Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1050517?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1050517?format=api", "purl": "pkg:deb/debian/busybox@1:1.22.0-19", "type": "deb", "namespace": "debian", "name": "busybox", "version": "1:1.22.0-19", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:1.35.0-4+deb12u1", "latest_non_vulnerable_version": "1:1.37.0-10.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56192?format=api", "vulnerability_id": "VCID-1186-afu9-nuhd", "summary": "A vulnerability in BusyBox might allow remote attackers to cause a\n Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6301.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6301.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6301", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.87173", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.87118", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.87129", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.87146", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.87142", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.87162", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.8717", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.87183", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.87177", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6301" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1363710", "reference_id": "1363710", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:45:35Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1363710" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Mar/15", "reference_id": "15", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:45:35Z/" } ], "url": "http://seclists.org/fulldisclosure/2020/Mar/15" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Aug/20", "reference_id": "20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:45:35Z/" } ], "url": "http://seclists.org/fulldisclosure/2020/Aug/20" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/08/03/7", "reference_id": "7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:45:35Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/08/03/7" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833442", "reference_id": "833442", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833442" }, { "reference_url": "http://www.securityfocus.com/bid/92277", "reference_id": "92277", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:45:35Z/" } ], "url": "http://www.securityfocus.com/bid/92277" }, { "reference_url": "https://security.gentoo.org/glsa/201701-05", "reference_id": "GLSA-201701-05", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:45:35Z/" } ], "url": "https://security.gentoo.org/glsa/201701-05" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71", "reference_id": "?id=150dc7a2b483b8338a3e185c478b4b23ee884e71", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:45:35Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050518?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4muk-rhx5-yqeu" }, { "vulnerability": "VCID-4qpt-mxfy-6bh6" }, { "vulnerability": "VCID-9fex-zr2n-w3cb" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-dse8-esmh-3ygm" }, { "vulnerability": "VCID-gdfa-8gar-47gd" }, { "vulnerability": "VCID-jjxj-yf1x-4qg5" }, { "vulnerability": "VCID-mdmz-hjvu-hke3" }, { "vulnerability": "VCID-r12h-q1dj-a7b8" }, { "vulnerability": "VCID-tkat-gfks-kqg9" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-vpmv-afzs-tffj" }, { "vulnerability": "VCID-y9hd-5med-67c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-4" } ], "aliases": [ "CVE-2016-6301" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1186-afu9-nuhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83011?format=api", "vulnerability_id": "VCID-1drx-383s-uqb7", "summary": "busybox: Out of bounds read in udhcp components resulting in information disclosure", "references": [ { "reference_url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:25:21Z/" } ], "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20679.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20679.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20679", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11964", "scoring_system": "epss", "scoring_elements": "0.9376", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11964", "scoring_system": "epss", "scoring_elements": "0.93722", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11964", "scoring_system": "epss", "scoring_elements": "0.93731", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11964", "scoring_system": "epss", "scoring_elements": "0.93741", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.11964", "scoring_system": "epss", "scoring_elements": "0.93744", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11964", "scoring_system": "epss", "scoring_elements": "0.93753", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11964", "scoring_system": "epss", "scoring_elements": "0.93756", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11964", "scoring_system": "epss", "scoring_elements": "0.93761", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20679" }, { "reference_url": "https://bugs.busybox.net/show_bug.cgi?id=11506", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:25:21Z/" } ], "url": "https://bugs.busybox.net/show_bug.cgi?id=11506" }, { "reference_url": "https://busybox.net/news.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:25:21Z/" } ], "url": "https://busybox.net/news.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20679" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Sep/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:25:21Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Sep/7" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:25:21Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:25:21Z/" } ], "url": "https://seclists.org/bugtraq/2019/Sep/7" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666667", "reference_id": "1666667", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666667" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918846", "reference_id": "918846", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918846" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20679", "reference_id": "CVE-2018-20679", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20679" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:25:21Z/" } ], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050518?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4muk-rhx5-yqeu" }, { "vulnerability": "VCID-4qpt-mxfy-6bh6" }, { "vulnerability": "VCID-9fex-zr2n-w3cb" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-dse8-esmh-3ygm" }, { "vulnerability": "VCID-gdfa-8gar-47gd" }, { "vulnerability": "VCID-jjxj-yf1x-4qg5" }, { "vulnerability": "VCID-mdmz-hjvu-hke3" }, { "vulnerability": "VCID-r12h-q1dj-a7b8" }, { "vulnerability": "VCID-tkat-gfks-kqg9" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-vpmv-afzs-tffj" }, { "vulnerability": "VCID-y9hd-5med-67c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-4" } ], "aliases": [ "CVE-2018-20679" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1drx-383s-uqb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82888?format=api", "vulnerability_id": "VCID-4asq-bb6w-1bf2", "summary": "busybox: Out of bounds read in udhcp components resulting in information disclosure", "references": [ { "reference_url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:27:45Z/" } ], "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5747.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5747.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5747", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.5882", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58717", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58791", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58812", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58781", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58833", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58839", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58857", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.5884", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5747" }, { "reference_url": "https://bugs.busybox.net/show_bug.cgi?id=11506", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:27:45Z/" } ], "url": "https://bugs.busybox.net/show_bug.cgi?id=11506" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5747" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Sep/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:27:45Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Sep/7" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:27:45Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:27:45Z/" } ], "url": "https://seclists.org/bugtraq/2019/Sep/7" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667067", "reference_id": "1667067", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667067" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5747", "reference_id": "CVE-2019-5747", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5747" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:27:45Z/" } ], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050518?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4muk-rhx5-yqeu" }, { "vulnerability": "VCID-4qpt-mxfy-6bh6" }, { "vulnerability": "VCID-9fex-zr2n-w3cb" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-dse8-esmh-3ygm" }, { "vulnerability": "VCID-gdfa-8gar-47gd" }, { "vulnerability": "VCID-jjxj-yf1x-4qg5" }, { "vulnerability": "VCID-mdmz-hjvu-hke3" }, { "vulnerability": "VCID-r12h-q1dj-a7b8" }, { "vulnerability": "VCID-tkat-gfks-kqg9" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-vpmv-afzs-tffj" }, { "vulnerability": "VCID-y9hd-5med-67c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-4" } ], "aliases": [ "CVE-2019-5747" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4asq-bb6w-1bf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40694?format=api", "vulnerability_id": "VCID-4muk-rhx5-yqeu", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42386.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42386.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42386", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52565", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52665", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52608", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52601", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52652", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52647", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52697", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52681", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023938", "reference_id": "2023938", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023938" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582168?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4" } ], "aliases": [ "CVE-2021-42386" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4muk-rhx5-yqeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40693?format=api", "vulnerability_id": "VCID-4qpt-mxfy-6bh6", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42385.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42385.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42385", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52565", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52665", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52608", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52601", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52652", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52647", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52697", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52681", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023936", "reference_id": "2023936", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023936" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582168?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4" } ], "aliases": [ "CVE-2021-42385" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4qpt-mxfy-6bh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47304?format=api", "vulnerability_id": "VCID-5rmt-k48a-ubbg", "summary": "Multiple vulnerabilities have been found in BusyBox, the worst of\n which could allow remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15873.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15873.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15873", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33641", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33877", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33985", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.34016", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33871", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33913", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33945", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33943", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33901", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15873" }, { "reference_url": "https://bugs.busybox.net/show_bug.cgi?id=10431", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:26:38Z/" } ], "url": "https://bugs.busybox.net/show_bug.cgi?id=10431" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15873" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:26:38Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:26:38Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:26:38Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515249", "reference_id": "1515249", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515249" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879732", "reference_id": "879732", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879732" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:1.27.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:busybox:busybox:1.27.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:1.27.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15873", "reference_id": "CVE-2017-15873", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15873" }, { "reference_url": "https://security.gentoo.org/glsa/201803-12", "reference_id": "GLSA-201803-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-12" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:26:38Z/" } ], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050518?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4muk-rhx5-yqeu" }, { "vulnerability": "VCID-4qpt-mxfy-6bh6" }, { "vulnerability": "VCID-9fex-zr2n-w3cb" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-dse8-esmh-3ygm" }, { "vulnerability": "VCID-gdfa-8gar-47gd" }, { "vulnerability": "VCID-jjxj-yf1x-4qg5" }, { "vulnerability": "VCID-mdmz-hjvu-hke3" }, { "vulnerability": "VCID-r12h-q1dj-a7b8" }, { "vulnerability": "VCID-tkat-gfks-kqg9" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-vpmv-afzs-tffj" }, { "vulnerability": "VCID-y9hd-5med-67c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-4" } ], "aliases": [ "CVE-2017-15873" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5rmt-k48a-ubbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43809?format=api", "vulnerability_id": "VCID-674c-ab3f-a7av", "summary": "Multiple vulnerabilities have been found in BusyBox, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2147.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2147.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92215", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92222", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92228", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92231", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92242", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92246", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92251", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92252", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92249", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2147" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316554", "reference_id": "1316554", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316554" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818499", "reference_id": "818499", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818499" }, { "reference_url": "https://security.gentoo.org/glsa/201612-04", "reference_id": "GLSA-201612-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-04" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050518?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4muk-rhx5-yqeu" }, { "vulnerability": "VCID-4qpt-mxfy-6bh6" }, { "vulnerability": "VCID-9fex-zr2n-w3cb" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-dse8-esmh-3ygm" }, { "vulnerability": "VCID-gdfa-8gar-47gd" }, { "vulnerability": "VCID-jjxj-yf1x-4qg5" }, { "vulnerability": "VCID-mdmz-hjvu-hke3" }, { "vulnerability": "VCID-r12h-q1dj-a7b8" }, { "vulnerability": "VCID-tkat-gfks-kqg9" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-vpmv-afzs-tffj" }, { "vulnerability": "VCID-y9hd-5med-67c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-4" } ], "aliases": [ "CVE-2016-2147" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-674c-ab3f-a7av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40692?format=api", "vulnerability_id": "VCID-9fex-zr2n-w3cb", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42384.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42384.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42384", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4647", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46535", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46507", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46476", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46531", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46555", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42384" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023933", "reference_id": "2023933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023933" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582168?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4" } ], "aliases": [ "CVE-2021-42384" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9fex-zr2n-w3cb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78160?format=api", "vulnerability_id": "VCID-9s28-b1gj-uqaj", "summary": "busybox: stack overflow vulnerability in ash.c leads to arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48174.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48174.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48174", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71523", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71554", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71588", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71572", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.7154", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71513", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71553", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71565", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48174" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48174", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48174" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059049", "reference_id": "1059049", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059049" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237153", "reference_id": "2237153", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5178", "reference_id": "RHSA-2023:5178", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5178" }, { "reference_url": "https://bugs.busybox.net/show_bug.cgi?id=15216", "reference_id": "show_bug.cgi?id=15216", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-03T14:24:43Z/" } ], "url": "https://bugs.busybox.net/show_bug.cgi?id=15216" }, { "reference_url": "https://usn.ubuntu.com/6335-1/", "reference_id": "USN-6335-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6335-1/" }, { "reference_url": "https://usn.ubuntu.com/6961-1/", "reference_id": "USN-6961-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6961-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582168?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/582169?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%252Bdeb12u1" } ], "aliases": [ "CVE-2022-48174" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9s28-b1gj-uqaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85464?format=api", "vulnerability_id": "VCID-a4vx-45xg-zqej", "summary": "busybox: Segmentation fault when unzipping specially crafted zip file", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9261.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9261.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9261", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74226", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74178", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74183", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.7421", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74216", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74231", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74252", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74233", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9261" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9261", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9261" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276427", "reference_id": "1276427", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276427" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803097", "reference_id": "803097", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803097" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050518?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4muk-rhx5-yqeu" }, { "vulnerability": "VCID-4qpt-mxfy-6bh6" }, { "vulnerability": "VCID-9fex-zr2n-w3cb" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-dse8-esmh-3ygm" }, { "vulnerability": "VCID-gdfa-8gar-47gd" }, { "vulnerability": "VCID-jjxj-yf1x-4qg5" }, { "vulnerability": "VCID-mdmz-hjvu-hke3" }, { "vulnerability": "VCID-r12h-q1dj-a7b8" }, { "vulnerability": "VCID-tkat-gfks-kqg9" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-vpmv-afzs-tffj" }, { "vulnerability": "VCID-y9hd-5med-67c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-4" } ], "aliases": [ "CVE-2015-9261" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a4vx-45xg-zqej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83563?format=api", "vulnerability_id": "VCID-dkng-6ayt-h7fv", "summary": "busybox: wget: Heap-based buffer overflow in the retrieve_file_data() function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000517.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000517.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13702", "scoring_system": "epss", "scoring_elements": "0.94221", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.16054", "scoring_system": "epss", "scoring_elements": "0.94785", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.16054", "scoring_system": "epss", "scoring_elements": "0.94758", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.16054", "scoring_system": "epss", "scoring_elements": "0.94762", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.16054", "scoring_system": "epss", "scoring_elements": "0.94763", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.16054", "scoring_system": "epss", "scoring_elements": "0.94772", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.16054", "scoring_system": "epss", "scoring_elements": "0.94777", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.16054", "scoring_system": "epss", "scoring_elements": "0.9478", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.16054", "scoring_system": "epss", "scoring_elements": "0.94784", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:36:05Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:36:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:36:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595595", "reference_id": "1595595", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595595" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902724", "reference_id": "902724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000517", "reference_id": "CVE-2018-1000517", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000517" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:36:05Z/" } ], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050518?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4muk-rhx5-yqeu" }, { "vulnerability": "VCID-4qpt-mxfy-6bh6" }, { "vulnerability": "VCID-9fex-zr2n-w3cb" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-dse8-esmh-3ygm" }, { "vulnerability": "VCID-gdfa-8gar-47gd" }, { "vulnerability": "VCID-jjxj-yf1x-4qg5" }, { "vulnerability": "VCID-mdmz-hjvu-hke3" }, { "vulnerability": "VCID-r12h-q1dj-a7b8" }, { "vulnerability": "VCID-tkat-gfks-kqg9" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-vpmv-afzs-tffj" }, { "vulnerability": "VCID-y9hd-5med-67c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-4" } ], "aliases": [ "CVE-2018-1000517" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dkng-6ayt-h7fv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47306?format=api", "vulnerability_id": "VCID-dktd-xqjr-h7h1", "summary": "Multiple vulnerabilities have been found in BusyBox, the worst of\n which could allow remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16544.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16544.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16544", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87216", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87206", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87232", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87229", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87249", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87256", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87268", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87263", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87258", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Mar/15", "reference_id": "15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2020/Mar/15" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515713", "reference_id": "1515713", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515713" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Aug/20", "reference_id": "20", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2020/Aug/20" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Aug/21", "reference_id": "21", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2021/Aug/21" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Jan/39", "reference_id": "39", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2021/Jan/39" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Sep/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2020/Sep/6" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882258", "reference_id": "882258", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882258" }, { "reference_url": "https://security.archlinux.org/ASA-201803-1", "reference_id": "ASA-201803-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-1" }, { "reference_url": "https://security.archlinux.org/ASA-201803-2", "reference_id": "ASA-201803-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-2" }, { "reference_url": "https://security.archlinux.org/AVG-512", "reference_id": "AVG-512", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-512" }, { "reference_url": "https://security.archlinux.org/AVG-514", "reference_id": "AVG-514", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-514" }, { "reference_url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/", "reference_id": "cve-2017-16544-busybox-autocompletion-vulnerability", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/" }, { "reference_url": "https://security.gentoo.org/glsa/201803-12", "reference_id": "GLSA-201803-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-12" }, { "reference_url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01", "reference_id": "icsa-20-240-01", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8", "reference_id": "?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050518?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4muk-rhx5-yqeu" }, { "vulnerability": "VCID-4qpt-mxfy-6bh6" }, { "vulnerability": "VCID-9fex-zr2n-w3cb" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-dse8-esmh-3ygm" }, { "vulnerability": "VCID-gdfa-8gar-47gd" }, { "vulnerability": "VCID-jjxj-yf1x-4qg5" }, { "vulnerability": "VCID-mdmz-hjvu-hke3" }, { "vulnerability": "VCID-r12h-q1dj-a7b8" }, { "vulnerability": "VCID-tkat-gfks-kqg9" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-vpmv-afzs-tffj" }, { "vulnerability": "VCID-y9hd-5med-67c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-4" } ], "aliases": [ "CVE-2017-16544" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dktd-xqjr-h7h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40688?format=api", "vulnerability_id": "VCID-dse8-esmh-3ygm", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42380.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42380.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63716", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63676", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63728", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63745", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63759", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64309", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64251", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023912", "reference_id": "2023912", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023912" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582168?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4" } ], "aliases": [ "CVE-2021-42380" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dse8-esmh-3ygm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47305?format=api", "vulnerability_id": "VCID-g587-5fx5-5uew", "summary": "Multiple vulnerabilities have been found in BusyBox, the worst of\n which could allow remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15874.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15874.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15874", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51276", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51374", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51328", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51355", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51314", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51368", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51409", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51388", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15874" }, { "reference_url": "https://bugs.busybox.net/show_bug.cgi?id=10436", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:23:46Z/" } ], "url": "https://bugs.busybox.net/show_bug.cgi?id=10436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15874", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15874" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515286", "reference_id": "1515286", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515286" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879732", "reference_id": "879732", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879732" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:1.27.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:busybox:busybox:1.27.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:1.27.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15874", "reference_id": "CVE-2017-15874", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15874" }, { "reference_url": "https://security.gentoo.org/glsa/201803-12", "reference_id": "GLSA-201803-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050518?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4muk-rhx5-yqeu" }, { "vulnerability": "VCID-4qpt-mxfy-6bh6" }, { "vulnerability": "VCID-9fex-zr2n-w3cb" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-dse8-esmh-3ygm" }, { "vulnerability": "VCID-gdfa-8gar-47gd" }, { "vulnerability": "VCID-jjxj-yf1x-4qg5" }, { "vulnerability": "VCID-mdmz-hjvu-hke3" }, { "vulnerability": "VCID-r12h-q1dj-a7b8" }, { "vulnerability": "VCID-tkat-gfks-kqg9" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-vpmv-afzs-tffj" }, { "vulnerability": "VCID-y9hd-5med-67c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-4" } ], "aliases": [ "CVE-2017-15874" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g587-5fx5-5uew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40687?format=api", "vulnerability_id": "VCID-gdfa-8gar-47gd", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42379.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42379.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4647", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46535", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46507", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46476", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46531", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46555", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42379" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023904", "reference_id": "2023904", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023904" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582168?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4" } ], "aliases": [ "CVE-2021-42379" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdfa-8gar-47gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40686?format=api", "vulnerability_id": "VCID-jjxj-yf1x-4qg5", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42378.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42378.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4647", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46535", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46507", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46476", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46531", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46555", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023900", "reference_id": "2023900", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023900" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582168?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4" } ], "aliases": [ "CVE-2021-42378" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjxj-yf1x-4qg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40690?format=api", "vulnerability_id": "VCID-mdmz-hjvu-hke3", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42382.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42382.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42382", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.54992", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55117", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55094", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55093", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55143", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55155", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55135", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42382" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023929", "reference_id": "2023929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023929" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582168?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4" } ], "aliases": [ "CVE-2021-42382" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mdmz-hjvu-hke3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85482?format=api", "vulnerability_id": "VCID-nthm-4fpy-zfev", "summary": "busybox: Path traversal via crafted tar file containing symlink", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5325.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5325.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-5325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.88051", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.87992", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.88002", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.88016", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.88021", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.8804", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.88047", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.88057", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.8805", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-5325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5325" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274215", "reference_id": "1274215", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274215" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802702", "reference_id": "802702", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802702" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050518?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4muk-rhx5-yqeu" }, { "vulnerability": "VCID-4qpt-mxfy-6bh6" }, { "vulnerability": "VCID-9fex-zr2n-w3cb" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-dse8-esmh-3ygm" }, { "vulnerability": "VCID-gdfa-8gar-47gd" }, { "vulnerability": "VCID-jjxj-yf1x-4qg5" }, { "vulnerability": "VCID-mdmz-hjvu-hke3" }, { "vulnerability": "VCID-r12h-q1dj-a7b8" }, { "vulnerability": "VCID-tkat-gfks-kqg9" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-vpmv-afzs-tffj" }, { "vulnerability": "VCID-y9hd-5med-67c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-4" } ], "aliases": [ "CVE-2011-5325" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nthm-4fpy-zfev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40689?format=api", "vulnerability_id": "VCID-r12h-q1dj-a7b8", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42381.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42381.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.54992", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55117", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55094", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55093", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55143", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55155", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55135", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023927", "reference_id": "2023927", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023927" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582168?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4" } ], "aliases": [ "CVE-2021-42381" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r12h-q1dj-a7b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40682?format=api", "vulnerability_id": "VCID-tkat-gfks-kqg9", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42374.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42374.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20042", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20022", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20189", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20244", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19969", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20049", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20107", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20126", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.2008", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023881", "reference_id": "2023881", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023881" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582168?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4" } ], "aliases": [ "CVE-2021-42374" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tkat-gfks-kqg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77941?format=api", "vulnerability_id": "VCID-v6td-yjyg-rub4", "summary": "busybox: use-after-free", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42365.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42365.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09224", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09269", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09238", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09225", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09148", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09229", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09267", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09473", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42365" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059052", "reference_id": "1059052", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059052" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251853", "reference_id": "2251853", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251853" }, { "reference_url": "https://usn.ubuntu.com/6961-1/", "reference_id": "USN-6961-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6961-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582168?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/582169?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%252Bdeb12u1" } ], "aliases": [ "CVE-2023-42365" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v6td-yjyg-rub4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39478?format=api", "vulnerability_id": "VCID-vpmv-afzs-tffj", "summary": "A vulnerability in BusyBox might allow remote attackers to cause a\n Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28831.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28831.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77155", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77217", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77191", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77173", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77205", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77241", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.7722", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941028", "reference_id": "1941028", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941028" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/", "reference_id": "3UDQGJRECXFS5EZVDH2OI45FMO436AC4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985674", "reference_id": "985674", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985674" }, { "reference_url": "https://security.archlinux.org/ASA-202103-11", "reference_id": "ASA-202103-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202103-11" }, { "reference_url": "https://security.archlinux.org/ASA-202103-12", "reference_id": "ASA-202103-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202103-12" }, { "reference_url": "https://security.archlinux.org/AVG-1707", "reference_id": "AVG-1707", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1707" }, { "reference_url": "https://security.archlinux.org/AVG-1708", "reference_id": "AVG-1708", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1708" }, { "reference_url": "https://security.gentoo.org/glsa/202105-09", "reference_id": "GLSA-202105-09", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://security.gentoo.org/glsa/202105-09" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd", "reference_id": "?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html", "reference_id": "msg00001.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" }, { "reference_url": "https://usn.ubuntu.com/5179-2/", "reference_id": "USN-5179-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-2/" }, { "reference_url": "https://usn.ubuntu.com/6335-1/", "reference_id": "USN-6335-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6335-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/", "reference_id": "Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/", "reference_id": "ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582168?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4" } ], "aliases": [ "CVE-2021-28831" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vpmv-afzs-tffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77942?format=api", "vulnerability_id": "VCID-y9hd-5med-67c4", "summary": "busybox: use-after-free", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42364.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42364.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09224", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09229", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09267", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09269", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09238", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09225", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09148", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09473", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42364" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059051", "reference_id": "1059051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059051" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251855", "reference_id": "2251855", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251855" }, { "reference_url": "https://bugs.busybox.net/show_bug.cgi?id=15868", "reference_id": "show_bug.cgi?id=15868", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T20:28:22Z/" } ], "url": "https://bugs.busybox.net/show_bug.cgi?id=15868" }, { "reference_url": "https://usn.ubuntu.com/6961-1/", "reference_id": "USN-6961-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6961-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582168?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/582169?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%252Bdeb12u1" } ], "aliases": [ "CVE-2023-42364" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y9hd-5med-67c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43811?format=api", "vulnerability_id": "VCID-z13y-nsuu-ckfq", "summary": "Multiple vulnerabilities have been found in BusyBox, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2148.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2148.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.94744", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.94708", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.94716", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.9472", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.94722", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.94731", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.94735", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.9474", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.94743", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2148" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2148", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2148" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316556", "reference_id": "1316556", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316556" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818497", "reference_id": "818497", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818497" }, { "reference_url": "https://security.gentoo.org/glsa/201612-04", "reference_id": "GLSA-201612-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-04" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050518?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4muk-rhx5-yqeu" }, { "vulnerability": "VCID-4qpt-mxfy-6bh6" }, { "vulnerability": "VCID-9fex-zr2n-w3cb" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-dse8-esmh-3ygm" }, { "vulnerability": "VCID-gdfa-8gar-47gd" }, { "vulnerability": "VCID-jjxj-yf1x-4qg5" }, { "vulnerability": "VCID-mdmz-hjvu-hke3" }, { "vulnerability": "VCID-r12h-q1dj-a7b8" }, { "vulnerability": "VCID-tkat-gfks-kqg9" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-vpmv-afzs-tffj" }, { "vulnerability": "VCID-y9hd-5med-67c4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-4" } ], "aliases": [ "CVE-2016-2148" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z13y-nsuu-ckfq" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51110?format=api", "vulnerability_id": "VCID-qrs2-dwcr-cfam", "summary": "Multiple vulnerabilities have been found in BusyBox, allowing\n context dependent attackers to load arbitrary kernel modules, execute\n arbitrary files, or cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4607.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4607.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4607", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.93133", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.93142", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.93146", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.93144", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.93153", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.93157", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.93163", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.9316", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.93161", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4607" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112418", "reference_id": "1112418", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112418" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752861", "reference_id": "752861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752861" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768945", "reference_id": "768945", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768945" }, { "reference_url": "https://security.gentoo.org/glsa/201503-13", "reference_id": "GLSA-201503-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-13" }, { "reference_url": "https://security.gentoo.org/glsa/201701-14", "reference_id": "GLSA-201701-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0861", "reference_id": "RHSA-2014:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0861" }, { "reference_url": "https://usn.ubuntu.com/2300-1/", "reference_id": "USN-2300-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2300-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050517?format=api", "purl": "pkg:deb/debian/busybox@1:1.22.0-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1186-afu9-nuhd" }, { "vulnerability": "VCID-1drx-383s-uqb7" }, { "vulnerability": "VCID-4asq-bb6w-1bf2" }, { "vulnerability": "VCID-4muk-rhx5-yqeu" }, { "vulnerability": "VCID-4qpt-mxfy-6bh6" }, { "vulnerability": "VCID-5rmt-k48a-ubbg" }, { "vulnerability": "VCID-674c-ab3f-a7av" }, { "vulnerability": "VCID-9fex-zr2n-w3cb" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-a4vx-45xg-zqej" }, { "vulnerability": "VCID-dkng-6ayt-h7fv" }, { "vulnerability": "VCID-dktd-xqjr-h7h1" }, { "vulnerability": "VCID-dse8-esmh-3ygm" }, { "vulnerability": "VCID-g587-5fx5-5uew" }, { "vulnerability": "VCID-gdfa-8gar-47gd" }, { "vulnerability": "VCID-jjxj-yf1x-4qg5" }, { "vulnerability": "VCID-mdmz-hjvu-hke3" }, { "vulnerability": "VCID-nthm-4fpy-zfev" }, { "vulnerability": "VCID-r12h-q1dj-a7b8" }, { "vulnerability": "VCID-tkat-gfks-kqg9" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-vpmv-afzs-tffj" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-z13y-nsuu-ckfq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.22.0-19" } ], "aliases": [ "CVE-2014-4607" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qrs2-dwcr-cfam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51112?format=api", "vulnerability_id": "VCID-rsbc-rpd9-t3hz", "summary": "Multiple vulnerabilities have been found in BusyBox, allowing\n context dependent attackers to load arbitrary kernel modules, execute\n arbitrary files, or cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9645.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9645.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9645", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59014", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.5909", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59113", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59077", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59128", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59131", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59149", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59132", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9645" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185707", "reference_id": "1185707", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185707" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776186", "reference_id": "776186", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776186" }, { "reference_url": "https://security.gentoo.org/glsa/201503-13", "reference_id": "GLSA-201503-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-13" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050517?format=api", "purl": "pkg:deb/debian/busybox@1:1.22.0-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1186-afu9-nuhd" }, { "vulnerability": "VCID-1drx-383s-uqb7" }, { "vulnerability": "VCID-4asq-bb6w-1bf2" }, { "vulnerability": "VCID-4muk-rhx5-yqeu" }, { "vulnerability": "VCID-4qpt-mxfy-6bh6" }, { "vulnerability": "VCID-5rmt-k48a-ubbg" }, { "vulnerability": "VCID-674c-ab3f-a7av" }, { "vulnerability": "VCID-9fex-zr2n-w3cb" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-a4vx-45xg-zqej" }, { "vulnerability": "VCID-dkng-6ayt-h7fv" }, { "vulnerability": "VCID-dktd-xqjr-h7h1" }, { "vulnerability": "VCID-dse8-esmh-3ygm" }, { "vulnerability": "VCID-g587-5fx5-5uew" }, { "vulnerability": "VCID-gdfa-8gar-47gd" }, { "vulnerability": "VCID-jjxj-yf1x-4qg5" }, { "vulnerability": "VCID-mdmz-hjvu-hke3" }, { "vulnerability": "VCID-nthm-4fpy-zfev" }, { "vulnerability": "VCID-r12h-q1dj-a7b8" }, { "vulnerability": "VCID-tkat-gfks-kqg9" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-vpmv-afzs-tffj" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-z13y-nsuu-ckfq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.22.0-19" } ], "aliases": [ "CVE-2014-9645" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rsbc-rpd9-t3hz" } ], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.22.0-19" }