| Max CVSS | 9.0 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-16544 | 6.5 |
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the termin
|
28-10-2022 - 19:29 | 20-11-2017 - 15:29 | |
| CVE-2016-6301 | 7.8 |
The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.
|
27-08-2020 - 20:15 | 09-12-2016 - 20:59 | |
| CVE-2013-1813 | 7.2 |
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.
|
27-08-2020 - 20:15 | 23-11-2013 - 11:55 | |
| CVE-2020-9436 | 9.0 |
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17
|
16-03-2020 - 15:52 | 12-03-2020 - 14:15 | |
| CVE-2020-9435 | 5.0 |
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17
|
16-03-2020 - 15:47 | 12-03-2020 - 14:15 | |
| CVE-2014-9645 | 2.1 |
The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or
|
03-04-2019 - 15:29 | 12-03-2017 - 06:59 |