Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
busybox busybox vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2017-5671
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers prior to 10.11.013310 and 10.12.x prior to 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root pr...
Honeywell Intermec Pm42 Firmware
Honeywell Intermec Pm43 Firmware
Honeywell Intermec Pm23 Firmware
Honeywell Intermec Pd43 Firmware
Honeywell Intermec Pc42 Firmware
Honeywell Intermec Pc23 Firmware
Honeywell Intermec Pc43 Firmware
1 EDB exploit
7.2
CVSSv2
CVE-2015-5277
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) prior to 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Hpc Node 7.0
Gnu Glibc
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
7.2
CVSSv2
CVE-2013-1813
util-linux/mdev.c in BusyBox prior to 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.
Redhat Enterprise Linux 6.0
T-mobile Tm-ac1900 3.0.0.4.376 3169
Busybox Busybox 0.38
Busybox Busybox 0.46
Busybox Busybox 0.47
Busybox Busybox 0.60.1
Busybox Busybox 0.60.2
Busybox Busybox 0.60.3
Busybox Busybox 1.1.2
Busybox Busybox 1.1.3
Busybox Busybox 1.11.1
Busybox Busybox 1.11.2
Busybox Busybox 1.13.1
Busybox Busybox 1.13.2
Busybox Busybox 1.14.4
Busybox Busybox 1.15.0
Busybox Busybox 1.17.0
Busybox Busybox 1.17.1
Busybox Busybox 1.18.4
Busybox Busybox 1.18.5
Busybox Busybox 1.2.2
Busybox Busybox 1.2.2.1
6.8
CVSSv2
CVE-2022-30065
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.
Busybox Busybox 1.35.0
Siemens Scalance Sc622-2c Firmware
Siemens Scalance Sc626-2c Firmware
Siemens Scalance Sc632-2c Firmware
Siemens Scalance Sc636-2c Firmware
Siemens Scalance Sc642-2c Firmware
Siemens Scalance Sc646-2c Firmware
1 Github repository
6.8
CVSSv2
CVE-2022-28391
BusyBox up to and including 1.35.0 allows remote malicious users to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.
Busybox Busybox
3 Github repositories
6.8
CVSSv2
CVE-2021-42377
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditi...
Busybox Busybox 1.33.1
Busybox Busybox 1.33.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Cloud Backup -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
6.8
CVSSv2
CVE-2014-4607
Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 prior to 2.07 on 32-bit platforms might allow remote malicious users to execute arbitrary code via a crafted Literal Run.
Oberhumer Liblzo2
Oberhumer Lzo2
6.8
CVSSv2
CVE-2018-1000500
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain...
Busybox Busybox
6.8
CVSSv2
CVE-2015-7291
Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote malicious users to hijack the authentication of arbitrary users.
Arris Na Model 862 Gw Mono Firmware Ts0703135 112211
Arris Na Model 862 Gw Mono Firmware Ts0705125 062314
Arris Na Model 862 Gw Mono Firmware Ts0703128 100611
Arris Na Model 862 Gw Mono Firmware Ts0705125d 031115
Arris Na Model 862 Gw Mono Firmware Ts070593c 073013
6.8
CVSSv2
CVE-2011-2716
The DHCP client (udhcpc) in BusyBox prior to 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.
T-mobile Tm-ac1900 3.0.0.4.376 3169
Busybox Busybox 1.18.5
Busybox Busybox 1.18.4
Busybox Busybox 1.17.2
Busybox Busybox 1.18.3
Busybox Busybox 1.18.2
Busybox Busybox 1.17.0
Busybox Busybox 1.16.2
Busybox Busybox 1.16.1
Busybox Busybox 1.14.3
Busybox Busybox 1.14.2
Busybox Busybox 1.13.0
Busybox Busybox 1.12.4
Busybox Busybox 1.11.0
Busybox Busybox 1.10.4
Busybox Busybox 1.9.0
Busybox Busybox 1.8.2
Busybox Busybox 1.6.1
Busybox Busybox 1.6.0
Busybox Busybox 1.3.0
Busybox Busybox 1.2.2.1
Busybox Busybox 1.1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »