1774 matches found
CVE-2021-42376
CVE-2021-42376 is a BusyBox vulnerability affecting the hush applet where a NULL pointer dereference can cause denial of service when processing a crafted command due to missing validation after a delimiter. Public disclosures and vendor advisories across multiple distributions (Debian, Alpine, F...
CVE-2021-42375
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input...
CVE-2021-42377
CVE-2021-42377 (BusyBox) is one of multiple vulnerabilities affecting BusyBox, specifically in the hush applet. The issue is an attacker-controlled pointer free that can cause denial of service and, under rare crafted inputs, may enable remote code execution. The vulnerability is categorized unde...
CVE-2021-42375
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input...
CVE-2021-42376
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input...
CVE-2021-42375
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input...
CVE-2021-42377
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input...
CVE-2021-42377
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input...
Denial Of Service (DoS)
busybox is vulnerable to denial of service. The vulnerability exists due to the incorrect handling of a special element in ash when processing a crafted shell command, allowing an attacker to cause an application crash...
Huawei EulerOS: Security Advisory for sssd (EulerOS-SA-2021-2675)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
BusyBox code issue vulnerability (CNVD-2021-89688)
BusyBox is a suite of applications containing several linux commands and tools from the Ukrainian personal developer Denis Vlasenko. A code issue vulnerability exists in the Busybox hush applet, which stems from the fact that dereferencing the NULL pointer in Busybox's hush applet will result in ...
EulerOS 2.0 SP9 : sssd (EulerOS-SA-2021-2724)
According to the versions of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands. Thi...
EulerOS 2.0 SP9 : sssd (EulerOS-SA-2021-2699)
According to the versions of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands. Thi...
EulerOS 2.0 SP5 : sssd (EulerOS-SA-2021-2675)
According to the versions of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands. Thi...
Updated sssd packages fix security vulnerability
Shell command injection in sssctl. CVE-2021-3621...
MGASA-2021-0502 Updated sssd packages fix security vulnerability
Shell command injection in sssctl. CVE-2021-3621...
PT-2021-23604 · Busybox +3 · Busybox +3
Name of the Vulnerable Software and Affected Versions: Busybox affected versions not specified Description: An issue in Busybox's ash applet causes a denial of service when it processes a specially crafted shell command. This happens because the shell incorrectly identifies certain characters as...
CVE-2021-42372
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...
CVE-2021-42372
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...
Command injection
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...