Filtered by vendor Busybox
Subscriptions
Total
40 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6301 | 1 Busybox | 1 Busybox | 2025-04-12 | N/A |
| The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop. | ||||
| CVE-2011-2716 | 3 Busybox, Redhat, T-mobile | 3 Busybox, Enterprise Linux, Tm-ac1900 | 2025-04-11 | N/A |
| The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options. | ||||
| CVE-2013-1813 | 3 Busybox, Redhat, T-mobile | 3 Busybox, Enterprise Linux, Tm-ac1900 | 2025-04-11 | N/A |
| util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors. | ||||
| CVE-2006-1058 | 3 Avaya, Busybox, Redhat | 6 Aura Application Enablement Services, Aura Sip Enablement Services, Message Networking and 3 more | 2025-04-03 | 5.5 Medium |
| BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. | ||||
| CVE-2022-48174 | 2 Busybox, Redhat | 2 Busybox, Rhel Els | 2025-02-05 | 9.8 Critical |
| There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. | ||||
| CVE-2023-42366 | 1 Busybox | 1 Busybox | 2024-12-06 | 5.5 Medium |
| A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. | ||||
| CVE-2023-42365 | 1 Busybox | 1 Busybox | 2024-11-21 | 5.5 Medium |
| A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. | ||||
| CVE-2023-42364 | 1 Busybox | 1 Busybox | 2024-11-21 | 5.5 Medium |
| A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. | ||||
| CVE-2023-42363 | 1 Busybox | 1 Busybox | 2024-11-21 | 5.5 Medium |
| A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. | ||||
| CVE-2023-39810 | 1 Busybox | 1 Busybox | 2024-11-21 | 7.8 High |
| An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. | ||||
| CVE-2022-30065 | 2 Busybox, Siemens | 13 Busybox, Scalance Sc622-2c, Scalance Sc622-2c Firmware and 10 more | 2024-11-21 | 7.8 High |
| A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. | ||||
| CVE-2022-28391 | 1 Busybox | 1 Busybox | 2024-11-21 | 8.8 High |
| BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. | ||||
| CVE-2021-42386 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-11-21 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function | ||||
| CVE-2021-42385 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-11-21 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | ||||
| CVE-2021-42384 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-11-21 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function | ||||
| CVE-2021-42383 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-11-21 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | ||||
| CVE-2021-42382 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-11-21 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function | ||||
| CVE-2021-42381 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-11-21 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function | ||||
| CVE-2021-42380 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-11-21 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function | ||||
| CVE-2021-42379 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-11-21 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function | ||||