Lynx Project Lynx vulnerabilities

CVE-2021-38165 [MEDIUM] CWE-522 CVE-2021-38165: Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to d Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.

CVE-2014-5002 [HIGH] CWE-255 CVE-2014-5002: The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows loc The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes.

CVE-2017-1000211 [MEDIUM] CWE-416 CVE-2017-1000211: Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory dis Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.

CVE-1999-1549 [HIGH] CWE-346 CVE-1999-1549: Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local a Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands.