7 matches found
OESA-2026-1880 busybox security update
BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: BusyBox...
SUSE: Security Advisory (SUSE-SU-2026:0872-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2026:0236-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2026:0235-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0235-1 advisory. Security issues: - CVE-2025-46394: Fixed tar hidden files via escape sequence CVE-2025-46394, bsc1241661 -...
CVE-2025-60876
BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...
CVE-2025-60876
BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...
CVE-2025-60876
CVE-2025-60876 affects BusyBox wget up to 1.3.7. The issue stems from accepting raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target, allowing the request-line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape, a raw s...