11 matches found
less: OS command injection
An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...
less: OS command injection
An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...
less: OS command injection
An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...
less: OS command injection
An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...
CLSA-2024-1714066220 Fix CVE(s): CVE-2022-48624
SECURITY UPDATE: shell-quote filenames when invoking LESSCLOSE. - debian/patches/CVE-2022-48624.patch: Fix closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. - CVE-2022-48624...
less: missing quoting of shell metacharacters in LESSCLOSE handling
A flaw was found in less. The closealtfile function in filename.c omits shellquote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system...
CLSA-2024-1713523762 Fix CVE(s): CVE-2022-48624
SECURITY UPDATE: shell-quote filenames when invoking LESSCLOSE. - debian/patches/CVE-2022-48624.patch: Fix closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. - CVE-2022-48624...
Less 安全漏洞
Less is a text-finding application open-sourced by gwsw. A security vulnerability exists in Less version 653 and earlier versions, which stems from improper handling of references in filename.c. The vulnerability is caused by the use of a reference in the filename.c file...
less: missing quoting of shell metacharacters in LESSCLOSE handling
A flaw was found in less. The closealtfile function in filename.c omits shellquote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system...
USN-5848-1 less vulnerability
David Leadbeater discovered that less was not properly handling escape sequences when displaying raw control characters. A maliciously formed OSC 8 hyperlink could possibly be used by an attacker to cause a denial of service...
UBUNTU-CVE-2022-46663
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal...