CVE-2026-26157 affecting package busybox for versions less than 1.36.1-22

CVE-2026-26157 affecting package busybox for versions less than 1.36.1-22. A patched version of the package is available...

CVE-2026-26158 affecting package busybox for versions less than 1.36.1-22

CVE-2026-26158 affecting package busybox for versions less than 1.36.1-22. A patched version of the package is available...

AZL-77613 CVE-2026-26158 affecting package busybox for versions less than 1.36.1-22

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...

AZL-77610 CVE-2026-26157 affecting package busybox for versions less than 1.36.1-22

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...

Siemens SCALANCE and RUGGEDCOM Use After Free (CVE-2023-42364)

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

Envoy 安全漏洞

Envoy is an Enphase open source gateway program for connecting smart home devices. A security vulnerability exists in Envoy versions prior to 1.36.1, prior to 1.35.5, prior to 1.34.9, and prior to 1.33.10, which stems from improper management of flow control and could result in a crash of the TCP...

Incorrect Authorization

Overview github.com/mattermost/mattermost-plugin-playbooks/server/app is a package for reliable and repeatable processes using checklists, automation, and retrospectives Affected versions of this package are vulnerable to Incorrect Authorization via the playbooks handler failing to properly...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the playbooks handler failing to properly retrieve IsGuest for guest users. An attacker can gain unauthorized access to sensitive playbook run information by sending crafted requests as a guest user...

AZL-60936 CVE-2025-46394 affecting package busybox 1.36.1-22

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences...

OESA-2024-2438 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: A...

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

...

EulerOS 2.0 SP10 : busybox (EulerOS-SA-2024-2431)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A use-after-free vulnerability was discovered in xasprintf function in xfuncsprintf.c:344 in BusyBox v.1.36.1.CVE-2023-42363 Tenable has extracted...

CVE-2023-42364 affecting package busybox for versions less than 1.36.1-7

CVE-2023-42364 affecting package busybox for versions less than 1.36.1-7. A patched version of the package is available...

CVE-2023-42365 affecting package busybox for versions less than 1.36.1-7

CVE-2023-42365 affecting package busybox for versions less than 1.36.1-7. A patched version of the package is available...

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

...

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

...

OESA-2024-1902 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: A...

OPENSUSE-SU-2024:13181-1 busybox-1.36.1-2.1 on GA media

These are all security issues fixed in the busybox-1.36.1-2.1 package on the GA media of openSUSE Tumbleweed...

PT-2024-23300 · Solana · @Solana/Web3.Js

Name of the Vulnerable Software and Affected Versions: @solana/web3.js versions prior to 1.0.1 @solana/web3.js versions prior to 1.10.2 @solana/web3.js versions prior to 1.11.1 @solana/web3.js versions prior to 1.12.1 @solana/web3.js versions prior to 1.1.2 @solana/web3.js versions prior to 1.13....

CVE-2022-28391 affecting package busybox for versions less than 1.36.1-3

CVE-2022-28391 affecting package busybox for versions less than 1.36.1-3. A patched version of the package is available...