rpm package
suse/less&distro=SUSE Linux Enterprise Server 12 SP5
pkg:rpm/suse/less&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-32487 | — | < 458-7.15.1 | 458-7.15.1 | Apr 13, 2024 | less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation al | ||
| CVE-2022-48624 | — | < 458-7.12.1 | 458-7.12.1 | Feb 19, 2024 | close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. | ||
| CVE-2014-9488 | — | < 458-7.3.3 | 458-7.3.3 | Apr 14, 2015 | The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read. |
- CVE-2024-32487Apr 13, 2024affected < 458-7.15.1fixed 458-7.15.1
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation al
- CVE-2022-48624Feb 19, 2024affected < 458-7.12.1fixed 458-7.12.1
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
- CVE-2014-9488Apr 14, 2015affected < 458-7.3.3fixed 458-7.3.3
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.