Vulnerabilities > Busybox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-26 | CVE-2015-9261 | NULL Pointer Dereference vulnerability in multiple products huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. | 5.5 |
| 2018-07-24 | CVE-2017-3209 | Missing Authentication for Critical Function vulnerability in Dbpower U818A Firmware The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. | 4.8 |
| 2018-06-26 | CVE-2018-1000500 | Improper Certificate Validation vulnerability in Busybox Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. | 6.8 |
| 2017-10-24 | CVE-2017-15874 | Integer Underflow (Wrap or Wraparound) vulnerability in Busybox 1.27.2 archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation. | 4.3 |
| 2017-10-24 | CVE-2017-15873 | Integer Overflow or Wraparound vulnerability in multiple products The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. | 4.3 |
| 2017-08-07 | CVE-2011-5325 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink. | 5.0 |
| 2017-02-09 | CVE-2016-2147 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. | 5.0 |
| 2012-07-03 | CVE-2011-2716 | Improper Input Validation vulnerability in multiple products The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options. | 6.8 |
| 2006-04-04 | CVE-2006-1058 | Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. | 5.5 |