Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
busybox busybox vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-15873
The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.
Busybox Busybox 1.27.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
4.3
CVSSv2
CVE-2015-7290
Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote malicious users to inject arbitrary web script or HTML via the pwd parameter.
Arris Na Model 862 Gw Mono Firmware Ts0705125d 031115
Arris Na Model 862 Gw Mono Firmware Ts0705125 062314
Arris Na Model 862 Gw Mono Firmware Ts070593c 073013
Arris Na Model 862 Gw Mono Firmware Ts0703128 100611
Arris Na Model 862 Gw Mono Firmware Ts0703135 112211
4.3
CVSSv2
CVE-2009-5149
Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote malicious users to obtain access via the web management interface, related to a "password of the day"...
Arris Na Model 862 Gw Mono Firmware Ts0705125d 031115
Arris Na Model 862 Gw Mono Firmware Ts070593c 073013
Arris Na Model 862 Gw Mono Firmware Ts0703135 112211
Arris Na Model 862 Gw Mono Firmware Ts0705125 062314
Arris Na Model 862 Gw Mono Firmware Ts0703128 100611
3.5
CVSSv2
CVE-2020-16206
The affected product is vulnerable to stored cross-site scripting, which may allow an malicious user to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions).
Redlion N-tron 702-w Firmware
Redlion N-tron 702m12-w Firmware
3.5
CVSSv2
CVE-2020-16210
The affected product is vulnerable to reflected cross-site scripting, which may allow an malicious user to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions).
Redlion N-tron 702-w Firmware
Redlion N-tron 702m12-w Firmware
3.3
CVSSv2
CVE-2021-42374
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that
Busybox Busybox
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Cloud Backup -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
2.1
CVSSv2
CVE-2021-42373
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
Busybox Busybox 1.33.1
Busybox Busybox 1.33.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Cloud Backup -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
2.1
CVSSv2
CVE-2014-9645
The add_probe function in modutils/modprobe.c in BusyBox prior to 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /...
Busybox Busybox
2.1
CVSSv2
CVE-2006-1058
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
Busybox Busybox 1.1.1
Avaya Message Networking
Avaya Aura Sip Enablement Services
Avaya Aura Application Enablement Services 4.01
Avaya Aura Application Enablement Services 4.1
Avaya Messaging Storage Server
1.9
CVSSv2
CVE-2021-42376
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
Busybox Busybox
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Cloud Backup -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »