SUSE: Security Advisory (SUSE-SU-2026:20905-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-20260327-73-0002

Vulnerability in busybox related to information presentation errors in the user interface. Exploitation of the vulnerability could allow an attacker acting remotely to conduct spoofing attacks...

CVE-2026-22175

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: busybox (UTSA-2026-006298)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006298 advisory. A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: busybox (UTSA-2026-006297)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006297 advisory. A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and...

Security Bulletin: Enumeration of users, compromised data confidentiality and integrity, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to enumeration of users, compromised data confidentiality and integrity, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22029 DESCRIPTION: React Router is a router for React. In...

Advisory ROSA-SA-2026-3225

software: busybox 1.37.0 OS: ROSA-CHROME unaffected versions = busybox-1.37.0-2 affected versions busybox-1.37.0-2 CVE-ID: CVE-2025-46394 BDU-ID: None CVE-Crit: LOW CVE-DESC.: In tar in BusyBox, file names in a TAR archive can be hidden in the list output using terminal escape sequences...

OPENSUSE-SU-2026:20387-1 Security update for busybox

This update for busybox fixes the following issues: Changes in busybox: - CVE-2026-26157: Fixed arbitrary file overwrite and potential code execution via incomplete path sanitization. bsc1258163 - CVE-2026-26158: Fixed arbitrary file modification and privilege escalation via unvalidated tar archi...

SUSE-SU-2026:20905-1 Security update for busybox

This update for busybox fixes the following issues: Changes in busybox: - CVE-2026-26157: Fixed arbitrary file overwrite and potential code execution via incomplete path sanitization. bsc1258163 - CVE-2026-26158: Fixed arbitrary file modification and privilege escalation via unvalidated tar archi...

CVE-2026-22175

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

CVE-2026-22175

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

EUVD-2026-12718

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

CVE-2026-22175

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

CVE-2026-22175 OpenClaw < 2026.2.23 - Exec Approval Bypass via Unrecognized Multiplexer Shell Wrappers

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

ROS-20260318-73-0004

Vulnerability in busybox related to access control flaws. Exploitation of the vulnerability could allow an attacker to escalate privileges...

OESA-2026-1544 busybox security update

The Swiss Army Knife of Embedded Linux Security Fixes: A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory...

SUSE SLES15 Security Update : busybox (SUSE-SU-2026:0872-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0872-1 advisory. - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. - CVE-2023-42364: use-after-free...

CVE-2026-32094

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...

EUVD-2026-11333

Shescape escape leaves bracket glob expansion active on Bash, BusyBox, and Dash...

Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash

Summary Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like secret12 to expand into multiple filesystem matches instead of a single...