Search criteria
5 vulnerabilities by lynx
CVE-2016-9179 (GCVE-0-2016-9179)
Vulnerability from cvelistv5 – Published: 2016-12-22 21:00 – Updated: 2024-08-06 02:42
VLAI
Summary
lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94215 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2016/11/04/1 | mailing-listx_refsource_MLIST |
Date Public
2016-11-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94215",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94215"
},
{
"name": "[oss-security] 20161104 Re: CVE requestynx invalid URL parsing with \u0027?\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/04/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lynx: It was found that Lynx doesn\u0027t parse the authority component of the URL correctly when the host name part ends with \u0027?\u0027, and could instead be tricked into connecting to a different host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94215",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94215"
},
{
"name": "[oss-security] 20161104 Re: CVE requestynx invalid URL parsing with \u0027?\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/04/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lynx: It was found that Lynx doesn\u0027t parse the authority component of the URL correctly when the host name part ends with \u0027?\u0027, and could instead be tricked into connecting to a different host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94215"
},
{
"name": "[oss-security] 20161104 Re: CVE requestynx invalid URL parsing with \u0027?\u0027",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/04/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9179",
"datePublished": "2016-12-22T21:00:00.000Z",
"dateReserved": "2016-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:42:10.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5821 (GCVE-0-2012-5821)
Vulnerability from cvelistv5 – Published: 2012-11-04 22:00 – Updated: 2024-08-06 21:21
VLAI
Summary
Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://wiki.mageia.org/en/Support/Advisories/MGA… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-1642-1 | vendor-advisoryx_refsource_UBUNTU |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf | x_refsource_MISC |
Date Public
2012-10-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:26.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0351"
},
{
"name": "USN-1642-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1642-1"
},
{
"name": "lynx-ssl-spoofing(79930)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79930"
},
{
"name": "MDVSA-2013:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:101"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lynx does not verify that the server\u0027s certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0351"
},
{
"name": "USN-1642-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1642-1"
},
{
"name": "lynx-ssl-spoofing(79930)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79930"
},
{
"name": "MDVSA-2013:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:101"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lynx does not verify that the server\u0027s certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0351",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0351"
},
{
"name": "USN-1642-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1642-1"
},
{
"name": "lynx-ssl-spoofing(79930)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79930"
},
{
"name": "MDVSA-2013:101",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:101"
},
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5821",
"datePublished": "2012-11-04T22:00:00.000Z",
"dateReserved": "2012-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:21:26.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2810 (GCVE-0-2010-2810)
Vulnerability from cvelistv5 – Published: 2010-08-20 17:00 – Updated: 2024-08-07 02:46
VLAI
Summary
Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=oss-security&m=128152412221677&w=2 | mailing-listx_refsource_MLIST |
| http://www.vupen.com/english/advisories/2010/2042 | vdb-entryx_refsource_VUPEN |
| http://www.ubuntu.com/usn/USN-1642-1 | vendor-advisoryx_refsource_UBUNTU |
| http://marc.info/?l=oss-security&m=128151768510564&w=2 | mailing-listx_refsource_MLIST |
| https://bugs.launchpad.net/ubuntu/+source/lynx-cu… | x_refsource_CONFIRM |
Date Public
2010-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "lynx-converttoidna-bo(61007)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61007"
},
{
"name": "[oss-security] 20100809 Re: CVE request: Lynx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128152412221677\u0026w=2"
},
{
"name": "ADV-2010-2042",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2042"
},
{
"name": "USN-1642-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1642-1"
},
{
"name": "[oss-security] 20100809 CVE request: Lynx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128151768510564\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "lynx-converttoidna-bo(61007)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61007"
},
{
"name": "[oss-security] 20100809 Re: CVE request: Lynx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128152412221677\u0026w=2"
},
{
"name": "ADV-2010-2042",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2042"
},
{
"name": "USN-1642-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1642-1"
},
{
"name": "[oss-security] 20100809 CVE request: Lynx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128151768510564\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2810",
"datePublished": "2010-08-20T17:00:00.000Z",
"dateReserved": "2010-07-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:46:48.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7234 (GCVE-0-2006-7234)
Vulnerability from cvelistv5 – Published: 2008-10-27 17:00 – Updated: 2024-08-07 20:57
VLAI
Summary
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
Date Public
2006-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081025 CVE request: lynx (old) .mailcap handling flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/25/3"
},
{
"name": "31917",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31917"
},
{
"name": "oval:org.mitre.oval:def:9719",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=214205"
},
{
"name": "RHSA-2008:0965",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0965.html"
},
{
"name": "1021107",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021107"
},
{
"name": "32407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32407"
},
{
"name": "SUSE-SR:2009:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33568"
},
{
"name": "MDVSA-2008:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396949"
},
{
"name": "lynx-mailcap-mimetype-code-execution(46132)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46132"
},
{
"name": "32416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32416"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20081025 CVE request: lynx (old) .mailcap handling flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/25/3"
},
{
"name": "31917",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31917"
},
{
"name": "oval:org.mitre.oval:def:9719",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=214205"
},
{
"name": "RHSA-2008:0965",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0965.html"
},
{
"name": "1021107",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021107"
},
{
"name": "32407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32407"
},
{
"name": "SUSE-SR:2009:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33568"
},
{
"name": "MDVSA-2008:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396949"
},
{
"name": "lynx-mailcap-mimetype-code-execution(46132)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46132"
},
{
"name": "32416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32416"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-7234",
"datePublished": "2008-10-27T17:00:00.000Z",
"dateReserved": "2008-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:57:40.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4690 (GCVE-0-2008-4690)
Vulnerability from cvelistv5 – Published: 2008-10-22 17:00 – Updated: 2024-08-07 10:24
VLAI
Summary
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
Date Public
2008-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2008-9597",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00143.html"
},
{
"name": "RHSA-2008:0965",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0965.html"
},
{
"name": "[oss-security] 20081009 lynx lynxcgi handler flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/09/2"
},
{
"name": "32967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32967"
},
{
"name": "MDVSA-2008:218",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:218"
},
{
"name": "SUSE-SR:2009:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "FEDORA-2008-9550",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00066.html"
},
{
"name": "33568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33568"
},
{
"name": "lynx-lynxcgi-code-execution(46228)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46228"
},
{
"name": "MDVSA-2008:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:217"
},
{
"name": "1021105",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021105"
},
{
"name": "32416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32416"
},
{
"name": "oval:org.mitre.oval:def:11204",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2008-9597",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00143.html"
},
{
"name": "RHSA-2008:0965",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0965.html"
},
{
"name": "[oss-security] 20081009 lynx lynxcgi handler flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/09/2"
},
{
"name": "32967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32967"
},
{
"name": "MDVSA-2008:218",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:218"
},
{
"name": "SUSE-SR:2009:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "FEDORA-2008-9550",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00066.html"
},
{
"name": "33568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33568"
},
{
"name": "lynx-lynxcgi-code-execution(46228)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46228"
},
{
"name": "MDVSA-2008:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:217"
},
{
"name": "1021105",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021105"
},
{
"name": "32416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32416"
},
{
"name": "oval:org.mitre.oval:def:11204",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11204"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2008-9597",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00143.html"
},
{
"name": "RHSA-2008:0965",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0965.html"
},
{
"name": "[oss-security] 20081009 lynx lynxcgi handler flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/09/2"
},
{
"name": "32967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32967"
},
{
"name": "MDVSA-2008:218",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:218"
},
{
"name": "SUSE-SR:2009:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "FEDORA-2008-9550",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00066.html"
},
{
"name": "33568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33568"
},
{
"name": "lynx-lynxcgi-code-execution(46228)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46228"
},
{
"name": "MDVSA-2008:217",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:217"
},
{
"name": "1021105",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021105"
},
{
"name": "32416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32416"
},
{
"name": "oval:org.mitre.oval:def:11204",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11204"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4690",
"datePublished": "2008-10-22T17:00:00.000Z",
"dateReserved": "2008-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:24:20.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}