Less
Monthly
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.