rpm package
almalinux/less
pkg:rpm/almalinux/less
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-32487 | — | < 590-4.el9_4 | 590-4.el9_4 | Apr 13, 2024 | less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation al | ||
| CVE-2022-48624 | — | < 530-2.el8_9 | 530-2.el8_9 | Feb 19, 2024 | close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. | ||
| CVE-2022-46663 | — | < 590-2.el9_2 | 590-2.el9_2 | Feb 7, 2023 | In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. |
- CVE-2024-32487Apr 13, 2024affected < 590-4.el9_4fixed 590-4.el9_4
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation al
- CVE-2022-48624Feb 19, 2024affected < 530-2.el8_9fixed 530-2.el8_9
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
- CVE-2022-46663Feb 7, 2023affected < 590-2.el9_2fixed 590-2.el9_2
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.