Siemens RUGGEDCOM RST2428P Improper Access Control (CVE-2025-60876)

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

Siemens RUGGEDCOM RST2428P External Control of File Name or Path (CVE-2026-26157)

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...

Siemens RUGGEDCOM RST2428P External Control of File Name or Path (CVE-2026-26158)

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...

CVE-2026-26157 vulnerabilities

Vulnerabilities for packages: busybox...

CVE-2026-26158 vulnerabilities

Vulnerabilities for packages: busybox...

GHSA-R8F8-4PGH-4M8V vulnerabilities

Vulnerabilities for packages: busybox...

GHSA-XM63-5PJX-VRHP vulnerabilities

Vulnerabilities for packages: busybox...

GHSA-XM63-5PJX-VRHP vulnerabilities

Vulnerabilities for packages: busybox...

CVE-2026-26157 vulnerabilities

Vulnerabilities for packages: busybox...

GHSA-R8F8-4PGH-4M8V vulnerabilities

Vulnerabilities for packages: busybox...

CVE-2026-26158 vulnerabilities

Vulnerabilities for packages: busybox...

CVE-2023-39810 vulnerabilities

Vulnerabilities for packages: busybox...

GHSA-MM53-X3WX-JGR2 vulnerabilities

Vulnerabilities for packages: busybox...

GHSA-MM53-X3WX-JGR2 vulnerabilities

Vulnerabilities for packages: busybox...

CVE-2023-39810 vulnerabilities

Vulnerabilities for packages: busybox...

EulerOS 2.0 SP13 : busybox (EulerOS-SA-2026-2281)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line ...

EulerOS 2.0 SP13 : busybox (EulerOS-SA-2026-2324)

According to the versions of the busybox packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line...

Security update for busybox (important)

openSUSE security update: security update for busybox ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20883-1 Rating: important References: bsc1263989 Cross-References: CVE-2026-29004 CVSS scores: CVE-2026-29004 SUSE : 8.1...

OPENSUSE-SU-2026:20883-1 Security update for busybox

This update for busybox fixes the following issue - CVE-2026-29004: a crafted DHCPv6 response can lead to a heap buffer overflow in the DHCPv6 client bsc1263989...

SUSE-SU-2026:22020-1 Security update for busybox

This update for busybox fixes the following issue - CVE-2026-29004: a crafted DHCPv6 response can lead to a heap buffer overflow in the DHCPv6 client bsc1263989...