threat
engine
.sh
Back
·
··:··
Home
/
Product
/
gnu less
Product
gnu less
5 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-32487
<= 653
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filen
8.6
HIGH
CVE-2022-48624
< 606
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
7.8
HIGH
CVE-2022-46663
>= 566 and < 609
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.
7.5
HIGH
CVE-2014-9488
<= 471
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 cha
CVE-2004-2264
all versions
Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a den
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin