CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42381
https://notcve.org/view.php?id=CVE-2021-42381
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function Un uso de memoria previamente liberada en el applet awk de Busybox conduce a una denegación de servicio y posiblemente a una ejecución de código cuando es procesado un patrón awk diseñado en la función hash_init • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS https://security.netapp.com/advisory/ntap-20211223-0002 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42384
https://notcve.org/view.php?id=CVE-2021-42384
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function Un uso de memoria previamente liberada en el applet awk de Busybox conduce a la denegación de servicio y posiblemente a una ejecución de código cuando es procesado un patrón awk diseñado en la función handle_special • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS https://security.netapp.com/advisory/ntap-20211223-0002 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42385
https://notcve.org/view.php?id=CVE-2021-42385
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function Un uso de memoria previamente liberada en el applet awk de Busybox conduce a una denegación de servicio y posiblemente a una ejecución de código cuando es procesado un patrón awk diseñado en la función evaluate • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS https://security.netapp.com/advisory/ntap-20211223-0002 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42386
https://notcve.org/view.php?id=CVE-2021-42386
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function Un uso de memoria previamente liberada en el applet awk de Busybox conlleva una denegación de servicio y posiblemente una ejecución de código cuando es procesado un patrón awk diseñado en la función nvalloc • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS https://security.netapp.com/advisory/ntap-20211223-0002 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 2CVE-2019-5747 – Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
https://notcve.org/view.php?id=CVE-2019-5747
An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. Se ha descubierto un problema en BusyBox hasta la versión 1.30.0. • http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://seclists.org/fulldisclosure/2019/Sep/7 https://bugs.busybox.net/show_bug.cgi?id=11506 https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06 https://seclists.org/bugtraq/2019/Sep/7 https://usn.ubuntu.com/3935-1 • CWE-125: Out-of-bounds Read •