Download
| Alert*
|
oval:org.secpod.oval:def:704511
busybox is installed oval:org.secpod.oval:def:1800312 busybox is installed oval:org.secpod.oval:def:203247 busybox is installed oval:org.secpod.oval:def:70236 busybox: Tiny utilities for small and embedded systems Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. oval:org.secpod.oval:def:1500302 Updated busybox packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, i ... oval:org.secpod.oval:def:70169 busybox: Tiny utilities for small and embedded systems Several security issues were fixed in BusyBox. oval:org.secpod.oval:def:70108 busybox: Tiny utilities for small and embedded systems Several security issues were fixed in BusyBox. oval:org.secpod.oval:def:54090 busybox: Tiny utilities for small and embedded systems Several security issues were fixed in BusyBox. oval:org.secpod.oval:def:24746 The host is installed with busybox in RHEL 5 or 6 and is prone to an unprivileged arbitrary module load vulnerability. A flaw is present in the application, which fails to handle basename abuse. Successful exploitation could allow attackers to load arbitrary module. oval:org.secpod.oval:def:1800758 CVE-2017-15873: Integer overflow in the get_next_block function. The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. oval:org.secpod.oval:def:705644 busybox: Tiny utilities for small and embedded systems Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. oval:org.secpod.oval:def:2001464 The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service via a forged NTP packet, which triggers a communication loop. oval:org.secpod.oval:def:3301244 SUSE Security Update: Security update for busybox oval:org.secpod.oval:def:2001236 Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file". oval:org.secpod.oval:def:1800551 The busybox NTP implementation doesn"t check the NTP mode of packets received on the server port and responds to any packet with the right size. This includes responses from another NTP server. An attacker can send a packet with a spoofed source address in order to create an infinite loop of respons ... oval:org.secpod.oval:def:3300433 SUSE Security Update: Security update for busybox oval:org.secpod.oval:def:89048024 This update for busybox fixes the following issues: - CVE-2022-30065: Fixed use-after-free in the AWK applet . - CVE-2014-9645: Fixed loading of unwanted module with / in module names . - Update to 1.35.0 also introduced: - awk: fix printf %%, fix read beyond end of buffer - chrt: silence analyzer w ... oval:org.secpod.oval:def:89048015 This update for busybox fixes the following issues: - CVE-2022-30065: Fixed use-after-free in the AWK applet . oval:org.secpod.oval:def:89048021 This update for busybox fixes the following issues: - CVE-2022-30065: Fixed use-after-free in the AWK applet . oval:org.secpod.oval:def:501146 BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. It was found that the mdev BusyBox utility could create ... oval:org.secpod.oval:def:89049421 This update for busybox fixes the following issues: * CVE-2022-48174: Fixed stack overflow vulnerability oval:org.secpod.oval:def:89049567 This update for busybox fixes the following issues: * CVE-2022-48174: Fixed stack overflow vulnerability oval:org.secpod.oval:def:89049565 This update for busybox fixes the following issues: * CVE-2022-48174: Fixed stack overflow vulnerability oval:org.secpod.oval:def:89049359 This update for busybox fixes the following issues: * CVE-2022-48174: Fixed stack overflow vulnerability oval:org.secpod.oval:def:500753 BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncomp ... oval:org.secpod.oval:def:500835 BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncomp ... oval:org.secpod.oval:def:1601288 A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbi ... oval:org.secpod.oval:def:202370 BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncomp ... oval:org.secpod.oval:def:1503741 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:119644 Busybox is a single binary which includes versions of a large number of system commands, including a shell. This package can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. oval:org.secpod.oval:def:121171 Busybox is a single binary which includes versions of a large number of system commands, including a shell. This package can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. oval:org.secpod.oval:def:121177 Busybox is a single binary which includes versions of a large number of system commands, including a shell. This package can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. oval:org.secpod.oval:def:54091 busybox: Tiny utilities for small and embedded systems Several security issues were fixed in BusyBox. oval:org.secpod.oval:def:1900505 Integer overflow in the DHCP client in BusyBox before 1.25.0 allows remote attackers to cause a denial of service via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. oval:org.secpod.oval:def:1800501 CVE-2017-15873: Integer overflow in the get_next_block function¶ The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. oval:org.secpod.oval:def:2000565 Heap-based buffer overflow in the DHCP client in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. oval:org.secpod.oval:def:704873 busybox: Tiny utilities for small and embedded systems Several security issues were fixed in BusyBox. oval:org.secpod.oval:def:1901604 An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exis ... oval:org.secpod.oval:def:2001584 An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option in networking/udhcp/common.c that 4-byte options a ... oval:org.secpod.oval:def:2001169 Integer overflow in the DHCP client in BusyBox before 1.25.0 allows remote attackers to cause a denial of service via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. oval:org.secpod.oval:def:1901375 In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code executio ... oval:org.secpod.oval:def:1901612 BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed ... oval:org.secpod.oval:def:89047627 This update for busybox fixes the following issues: - CVE-2011-5325: Fixed tar directory traversal . - CVE-2015-9261: Fixed segfalts and application crashes in huft_build . - CVE-2016-2147: Fixed out of bounds write due to integer underflow in udhcpc . - CVE-2016-2148: Fixed heap-based buffer overf ... oval:org.secpod.oval:def:1800482 CVE-2017-15873: Integer overflow in the get_next_block function The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. oval:org.secpod.oval:def:2001370 In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code executio ... oval:org.secpod.oval:def:2001176 The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. oval:org.secpod.oval:def:1901585 An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option in networking/udhcp/common.c that 4-byte options a ... oval:org.secpod.oval:def:1900294 The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. oval:org.secpod.oval:def:1900537 Heap-based buffer overflow in the DHCP client in BusyBox before1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. oval:org.secpod.oval:def:1800311 CVE-2017-15873: Integer overflow in the get_next_block function; The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. oval:org.secpod.oval:def:89047299 This update for busybox fixes the following issues: - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data . - CVE-2018-20679: Fixed out of bounds read in udhcp . - CVE-2018-1000517: Fixed buffer overflow in the retrieve_file_data . - CVE-2011-5325: Fixed a directory trav ... oval:org.secpod.oval:def:2000039 BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed ... oval:org.secpod.oval:def:97620 [CLSA-2022:1650376937] Fixed CVE-2022-28391 in busybox oval:org.secpod.oval:def:97748 [CLSA-2023:1693906015] busybox: Fix of CVE-2022-48174 |
