Greenwoodsoftware

greenwoodsoftware

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Less

less

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-32487 3Debian GreenwoodsoftwareNetapp 5Bootstrap Os Debian LinuxHci Storage Nodes+2 more Jun 17, 2025 Apr 13, 2024 N/A· v4 8.6 HIGH· v3 N/A· v2 less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as th...Show more less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.Show less
CVE-2022-48624 1Greenwoodsoftware 1Less Mar 27, 2025 Feb 19, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2024-32487

3Debian

GreenwoodsoftwareNetapp

5Bootstrap Os

Debian LinuxHci Storage Nodes+2 more

Jun 17, 2025

Apr 13, 2024

N/A· v4

8.6 HIGH· v3

N/A· v2

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.Show less

CVE-2022-48624

1Greenwoodsoftware

1Less

Mar 27, 2025

Feb 19, 2024

N/A· v4

7.8 HIGH· v3

N/A· v2

close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.