Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-9261 | 4.3 |
huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.
|
29-10-2022 - 02:30 | 26-07-2018 - 19:29 | |
CVE-2017-16544 | 6.5 |
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the termin
|
28-10-2022 - 19:29 | 20-11-2017 - 15:29 | |
CVE-2016-2148 | 7.5 |
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.
|
22-02-2021 - 18:34 | 09-02-2017 - 15:59 | |
CVE-2011-5325 | 5.0 |
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
|
19-02-2021 - 15:57 | 07-08-2017 - 17:29 | |
CVE-2016-2147 | 5.0 |
Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
|
18-02-2021 - 14:46 | 09-02-2017 - 15:59 | |
CVE-2017-15873 | 4.3 |
The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.
|
18-02-2021 - 14:43 | 24-10-2017 - 20:29 | |
CVE-2018-1000517 | 7.5 |
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectiv
|
18-02-2021 - 14:41 | 26-06-2018 - 16:29 | |
CVE-2014-9645 | 2.1 |
The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or
|
03-04-2019 - 15:29 | 12-03-2017 - 06:59 |