Vulnerabilities > Busybox > Busybox > 1.27.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-15 | CVE-2021-42386 | Use After Free vulnerability in multiple products A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function | 7.2 |
2019-01-09 | CVE-2019-5747 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in BusyBox through 1.30.0. | 7.5 |
2019-01-09 | CVE-2018-20679 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in BusyBox before 1.30.0. | 5.0 |
2018-07-26 | CVE-2015-9261 | NULL Pointer Dereference vulnerability in multiple products huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. | 5.5 |
2018-06-26 | CVE-2018-1000517 | Classic Buffer Overflow vulnerability in multiple products BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. | 7.5 |
2018-06-26 | CVE-2018-1000500 | Improper Certificate Validation vulnerability in Busybox Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. | 6.8 |
2017-11-20 | CVE-2017-16544 | Code Injection vulnerability in multiple products In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. | 8.8 |