CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42385
https://notcve.org/view.php?id=CVE-2021-42385
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function Un uso de memoria previamente liberada en el applet awk de Busybox conduce a una denegación de servicio y posiblemente a una ejecución de código cuando es procesado un patrón awk diseñado en la función evaluate • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS https://security.netapp.com/advisory/ntap-20211223-0002 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42384
https://notcve.org/view.php?id=CVE-2021-42384
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function Un uso de memoria previamente liberada en el applet awk de Busybox conduce a la denegación de servicio y posiblemente a una ejecución de código cuando es procesado un patrón awk diseñado en la función handle_special • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS https://security.netapp.com/advisory/ntap-20211223-0002 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42378
https://notcve.org/view.php?id=CVE-2021-42378
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function Un uso de memoria previamente liberada en el applet awk de Busybox conduce a una denegación de servicio y posiblemente a una ejecución de código cuando es procesado un patrón awk diseñado en la función getvar_i • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS https://security.netapp.com/advisory/ntap-20211223-0002 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000500
https://notcve.org/view.php?id=CVE-2018-1000500
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file". Busybox contiene una vulnerabilidad de falta de validación de certificados SSL en el applet "busybox wget" que puede resultar en la ejecución de código arbitrario. El ataque parece ser explotable mediante la descarga de cualquier archivo por HTTPS mediante "busybox wget https://compromised-domain.com/important-file". • http://lists.busybox.net/pipermail/busybox/2018-May/086462.html https://git.busybox.net/busybox/commit/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91 https://usn.ubuntu.com/4531-1 • CWE-295: Improper Certificate Validation •