Filtered by vendor Busybox
Subscribe
Total
38 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-1058 | 2 Avaya, Busybox | 5 Aura Application Enablement Services, Aura Sip Enablement Services, Message Networking and 2 more | 2024-02-09 | 2.1 LOW | 5.5 MEDIUM |
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. | |||||
CVE-2023-42364 | 1 Busybox | 1 Busybox | 2024-02-05 | N/A | 5.5 MEDIUM |
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. | |||||
CVE-2023-42366 | 1 Busybox | 1 Busybox | 2024-02-05 | N/A | 5.5 MEDIUM |
A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. | |||||
CVE-2023-42363 | 1 Busybox | 1 Busybox | 2024-02-05 | N/A | 5.5 MEDIUM |
A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. | |||||
CVE-2023-42365 | 1 Busybox | 1 Busybox | 2024-02-05 | N/A | 5.5 MEDIUM |
A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. | |||||
CVE-2022-30065 | 1 Busybox | 1 Busybox | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. | |||||
CVE-2022-28391 | 1 Busybox | 1 Busybox | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. | |||||
CVE-2021-42377 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2024-02-04 | 6.8 MEDIUM | 9.8 CRITICAL |
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. | |||||
CVE-2021-42385 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | |||||
CVE-2021-42373 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given | |||||
CVE-2021-42376 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2024-02-04 | 1.9 LOW | 5.5 MEDIUM |
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. | |||||
CVE-2021-42384 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function | |||||
CVE-2021-42374 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2024-02-04 | 3.3 LOW | 5.3 MEDIUM |
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that | |||||
CVE-2021-42378 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function | |||||
CVE-2021-42383 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | |||||
CVE-2021-42375 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2024-02-04 | 1.9 LOW | 5.5 MEDIUM |
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. | |||||
CVE-2021-42380 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function | |||||
CVE-2021-42382 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function | |||||
CVE-2021-42381 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function | |||||
CVE-2021-42386 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function |