Search CVE reports
1 – 9 of 9 results
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files...
1 affected package
less
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| less | Fixed | Fixed | Fixed | Fixed |
Some fixes available 9 of 10
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
1 affected package
less
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| less | Fixed | Fixed | Fixed | Fixed |
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.
1 affected package
less
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| less | — | Fixed | Not affected | Not affected |
Some fixes available 1 of 5
slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.
1 affected package
suckless-tools
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| suckless-tools | — | — | — | Not affected |
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
1 affected package
less
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| less | — | — | — | — |
The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.
1 affected package
lesstif1-1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lesstif1-1 | — | — | — | — |
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
5 affected packages
lesstif1-1, lesstif2, openmotif, xorg, xterm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lesstif1-1 | — | — | — | — |
| lesstif2 | — | — | — | — |
| openmotif | — | — | — | — |
| xorg | — | — | — | — |
| xterm | — | — | — | — |
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5)...
4 affected packages
xorg, lesstif1-1, lesstif2, openmotif
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg | — | — | — | — |
| lesstif1-1 | — | — | — | — |
| lesstif2 | — | — | — | — |
| openmotif | — | — | — | — |
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute...
4 affected packages
lesstif1-1, lesstif2, openmotif, xorg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lesstif1-1 | — | — | — | — |
| lesstif2 | — | — | — | — |
| openmotif | — | — | — | — |
| xorg | — | — | — | — |