Lucene search
K

30 matches found

NVD
NVD
added 2026/06/26 5:16 p.m.8 views

CVE-2026-45406

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...

9CVSS0.00274EPSS
Exploits0References2
Rosalinux
Rosalinux
added 2025/09/09 10:19 a.m.5 views

Advisory ROSA-SA-2025-2971

software: less 608 WASP: ROSA-CHROME unaffected versions = less-608-3 affected versions less-608-3 CVE-ID: CVE-2024-32487 BDU-ID: 2024-03717 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the UNIX-like UNIX text terminal utility Less is related to incorrect handling of quotation marks in the...

8.6CVSS7.9AI score0.00628EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/10/24 10:5 p.m.36 views

K000148248: less vulnerability CVE-2024-32487

Security Advisory Description less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive...

8.6CVSS7.3AI score0.00628EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/07/09 10:3 a.m.5 views

less: OS command injection

An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...

8.6CVSS6.8AI score0.00628EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/07/02 3:27 p.m.4 views

less: OS command injection

An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...

8.6CVSS6.8AI score0.00628EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/05/30 2:41 p.m.13 views

less: OS command injection

An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...

8.6CVSS6.8AI score0.00628EPSS
Exploits0References6
OSV
OSV
added 2024/05/14 8:2 a.m.6 views

CLSA-2024-1715673753 Fix CVE(s): CVE-2024-32487

SECURITY UPDATE: quoting is mishandled in filename.c. - debian/patches/CVE-2024-32487.patch: Fix bug when viewing a file whose name contains a newline. - CVE-2024-32487...

8.6CVSS6.9AI score0.00628EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 7:59 a.m.6 views

CLSA-2024-1715673596 less: Fix of CVE-2024-32487

Fix CVE-2024-32487: filename.c: quoting mishandling...

8.6CVSS6.9AI score0.00628EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 7:57 a.m.5 views

CLSA-2024-1715673429 less: Fix of CVE-2024-32487

Fix CVE-2024-32487: filename.c: quoting mishandling...

8.6CVSS6.9AI score0.00628EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2024/04/22 7:0 a.m.4 views

less through 653 allows OS command execution via a newline character in the name of a file because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable but this is set by default in many common cases.

...

8.6CVSS7.1AI score0.00628EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:19 a.m.3 views

SUSE CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters...

7.5CVSS7.7AI score0.01625EPSS
Exploits0References4
OSV
OSV
added 2014/07/08 10:47 p.m.12 views

MGASA-2014-0289 Updated dpkg packages fixes security vulnerabilities

Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package, leading to the creation of files outside the directory of the source being unpacked CVE-2014-0471. Multiple vulnerabilities were discovered in dpkg...

6.4CVSS6.5AI score0.07322EPSS
Exploits1References4
securityvulns
securityvulns
added 2014/05/01 12:0 a.m.38 views

[SECURITY] [DSA 2915-2] dpkg security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2915-2 [email protected] http://www.debian.org/security/ Raphael Geissert April 30, 2014 http://www.debian.org/security/faq -...

1.6AI score
Exploits0
Debian
Debian
added 2014/04/30 8:47 p.m.13 views

[SECURITY] [DSA 2915-2] dpkg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2915-2 [email protected] http://www.debian.org/security/ Raphael Geissert April 30, 2014 http://www.debian.org/security/faq -...

6.7AI score
Exploits0
OSV
OSV
added 2014/04/30 2:22 p.m.1 views

DEBIAN-CVE-2014-0471

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."...

5CVSS6.6AI score0.02856EPSS
Exploits0References1
Prion
Prion
added 2014/04/30 2:22 p.m.16 views

Directory traversal

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."...

5CVSS6.8AI score0.02856EPSS
Exploits0References3Affected Software2
Debian CVE
Debian CVE
added 2014/04/30 2:0 p.m.20 views

CVE-2014-0471

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."...

5CVSS6.4AI score0.02856EPSS
Exploits0
OpenVAS
OpenVAS
added 2014/04/28 12:0 a.m.29 views

Debian Security Advisory DSA 2915-1 (dpkg - security update)

Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package - leading to the creation of files outside the directory of the source being unpacked. The update to the stable distribution wheezy incorporates...

5CVSS6.3AI score0.02856EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2014/04/28 12:0 a.m.25 views

CVE-2014-0471

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."...

5CVSS6AI score0.02856EPSS
Exploits0References3
OSV
OSV
added 2014/04/28 12:0 a.m.6 views

UBUNTU-CVE-2014-0471

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."...

5CVSS5.9AI score0.02856EPSS
Exploits0References4
Rows per page
Query Builder