CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42383 – Gentoo Linux Security Advisory 202407-17
https://notcve.org/view.php?id=CVE-2021-42383
15 Nov 2021 — A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function Un uso de memoria previamente liberada en el applet awk de Busybox conduce a la denegación de servicio y posiblemente a una ejecución de código cuando es procesado un patrón awk diseñado en la función evaluate Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. Versions greater than or e... • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42384 – Gentoo Linux Security Advisory 202407-17
https://notcve.org/view.php?id=CVE-2021-42384
15 Nov 2021 — A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function Un uso de memoria previamente liberada en el applet awk de Busybox conduce a la denegación de servicio y posiblemente a una ejecución de código cuando es procesado un patrón awk diseñado en la función handle_special It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into... • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42385 – Gentoo Linux Security Advisory 202407-17
https://notcve.org/view.php?id=CVE-2021-42385
15 Nov 2021 — A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function Un uso de memoria previamente liberada en el applet awk de Busybox conduce a una denegación de servicio y posiblemente a una ejecución de código cuando es procesado un patrón awk diseñado en la función evaluate It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing... • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42386 – Gentoo Linux Security Advisory 202407-17
https://notcve.org/view.php?id=CVE-2021-42386
15 Nov 2021 — A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function Un uso de memoria previamente liberada en el applet awk de Busybox conlleva una denegación de servicio y posiblemente una ejecución de código cuando es procesado un patrón awk diseñado en la función nvalloc Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. Versions greater than or equal... • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2021-28831 – Ubuntu Security Notice USN-6335-1
https://notcve.org/view.php?id=CVE-2021-28831
19 Mar 2021 — decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. El archivo decompress_gunzip.c en BusyBox versiones hasta 1.32.1, maneja inapropiadamente el bit de error en el puntero de resultado de huft_build, con un fallo liberación invalida o de segmentación resultante, por medio de datos gzip malformados It was discovered that BusyBox incorrectly handled certain malformed gzip archives... • https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 9%CPEs: 5EXPL: 2CVE-2018-20679 – Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
https://notcve.org/view.php?id=CVE-2018-20679
09 Jan 2019 — An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes. Se ha descubierto un problema en versiones anteriores a la 1.30.0 de BusyBox. Una lectura fuera de límites en los componentes udhcp (consumidos... • https://packetstorm.news/files/id/154361 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 3CVE-2019-5747 – Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
https://notcve.org/view.php?id=CVE-2019-5747
09 Jan 2019 — An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. Se ha descubierto un problema en BusyBox hasta la versión 1.30.0. • https://packetstorm.news/files/id/154361 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 13CVE-2015-9261 – Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
https://notcve.org/view.php?id=CVE-2015-9261
26 Jul 2018 — huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. huft_build en archival/libarchive/decompress_gunzip.c en BusyBox en versiones anteriores a la 1.27.2 utiliza incorrectamente un puntero, provocando segfaults y un cierre inesperado de la aplicación durante una operación unzip en un archivo ZIP especialmente manipulado. Tyler Hicks discovered that BusyBox incorr... • https://packetstorm.news/files/id/167552 • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3209 – The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user
https://notcve.org/view.php?id=CVE-2017-3209
24 Jul 2018 — The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP server that by default allows anonymous access without a password, and provides full filesystem read/write permissions to the anonymous user. A remote user within range of the open access point on the drone may utilize the anonymous user of the FTP server to read arbitrary files, such as images and video recor... • https://dl.acm.org/citation.cfm?id=3139943 • CWE-276: Incorrect Default Permissions CWE-306: Missing Authentication for Critical Function •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000500 – Ubuntu Security Notice USN-4531-1
https://notcve.org/view.php?id=CVE-2018-1000500
26 Jun 2018 — Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file". Busybox contiene una vulnerabilidad de falta de validación de certificados SSL en el applet "busybox wget" que puede resultar en la ejecución de código arbitrario. El ataque parece ser explotable mediante la descarga de cualq... • http://lists.busybox.net/pipermail/busybox/2018-May/086462.html • CWE-295: Improper Certificate Validation •