Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
busybox busybox vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-1168
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote malicious users to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
Ncompress Ncompress 4.2.4
8.8
CVSSv3
CVE-2014-4607
Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 prior to 2.07 on 32-bit platforms might allow remote malicious users to execute arbitrary code via a crafted Literal Run.
Oberhumer Liblzo2
Oberhumer Lzo2
7.2
CVSSv3
CVE-2012-6614
D-Link DSR-250N devices prior to 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.
Dlink Dsr-250n Firmware
NA
CVE-2005-2136
Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users.
Raritan Dominion Sx4 Firmware -
Raritan Dominion Sx8 Firmware -
Raritan Dominion Sx16 Firmware -
Raritan Dominion Sx32 Firmware 2.4.6
Raritan Dominion Sxa-48 Firmware -
9.8
CVSSv3
CVE-2016-5791
An Improper Authentication issue exists in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication.
Jantek Jtc-200 Firmware
9.8
CVSSv3
CVE-2014-9984
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.
Gnu Glibc
6.8
CVSSv3
CVE-2023-40146
A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials a...
9.8
CVSSv3
CVE-2018-14494
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or rece...
Vivotek Fd8136 Firmware 0301a
8.1
CVSSv3
CVE-2017-3209
The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP server that by default allows anonymous access without a password, and provides...
Dbpower U818a Firmware -
9.8
CVSSv3
CVE-2021-37555
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem throug...
Trixie Tx9 Automatic Food Dispenser Firmware 3.2.57
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »