Filtered by vendor Busybox
Subscriptions
Filtered by product Busybox
Subscriptions
Total
40 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42386 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-08-04 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function | ||||
| CVE-2021-42381 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-08-04 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function | ||||
| CVE-2021-42383 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-08-04 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | ||||
| CVE-2021-42377 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2024-08-04 | 9.8 Critical |
| An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. | ||||
| CVE-2021-42380 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-08-04 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function | ||||
| CVE-2021-42385 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-08-04 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | ||||
| CVE-2021-42384 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-08-04 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function | ||||
| CVE-2021-42375 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2024-08-04 | 5.5 Medium |
| An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. | ||||
| CVE-2021-42373 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2024-08-04 | 5.5 Medium |
| A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given | ||||
| CVE-2021-42379 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-08-04 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function | ||||
| CVE-2021-42382 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-08-04 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function | ||||
| CVE-2021-28831 | 3 Busybox, Debian, Fedoraproject | 3 Busybox, Debian Linux, Fedora | 2024-08-03 | 7.5 High |
| decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. | ||||
| CVE-2022-48174 | 2 Busybox, Redhat | 2 Busybox, Rhel Els | 2024-08-03 | 9.8 Critical |
| There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. | ||||
| CVE-2022-30065 | 2 Busybox, Siemens | 13 Busybox, Scalance Sc622-2c, Scalance Sc622-2c Firmware and 10 more | 2024-08-03 | 7.8 High |
| A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. | ||||
| CVE-2022-28391 | 1 Busybox | 1 Busybox | 2024-08-03 | 8.8 High |
| BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. | ||||
| CVE-2023-42366 | 1 Busybox | 1 Busybox | 2024-08-02 | 5.5 Medium |
| A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. | ||||
| CVE-2023-42364 | 1 Busybox | 1 Busybox | 2024-08-02 | 5.5 Medium |
| A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. | ||||
| CVE-2023-42365 | 1 Busybox | 1 Busybox | 2024-08-02 | 5.5 Medium |
| A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. | ||||
| CVE-2023-42363 | 1 Busybox | 1 Busybox | 2024-08-02 | 5.5 Medium |
| A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. | ||||
| CVE-2023-39810 | 1 Busybox | 1 Busybox | 2024-08-02 | 7.8 High |
| An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. | ||||