Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
busybox busybox vulnerabilities and exploits
(subscribe to this query)
1.9
CVSSv2
CVE-2021-42376
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
Busybox Busybox
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Cloud Backup -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
1.9
CVSSv2
CVE-2019-3422
The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can ...
Zte Mf910s Firmware -
NA
CVE-2024-37570
On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution.
NA
CVE-2023-40146
A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials a...
NA
CVE-2023-42364
A use-after-free vulnerability in BusyBox v.1.36.1 allows malicious users to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.
Busybox Busybox 1.36.1
NA
CVE-2023-42365
A use-after-free vulnerability exists in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
Busybox Busybox 1.36.1
NA
CVE-2023-42366
A heap-buffer-overflow exists in BusyBox v.1.36.1 in the next_token function at awk.c:1159.
Busybox Busybox 1.36.1
NA
CVE-2023-42363
A use-after-free vulnerability exists in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
Busybox Busybox 1.36.1
NA
CVE-2023-39810
An issue in the CPIO command of Busybox v1.33.2 allows malicious users to execute a directory traversal.
Busybox Busybox 1.33.2
Busybox Busybox 1.30.1
NA
CVE-2022-48174
There is a stack overflow vulnerability in ash.c:6030 in busybox prior to 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.
Busybox Busybox
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »