Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
busybox busybox vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-16544
In the add_match function in libbb/lineedit.c in BusyBox up to and including 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could pot...
Busybox Busybox
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Vmware Esxi 6.0
Vmware Esxi 6.5
Vmware Esxi 6.7
Redlion N-tron 702-w Firmware
Redlion N-tron 702m12-w Firmware
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
8.8
CVSSv3
CVE-2017-5671
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers prior to 10.11.013310 and 10.12.x prior to 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root pr...
Honeywell Intermec Pc23 Firmware
Honeywell Intermec Pc42 Firmware
Honeywell Intermec Pc43 Firmware
Honeywell Intermec Pd43 Firmware
Honeywell Intermec Pm23 Firmware
Honeywell Intermec Pm42 Firmware
Honeywell Intermec Pm43 Firmware
1 EDB exploit
8.1
CVSSv3
CVE-2017-3209
The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP server that by default allows anonymous access without a password, and provides...
Dbpower U818a Firmware -
8.1
CVSSv3
CVE-2018-1000500
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain...
Busybox Busybox
8.1
CVSSv3
CVE-2017-14115
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote malicious users to access a "Termin...
Att U-verse Firmware 9.2.2h0d83
8.1
CVSSv3
CVE-2017-14116
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote malicious users to obtain root privileges by establishing...
Att U-verse Firmware 9.2.2h0d83
7.8
CVSSv3
CVE-2023-39810
An issue in the CPIO command of Busybox v1.33.2 allows malicious users to execute a directory traversal.
Busybox Busybox 1.33.2
Busybox Busybox 1.30.1
7.8
CVSSv3
CVE-2022-30065
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.
Busybox Busybox 1.35.0
Siemens Scalance Sc622-2c Firmware
Siemens Scalance Sc626-2c Firmware
Siemens Scalance Sc632-2c Firmware
Siemens Scalance Sc636-2c Firmware
Siemens Scalance Sc642-2c Firmware
Siemens Scalance Sc646-2c Firmware
1 Github repository
7.5
CVSSv3
CVE-2021-28831
decompress_gunzip.c in BusyBox up to and including 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
Busybox Busybox
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
3 Github repositories
7.5
CVSSv3
CVE-2018-20679
An issue exists in BusyBox prior to 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote malicious user to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in...
Busybox Busybox
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »