busybox (SUSE:Manager Proxy 4.1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Manager Proxy 4.1 package busybox, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (28)
CVE-2016-2148 — CVSS 9.8 (critical): Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via…
CVE-2021-42377 — CVSS 9.8 (critical): An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a…
CVE-2018-1000517 — CVSS 9.8 (critical): BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in…
CVE-2017-16544 — CVSS 8.8 (high): In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of…
CVE-2018-1000500 — CVSS 8.1 (high): Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code…
CVE-2019-5747 — CVSS 7.5 (high): An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or…
CVE-2016-6301 — CVSS 7.5 (high): The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and…
CVE-2011-5325 — CVSS 7.5 (high): Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside…
CVE-2016-2147 — CVSS 7.5 (high): Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a…
CVE-2018-20679 — CVSS 7.5 (high): An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and…
CVE-2021-28831 — CVSS 7.5 (high): decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or…
CVE-2021-42386 — CVSS 7.2 (high): A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in…
CVE-2021-42378 — CVSS 7.2 (high): A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in…
CVE-2021-42379 — CVSS 7.2 (high): A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in…
CVE-2021-42380 — CVSS 7.2 (high): A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in…
CVE-2021-42381 — CVSS 7.2 (high): A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in…
CVE-2021-42382 — CVSS 7.2 (high): A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in…
CVE-2021-42383 — CVSS 7.2 (high): A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in…
CVE-2021-42384 — CVSS 7.2 (high): A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in…
CVE-2021-42385 — CVSS 7.2 (high): A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in…
CVE-2014-9645 — CVSS 5.5 (medium): The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel…
CVE-2017-15873 — CVSS 5.5 (medium): The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write…
CVE-2021-42373 — CVSS 5.5 (medium): A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
CVE-2021-42376 — CVSS 5.5 (medium): A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing…
CVE-2015-9261 — CVSS 5.5 (medium): huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application…
CVE-2021-42375 — CVSS 5.5 (medium): An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due…
CVE-2021-42374 — CVSS 5.3 (medium): An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is…
CVE-2017-15874 — CVSS 5.0 (medium): archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.