MiracleLinux 7 : less-458-10.el7 (AXSA:2024-8138:03)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8138:03 advisory. less: OS command injection CVE-2024-32487 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...

EUVD-2023-36215

Malicious code in bioql PyPI...

less: OS command injection

An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...

less: OS command injection

An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...

Rocky Linux 9 : less (RLSA-2024:3513)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3513 advisory. less: OS command injection CVE-2024-32487 Tenable has extracted the preceding description block directly from the Rocky Linux security advisory. Note that Nessus...

OS Command Execution

less is vulnerable to OS command execution. The vulnerability is due to mishandling of quoting in the filename.c file within the less command-line utility, allowing attackers to execute arbitrary commands via a newline character in the name of a file...

Slackware Linux 15.0 / current less Vulnerability (SSA:2024-105-01)

The version of less installed on the remote host is prior to 653. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-105-01 advisory. - less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c...

DEBIAN-CVE-2024-32487

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the...

UBUNTU-CVE-2024-32487

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the...

CVE-2023-31926

System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0...

CVE-2023-31926

System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0...

PT-2023-23526 · Brocade · Brocade Fabric Os

Name of the Vulnerable Software and Affected Versions: Brocade Fabric OS versions prior to 9.1.1c Brocade Fabric OS versions prior to 9.2.0 Description: The issue allows system files to be overwritten using the less command. Recommendations: For Brocade Fabric OS versions prior to 9.1.1c, update ...

Brocade Fabric OS Security Vulnerabilities

Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Brocade USA. A security vulnerability exists in Brocade Fabric OS versions prior to v9.2.0, which stems from the ability to overwrite system files using the less command...

CVE-2020-25036

UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command...

CVE-2020-25036

UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command...

Command injection

UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command...

UCOPIA Wireless Appliance Privilege Mobilization Vulnerability (CNVD-2018-11049)

The UCOPIA Wireless Appliance is a wireless device from the French company UCOPIA. A security vulnerability exists in the restricted shell interface of the UCOPIA Wireless Appliance in versions prior to 5.1.8. A remote attacker can exploit the vulnerability to gain 'admin' privileges via shell...

CVE-2017-11321

The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command...

git: Escape out of git-shell

A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted...

git: Escape out of git-shell

A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted...