CVE-2022-46589

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstatoption parameter in the toolsnetstat sub41E730 function...

CVE-2022-46590

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstatrsname parameter in the toolsnetstat sub41E730 function...

TRENDnet TEW-755AP 缓冲区错误漏洞

The TRENDnet TEW-755AP is a router from TRENDnet. The TRENDnet TEW-755AP suffers from a stack overflow vulnerability that stems from a lack of size checking of input data in the comeo.comeo.netstatoption parameter of the toolsnetstat sub41E730 function, which can be exploited by an attacker to...

PT-2022-27916 · Trendnet · Trendnet Tew755Ap

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW755AP version 1.13B01 Description: A stack overflow issue was discovered, related to the cameo.cameo.netstat option parameter in the tools netstat function, specifically within the sub 41E730 function. Recommendations: For TRENDne...

CVE-2022-46590

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstatrsname parameter in the toolsnetstat sub41E730 function...

PT-2022-27918 · Trendnet · Trendnet Tew755Ap

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW755AP version 1.13B01 Description: A stack overflow issue was discovered, related to the cameo.cameo.netstat rsname parameter in the tools netstat function, specifically within the sub 41E730 function. Recommendations: For TRENDne...

TRENDnet TEW-755AP 缓冲区错误漏洞

The TRENDnet TEW-755AP is a router from TRENDnet. The TRENDnet TEW-755AP suffers from a stack overflow vulnerability that stems from the lack of size checking of input data in the comeo.comeo.netstatrsname parameter of the toolsnetstat sub41E730 function, which can be exploited by an attacker to...

EulerOS 2.0 SP10 : busybox (EulerOS-SA-2022-2126)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible...

The vulnerability of the BusyBox command-line utility’s set of tools is related to errors in checking input records of PTR DNS, which are displayed by the netstat utility. This vulnerability allows a hacker to execute arbitrary shell commands on the target system.

The vulnerability of the BusyBox command-line utility is related to errors in checking input records of PTR DNS, which are displayed by the netstat utility, if it is executed on a terminal compatible with VT. Exploiting this vulnerability allows an attacker to execute arbitrary shell commands on...

ROS-20220714-01

A vulnerability in the BusyBox command line utility suite is related to incorrect input validation of PTR entries DNS records output in the netstat utility when run on a VT-compatible terminal. Exploitation vulnerability could allow an attacker acting remotely to trick the victim into launching t...

EulerOS 2.0 SP9 : busybox (EulerOS-SA-2022-1958)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible...

EulerOS 2.0 SP9 : busybox (EulerOS-SA-2022-1988)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible...

CVE-2022-28391

An escape sequence injection attack was found in BusyBox on Alpine. For this issue to occur, a remote host's virtual terminal must contain an escape sequence, and the victim must then execute netstat. This flaw allows an attacker can inject arbitrary code, leading to a loss of integrity...

OESA-2022-1624 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: BusyBox...

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively the attacker could choose to change the terminal's colors.

...

Cross Site Scripting (XSS)

busybox is vulnerable to Cross Site Scripting XSS. The vulnerability exists due to arbitrary code execution which allows an attacker to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal...

Updated busybox packages fix security vulnerability

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. CVE-2022-28391...

GHSA-FX5P-F64H-93XC Opened exploitable ports in default docker-compose.yaml in go-ipfs

Impact Allows admin API access to the IPFS node. Who ? This affects people running the docker-compose.yaml service in an environment where the docker host is directly attached to a public or untrusted IP. In the vulnerable version, the private API endpoint is publicly forwarded by exposing it as...

CVE-2022-28391

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors...

AZL-9311 CVE-2022-28391 affecting package busybox for versions less than 1.35.0-2

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors...