08/07/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lynx.invisible-island.net/current/CHANGES.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118"
},
{
"name": "[oss-security] 20210807 Re: Bug#991971: [Lynx-dev] bug in Lynx\u0027 SSL certificate validation -\u003e leaks password in clear text via SNI (under some circumstances)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/07/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/08/07/11"
},
{
"name": "[oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx\u0027 SSL certificate validation -\u003e leaks password in clear text via SNI (under some circumstances)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/07/12"
},
{
"name": "[oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx\u0027 SSL certificate validation -\u003e leaks password in clear text via SNI (under some circumstances)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/07/11"
},
{
"name": "[debian-lts-announce] 20210809 [SECURITY] [DLA 2736-1] lynx security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00010.html"
},
{
"name": "DSA-4953",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4953"
},
{
"name": "FEDORA-2021-f59bda7d94",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKNK7GQBJBUBMJVNKVC7RTCYWUYMFJQW/"
},
{
"name": "FEDORA-2021-232161e4d5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K6PZF7JNTFCOJ62HXZG4Q2NEHSZ6IO2V/"
},
{
"name": "FEDORA-2021-57287bd052",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7YMUHFJJWTZ6HBHTYXVDPNZINGGURHDW/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/991971",
"refsource": "MISC",
"url": "https://bugs.debian.org/991971"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/08/07/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/08/07/1"
},
{
"name": "https://lynx.invisible-island.net/current/CHANGES.html",
"refsource": "MISC",
"url": "https://lynx.invisible-island.net/current/CHANGES.html"
},
{
"name": "https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118",
"refsource": "MISC",
"url": "https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118"
},
{
"name": "[oss-security] 20210807 Re: Bug#991971: [Lynx-dev] bug in Lynx\u0027 SSL certificate validation -\u003e leaks password in clear text via SNI (under some circumstances)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/08/07/9"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/08/07/11",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/08/07/11"
},
{
"name": "[oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx\u0027 SSL certificate validation -\u003e leaks password in clear text via SNI (under some circumstances)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/08/07/12"
},
{
"name": "[oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx\u0027 SSL certificate validation -\u003e leaks password in clear text via SNI (under some circumstances)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/08/07/11"
},
{
"name": "[debian-lts-announce] 20210809 [SECURITY] [DLA 2736-1] lynx security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00010.html"
},
{
"name": "DSA-4953",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4953"
},
{
"name": "FEDORA-2021-f59bda7d94",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKNK7GQBJBUBMJVNKVC7RTCYWUYMFJQW/"
},
{
"name": "FEDORA-2021-232161e4d5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K6PZF7JNTFCOJ62HXZG4Q2NEHSZ6IO2V/"
},
{
"name": "FEDORA-2021-57287bd052",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7YMUHFJJWTZ6HBHTYXVDPNZINGGURHDW/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38165",
"datePublished": "2021-08-07T17:33:54.000Z",
"dateReserved": "2021-08-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:37:16.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5002 (GCVE-0-2014-5002)
Vulnerability from cvelistv5 – Published: 2018-01-10 18:00 – Updated: 2024-08-06 11:34
VLAI
Summary
The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2014/0… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2014/07/17/5 | mailing-listx_refsource_MLIST |
| https://github.com/panthomakos/lynx/issues/3 | x_refsource_MISC |
| http://www.vapid.dhs.org/advisories/lynx-0.2.0.html | x_refsource_MISC |
Date Public
2014-06-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem lynx-0.2.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/23"
},
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/panthomakos/lynx/issues/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapid.dhs.org/advisories/lynx-0.2.0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem lynx-0.2.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/23"
},
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/panthomakos/lynx/issues/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapid.dhs.org/advisories/lynx-0.2.0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem lynx-0.2.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/23"
},
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "https://github.com/panthomakos/lynx/issues/3",
"refsource": "MISC",
"url": "https://github.com/panthomakos/lynx/issues/3"
},
{
"name": "http://www.vapid.dhs.org/advisories/lynx-0.2.0.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/lynx-0.2.0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5002",
"datePublished": "2018-01-10T18:00:00.000Z",
"dateReserved": "2014-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000211 (GCVE-0-2017-1000211)
Vulnerability from cvelistv5 – Published: 2017-11-17 15:00 – Updated: 2024-08-05 21:53
VLAI
Summary
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://lynx.invisible-island.net/current/CHANGES.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/102180 | vdb-entryx_refsource_BID |
| https://github.com/ThomasDickey/lynx-snapshots/co… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2017… | mailing-listx_refsource_MLIST |
Date Public
2017-07-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lynx.invisible-island.net/current/CHANGES.html"
},
{
"name": "102180",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102180"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1175-1] lynx-cur security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00.000Z",
"datePublic": "2017-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lynx.invisible-island.net/current/CHANGES.html"
},
{
"name": "102180",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102180"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1175-1] lynx-cur security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.440734",
"ID": "CVE-2017-1000211",
"REQUESTER": "ned@forallsecure.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lynx.invisible-island.net/current/CHANGES.html",
"refsource": "CONFIRM",
"url": "http://lynx.invisible-island.net/current/CHANGES.html"
},
{
"name": "102180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102180"
},
{
"name": "https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9",
"refsource": "MISC",
"url": "https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1175-1] lynx-cur security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000211",
"datePublished": "2017-11-17T15:00:00.000Z",
"dateReserved": "2017-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:53:07.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1549 (GCVE-0-1999-1549)
Vulnerability from cvelistv5 – Published: 2001-09-12 04:00 – Updated: 2024-08-01 17:18
VLAI
Summary
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/804 | vdb-entryx_refsource_BID |
| http://marc.info/?l=bugtraq&m=94286509804526&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
1999-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:18:07.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "804",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/804"
},
{
"name": "19991116 lynx 2.8.x - \u0027special URLs\u0027 anti-spoofing protection is weak",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=94286509804526\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a \"secure\" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user\u0027s configuration file and execute commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "804",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/804"
},
{
"name": "19991116 lynx 2.8.x - \u0027special URLs\u0027 anti-spoofing protection is weak",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=94286509804526\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a \"secure\" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user\u0027s configuration file and execute commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/804"
},
{
"name": "19991116 lynx 2.8.x - \u0027special URLs\u0027 anti-spoofing protection is weak",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=94286509804526\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1549",
"datePublished": "2001-09-12T04:00:00.000Z",
"dateReserved": "2001-08-31T00:00:00.000Z",
"dateUpdated": "2024-08-01T17:18:07.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}