OESA-2024-1502 less security update

🗓️ 26 Apr 2024 11:07:50Reported by GoogleType

osv🔗 osv.dev👁 1 Views

Less fixes OS command execution via a newline in a filename due to quoting in filename.c; exploit requires attacker-controlled names and lessopen.

Reporter	Title	Published	Views	Family All 206
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to less atarbitrary command execution vulnerability [CVE-2024-32487]	6 Aug 202421:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)	27 May 202523:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues	8 Aug 202417:29	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in less (CVE-2024-32487) affects Power HMC.	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway	15 Apr 202502:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	15 Apr 202502:53	–	ibm
Tenable Nessus	Amazon Linux 2023 : less (ALAS2023-2024-622)	28 May 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : less (ALAS-2024-2547)	31 May 202400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : less (ALAS-2025-1958)	5 Feb 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0168: less (ALINUX3-SA-2024:0168)	14 May 202500:00	–	nessus

Source	Link
openeuler	www.openeuler.org/en/security/safety-bulletin/detail.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-32487

03 Sep 2025 06:20Current

7.2High risk

Vulners AI Score7.2

CVSS 3.18.6

EPSS0.00329

SSVC