cvelistv5 - cve-2016-9179

CVE-2016-9179 (GCVE-0-2016-9179)

Vulnerability from cvelistv5

Published

2016-12-22 21:00

Modified

2024-08-06 02:42

Severity ?

CWE

Summary

lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

msrc_cve-2016-9179

Vulnerability from csaf_microsoft

Published

2016-12-02 00:00

Modified

2025-09-03 19:35

Summary

It was found that Lynx doesn't parse the authority component of the URL correctly

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2016-9179 It was found that Lynx doesn\u0027t parse the authority component of the URL correctly - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2016/msrc_cve-2016-9179.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "It was found that Lynx doesn\u0027t parse the authority component of the URL correctly",
    "tracking": {
      "current_release_date": "2025-09-03T19:35:59.000Z",
      "generator": {
        "date": "2025-10-19T17:06:43.090Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2016-9179",
      "initial_release_date": "2016-12-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-09-03T19:35:59.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 lynx 2.9.0~dev.9-5",
                "product": {
                  "name": "\u003ccbl2 lynx 2.9.0~dev.9-5",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 lynx 2.9.0~dev.9-5",
                "product": {
                  "name": "cbl2 lynx 2.9.0~dev.9-5",
                  "product_id": "16881"
                }
              }
            ],
            "category": "product_name",
            "name": "lynx"
          },
          {
            "category": "product_name",
            "name": "azl3 lynx 2.9.0-1",
            "product": {
              "name": "azl3 lynx 2.9.0-1",
              "product_id": "1"
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 lynx 2.9.0-1 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 lynx 2.9.0~dev.9-5 as a component of CBL Mariner 2.0",
          "product_id": "17086-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 lynx 2.9.0~dev.9-5 as a component of CBL Mariner 2.0",
          "product_id": "16881-17086"
        },
        "product_reference": "16881",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-9179",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "17084-1"
          ]
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "16881-17086"
        ],
        "known_affected": [
          "17086-2"
        ],
        "known_not_affected": [
          "17084-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2016-9179 It was found that Lynx doesn\u0027t parse the authority component of the URL correctly - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2016/msrc_cve-2016-9179.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-09-03T19:35:59.000Z",
          "details": "2.9.0~dev.9-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "17086-2"
          ]
        }
      ],
      "title": "It was found that Lynx doesn\u0027t parse the authority component of the URL correctly"
    }
  ]
}

suse-su-2017:0599-1

Vulnerability from csaf_suse

Published

2017-03-03 16:47

Modified

2017-03-03 16:47

Summary

Security update for lynx

Notes

Title of the patch

Security update for lynx

Description of the patch

This update for lynx fixes the following issues: - CVE-2016-9179: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. (bsc#1008642)

Patchnames

sdksp4-lynx-13003

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for lynx",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for lynx fixes the following issues:\n\n- CVE-2016-9179: It was found that Lynx doesn\u0027t parse the authority\n  component of the URL correctly when the host name part ends with \u0027?\u0027,\n  and could instead be tricked into connecting to a different host.\n  (bsc#1008642)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sdksp4-lynx-13003",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_0599-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:0599-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170599-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:0599-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-March/002675.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1008642",
        "url": "https://bugzilla.suse.com/1008642"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9179 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9179/"
      }
    ],
    "title": "Security update for lynx",
    "tracking": {
      "current_release_date": "2017-03-03T16:47:37Z",
      "generator": {
        "date": "2017-03-03T16:47:37Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:0599-1",
      "initial_release_date": "2017-03-03T16:47:37Z",
      "revision_history": [
        {
          "date": "2017-03-03T16:47:37Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "lynx-2.8.6-145.1.i586",
                "product": {
                  "name": "lynx-2.8.6-145.1.i586",
                  "product_id": "lynx-2.8.6-145.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "lynx-2.8.6-145.1.ia64",
                "product": {
                  "name": "lynx-2.8.6-145.1.ia64",
                  "product_id": "lynx-2.8.6-145.1.ia64"
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "lynx-2.8.6-145.1.ppc64",
                "product": {
                  "name": "lynx-2.8.6-145.1.ppc64",
                  "product_id": "lynx-2.8.6-145.1.ppc64"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "lynx-2.8.6-145.1.s390x",
                "product": {
                  "name": "lynx-2.8.6-145.1.s390x",
                  "product_id": "lynx-2.8.6-145.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "lynx-2.8.6-145.1.x86_64",
                "product": {
                  "name": "lynx-2.8.6-145.1.x86_64",
                  "product_id": "lynx-2.8.6-145.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:suse:sle-sdk:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lynx-2.8.6-145.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.i586"
        },
        "product_reference": "lynx-2.8.6-145.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lynx-2.8.6-145.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.ia64"
        },
        "product_reference": "lynx-2.8.6-145.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lynx-2.8.6-145.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.ppc64"
        },
        "product_reference": "lynx-2.8.6-145.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lynx-2.8.6-145.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.s390x"
        },
        "product_reference": "lynx-2.8.6-145.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lynx-2.8.6-145.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.x86_64"
        },
        "product_reference": "lynx-2.8.6-145.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-9179",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9179"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "lynx: It was found that Lynx doesn\u0027t parse the authority component of the URL correctly when the host name part ends with \u0027?\u0027, and could instead be tricked into connecting to a different host.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9179",
          "url": "https://www.suse.com/security/cve/CVE-2016-9179"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1008642 for CVE-2016-9179",
          "url": "https://bugzilla.suse.com/1008642"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:lynx-2.8.6-145.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-03-03T16:47:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9179"
    }
  ]
}

ghsa-r2wx-qjhc-7h6p

Vulnerability from github

Published

2022-05-17 03:17

Modified

2022-05-17 03:17

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-9179"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-22T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "lynx: It was found that Lynx doesn\u0027t parse the authority component of the URL correctly when the host name part ends with \u0027?\u0027, and could instead be tricked into connecting to a different host.",
  "id": "GHSA-r2wx-qjhc-7h6p",
  "modified": "2022-05-17T03:17:54Z",
  "published": "2022-05-17T03:17:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9179"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/11/04/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94215"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2016-11058

Vulnerability from cnvd

Title

Lynx URL重定向漏洞

Description

Lynx是一款纯文字网页浏览器。 Lynx URL存在重定向漏洞，攻击者可利用该漏洞构建恶意URI，诱使用户解析，重定向用户到任意WEB站点进行钓鱼攻击。

Severity

中

Patch Name

Lynx URL重定向漏洞的补丁

Patch Description

Lynx是一款纯文字网页浏览器。 Lynx URL存在重定向漏洞，攻击者可利用该漏洞构建恶意URI，诱使用户解析，重定向用户到任意WEB站点进行钓鱼攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页： http://lynx.browser.org/

Reference

http://www.securityfocus.com/bid/94215

Impacted products

Name
['Lynx Lynx <=2.8.9dev.8', 'Lynx Lynx 2.8.8pre.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": [
      {
        "cveNumber": "94215"
      },
      {
        "cveNumber": "CVE-2016-9179"
      }
    ]
  },
  "description": "Lynx\u662f\u4e00\u6b3e\u7eaf\u6587\u5b57\u7f51\u9875\u6d4f\u89c8\u5668\u3002 \r\n\r\nLynx URL\u5b58\u5728\u91cd\u5b9a\u5411\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6784\u5efa\u6076\u610fURI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u91cd\u5b9a\u5411\u7528\u6237\u5230\u4efb\u610fWEB\u7ad9\u70b9\u8fdb\u884c\u9493\u9c7c\u653b\u51fb\u3002",
  "discovererName": "redrain root",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a \r\nhttp://lynx.browser.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11058",
  "openTime": "2016-11-15",
  "patchDescription": "Lynx\u662f\u4e00\u6b3e\u7eaf\u6587\u5b57\u7f51\u9875\u6d4f\u89c8\u5668\u3002 \r\n\r\nLynx URL\u5b58\u5728\u91cd\u5b9a\u5411\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6784\u5efa\u6076\u610fURI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u91cd\u5b9a\u5411\u7528\u6237\u5230\u4efb\u610fWEB\u7ad9\u70b9\u8fdb\u884c\u9493\u9c7c\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Lynx URL\u91cd\u5b9a\u5411\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Lynx Lynx \u003c=2.8.9dev.8",
      "Lynx Lynx 2.8.8pre.4"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/94215",
  "serverity": "\u4e2d",
  "submitTime": "2016-11-11",
  "title": "Lynx URL\u91cd\u5b9a\u5411\u6f0f\u6d1e"
}

fkie_cve-2016-9179

Vulnerability from fkie_nvd

Published

2016-12-22 21:59

Modified

2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2016/11/04/1	Mailing List, Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/94215	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2016/11/04/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94215	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	lynx	lynx	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lynx:lynx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CDDBBB0-67BA-4A55-9C7A-1AEB7CF73B52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "lynx: It was found that Lynx doesn\u0027t parse the authority component of the URL correctly when the host name part ends with \u0027?\u0027, and could instead be tricked into connecting to a different host."
    },
    {
      "lang": "es",
      "value": "lynx: Se ha descubierto que Lynx no analiza correctamente el componente de autoridad de la URL cuando la parte del nombre del anfitri\u00f3n termina con \u0027?\u0027, y podr\u00eda en su lugar ser enga\u00f1ado para conectar con un anfitri\u00f3n distinto."
    }
  ],
  "id": "CVE-2016-9179",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-22T21:59:00.147",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/11/04/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94215"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/11/04/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94215"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2016-9179

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.

Aliases

CVE-2016-9179

Aliases

CVE-2016-9179

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-9179",
    "description": "lynx: It was found that Lynx doesn\u0027t parse the authority component of the URL correctly when the host name part ends with \u0027?\u0027, and could instead be tricked into connecting to a different host.",
    "id": "GSD-2016-9179",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-9179.html",
      "https://advisories.mageia.org/CVE-2016-9179.html",
      "https://ubuntu.com/security/CVE-2016-9179"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-9179"
      ],
      "details": "lynx: It was found that Lynx doesn\u0027t parse the authority component of the URL correctly when the host name part ends with \u0027?\u0027, and could instead be tricked into connecting to a different host.",
      "id": "GSD-2016-9179",
      "modified": "2023-12-13T01:21:21.942912Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-9179",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "lynx: It was found that Lynx doesn\u0027t parse the authority component of the URL correctly when the host name part ends with \u0027?\u0027, and could instead be tricked into connecting to a different host."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "94215",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94215"
          },
          {
            "name": "[oss-security] 20161104 Re: CVE requestynx invalid URL parsing with \u0027?\u0027",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2016/11/04/1"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:lynx:lynx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9179"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "lynx: It was found that Lynx doesn\u0027t parse the authority component of the URL correctly when the host name part ends with \u0027?\u0027, and could instead be tricked into connecting to a different host."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94215",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94215"
            },
            {
              "name": "[oss-security] 20161104 Re: CVE requestynx invalid URL parsing with \u0027?\u0027",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/11/04/1"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2016-12-23T14:44Z",
      "publishedDate": "2016-12-22T21:59Z"
    }
  }
}

opensuse-su-2024:11033-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

lynx-2.9.0~dev.9-1.2 on GA media

Notes

Title of the patch

lynx-2.9.0~dev.9-1.2 on GA media

Description of the patch

These are all security issues fixed in the lynx-2.9.0~dev.9-1.2 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-11033

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "lynx-2.9.0~dev.9-1.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the lynx-2.9.0~dev.9-1.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11033",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11033-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2006-7234 page",
        "url": "https://www.suse.com/security/cve/CVE-2006-7234/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9179 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9179/"
      }
    ],
    "title": "lynx-2.9.0~dev.9-1.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11033-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "lynx-2.9.0~dev.9-1.2.aarch64",
                "product": {
                  "name": "lynx-2.9.0~dev.9-1.2.aarch64",
                  "product_id": "lynx-2.9.0~dev.9-1.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "lynx-2.9.0~dev.9-1.2.ppc64le",
                "product": {
                  "name": "lynx-2.9.0~dev.9-1.2.ppc64le",
                  "product_id": "lynx-2.9.0~dev.9-1.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "lynx-2.9.0~dev.9-1.2.s390x",
                "product": {
                  "name": "lynx-2.9.0~dev.9-1.2.s390x",
                  "product_id": "lynx-2.9.0~dev.9-1.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "lynx-2.9.0~dev.9-1.2.x86_64",
                "product": {
                  "name": "lynx-2.9.0~dev.9-1.2.x86_64",
                  "product_id": "lynx-2.9.0~dev.9-1.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lynx-2.9.0~dev.9-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.aarch64"
        },
        "product_reference": "lynx-2.9.0~dev.9-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lynx-2.9.0~dev.9-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.ppc64le"
        },
        "product_reference": "lynx-2.9.0~dev.9-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lynx-2.9.0~dev.9-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.s390x"
        },
        "product_reference": "lynx-2.9.0~dev.9-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "lynx-2.9.0~dev.9-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.x86_64"
        },
        "product_reference": "lynx-2.9.0~dev.9-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-7234",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2006-7234"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.aarch64",
          "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.ppc64le",
          "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.s390x",
          "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2006-7234",
          "url": "https://www.suse.com/security/cve/CVE-2006-7234"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 439427 for CVE-2006-7234",
          "url": "https://bugzilla.suse.com/439427"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.aarch64",
            "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.ppc64le",
            "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.s390x",
            "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2006-7234"
    },
    {
      "cve": "CVE-2016-9179",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9179"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "lynx: It was found that Lynx doesn\u0027t parse the authority component of the URL correctly when the host name part ends with \u0027?\u0027, and could instead be tricked into connecting to a different host.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.aarch64",
          "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.ppc64le",
          "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.s390x",
          "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9179",
          "url": "https://www.suse.com/security/cve/CVE-2016-9179"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1008642 for CVE-2016-9179",
          "url": "https://bugzilla.suse.com/1008642"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.aarch64",
            "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.ppc64le",
            "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.s390x",
            "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.aarch64",
            "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.ppc64le",
            "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.s390x",
            "openSUSE Tumbleweed:lynx-2.9.0~dev.9-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9179"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-9179 (GCVE-0-2016-9179)

Vulnerability from cvelistv5

msrc_cve-2016-9179

Vulnerability from csaf_microsoft

suse-su-2017:0599-1

Vulnerability from csaf_suse

ghsa-r2wx-qjhc-7h6p

Vulnerability from github

cnvd-2016-11058

Vulnerability from cnvd

fkie_cve-2016-9179

Vulnerability from fkie_nvd

gsd-2016-9179

Vulnerability from gsd

opensuse-su-2024:11033-1

Vulnerability from csaf_opensuse

Tags

Sightings

Nomenclature