Lucene search
K

89 matches found

Debian CVE
Debian CVE
added 2026/05/22 1:22 p.m.10 views

CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

9.2CVSS5.9AI score0.00848EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

shell-quote 安全漏洞

Shell-quote is a software package developed by Jordan Harband. It is used for parsing and quoting shell commands. Shell-quote has a security vulnerability. This vulnerability stems from the quote function not verifying the object token input and the operator model used in parse. As a result, line...

9.2CVSS5.7AI score0.00848EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.17 views

PT-2026-42766

Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.8.4 Description The quote function fails to validate object-token inputs against the operator model used by parse. Specifically, the .op field is escaped using a regular expression that does not match line...

9.2CVSS5.8AI score0.00848EPSS
Exploits1References52
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Less

Closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE...

7.8CVSS6.6AI score0.01059EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.4 views

CVE-2026-30302

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...

10CVSS6.2AI score0.01993EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 12:0 a.m.20 views

CVE-2026-30302

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...

0.01993EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:0 a.m.1 views

CVE-2026-30302

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...

6.2AI score0.01993EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-0328

Malware in sbrugna...

9.8CVSS8.8AI score0.02232EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-0089

Malware in sbrugna...

4.6CVSS6AI score0.00605EPSS
Exploits2References13
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-48624

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. CVE-2022-48624 Note that Nessus relies on the presence of the package as...

7.8CVSS6.2AI score0.01059EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.5 views

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS7.2AI score0.0434EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/07/16 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for less (EulerOS-SA-2024-1965)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS8.3AI score0.01059EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/06/10 12:0 a.m.6 views

Vulnerability of the close_altfile() function (filename.c) for UNIX-like system text terminals: allowing attackers to execute arbitrary commands

The vulnerability of the closealtfile function filename.c for UNIX-like system text terminals is related to the omission of the Shellquote call for LESSCLOSE. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...

7CVSS7AI score0.01059EPSS
Exploits0References10Affected Software6
OSV
OSV
added 2024/04/25 5:30 p.m.6 views

CLSA-2024-1714066220 Fix CVE(s): CVE-2022-48624

SECURITY UPDATE: shell-quote filenames when invoking LESSCLOSE. - debian/patches/CVE-2022-48624.patch: Fix closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. - CVE-2022-48624...

7.8CVSS7.2AI score0.01059EPSS
Exploits0References1
OSV
OSV
added 2024/04/19 10:46 a.m.5 views

CLSA-2024-1713523598 less: Fix of CVE-2022-48624

CVE-2022-48624: shell-quote filenames when invoking LESSCLOSE...

7.8CVSS6.8AI score0.01059EPSS
Exploits0References1
CloudLinux
CloudLinux
added 2024/04/19 10:41 a.m.90 views

less: Fix of CVE-2022-48624

CVE-2022-48624: shell-quote filenames when invoking LESSCLOSE...

7.8CVSS7.3AI score0.01059EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/04/11 12:0 a.m.37 views

SUSE SLES12 Security Update : less (SUSE-SU-2024:1189-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1189-1 advisory. - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters bsc1219901. Tenable has extracted the preceding...

7.8CVSS6.8AI score0.01059EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 8:31 p.m.110 views

Security Bulletin: IBM Planning Analytics Workspace has addressed multiple vulnerabilities

Summary IBM Planning Analytics Workspace is considered vulnerable to a Malicious File Upload vulnerability which could allow a privileged user to upload malicious files that can be automatically processed within the product CVE-2023-42017. This vulnerability has been addressed. IBM Planning...

9.8CVSS10AI score0.0434EPSS
Exploits5Affected Software1
Amazon
Amazon
added 2024/03/04 12:0 a.m.6 views

Important: less

Issue Overview: closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. CVE-2022-48624 Affected Packages: less Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

7.8CVSS7AI score0.01059EPSS
Exploits0
Amazon
Amazon
added 2024/03/04 12:0 a.m.42 views

Important: less

Issue Overview: closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. CVE-2022-48624 Affected Packages: less Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

7.8CVSS7.9AI score0.01059EPSS
Exploits0
Rows per page
Query Builder