Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/582949?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "type": "deb", "namespace": "debian", "name": "busybox", "version": "1:1.35.0-4", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:1.36.1-1", "latest_non_vulnerable_version": "1:1.37.0-10.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64630?format=api", "vulnerability_id": "VCID-8844-hdkd-yyc7", "summary": "busybox: BusyBox: Arbitrary file modification and privilege escalation via unvalidated tar archive entries", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26158.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26158.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26158", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00232", "published_at": "2026-04-13T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.0024", "published_at": "2026-04-02T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00238", "published_at": "2026-04-07T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00236", "published_at": "2026-04-08T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00235", "published_at": "2026-04-09T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00234", "published_at": "2026-04-11T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00233", "published_at": "2026-04-12T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00241", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26158" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127782", "reference_id": "1127782", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127782" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439040", "reference_id": "2439040", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-12T04:55:24Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439040" }, { "reference_url": "https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb", "reference_id": "archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-12T04:55:24Z/" } ], "url": "https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1", "reference_id": "cpe:/a:redhat:hummingbird:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-26158", "reference_id": "CVE-2026-26158", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-12T04:55:24Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-26158" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-26158" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8844-hdkd-yyc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78160?format=api", "vulnerability_id": "VCID-9s28-b1gj-uqaj", "summary": "busybox: stack overflow vulnerability in ash.c leads to arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48174.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48174.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48174", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71523", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71554", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71588", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71572", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.7154", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71513", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71553", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71565", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48174" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48174", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48174" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059049", "reference_id": "1059049", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059049" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237153", "reference_id": "2237153", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5178", "reference_id": "RHSA-2023:5178", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5178" }, { "reference_url": "https://bugs.busybox.net/show_bug.cgi?id=15216", "reference_id": "show_bug.cgi?id=15216", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-03T14:24:43Z/" } ], "url": "https://bugs.busybox.net/show_bug.cgi?id=15216" }, { "reference_url": "https://usn.ubuntu.com/6335-1/", "reference_id": "USN-6335-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6335-1/" }, { "reference_url": "https://usn.ubuntu.com/6961-1/", "reference_id": "USN-6961-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6961-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921600?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-48174" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9s28-b1gj-uqaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64629?format=api", "vulnerability_id": "VCID-fugr-ve7z-efdb", "summary": "busybox: BusyBox: Arbitrary file overwrite and potential code execution via incomplete path sanitization", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26157.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26157.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26157", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00278", "published_at": "2026-04-13T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00296", "published_at": "2026-04-02T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00293", "published_at": "2026-04-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00285", "published_at": "2026-04-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00283", "published_at": "2026-04-08T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00282", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00279", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26157" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127782", "reference_id": "1127782", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127782" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439039", "reference_id": "2439039", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-12T04:55:24Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-11T20:50:59Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439039" }, { "reference_url": "https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb", "reference_id": "archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-12T04:55:24Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-11T20:50:59Z/" } ], "url": "https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1", "reference_id": "cpe:/a:redhat:hummingbird:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-26157", "reference_id": "CVE-2026-26157", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-12T04:55:24Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-11T20:50:59Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-26157" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-26157" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fugr-ve7z-efdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96334?format=api", "vulnerability_id": "VCID-g5t1-3tab-uuf9", "summary": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-58251", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23085", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23201", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23245", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23035", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23108", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23161", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23181", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23143", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-58251" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58251", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58251" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104009", "reference_id": "1104009", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104009" }, { "reference_url": "https://www.busybox.net/downloads/", "reference_id": "downloads", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T18:35:32Z/" } ], "url": "https://www.busybox.net/downloads/" }, { "reference_url": "https://bugs.busybox.net/show_bug.cgi?id=15922", "reference_id": "show_bug.cgi?id=15922", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T18:35:32Z/" } ], "url": "https://bugs.busybox.net/show_bug.cgi?id=15922" }, { "reference_url": "https://www.busybox.net", "reference_id": "www.busybox.net", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T18:35:32Z/" } ], "url": "https://www.busybox.net" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921603?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-58251" ], "risk_score": 0.8, "exploitability": "0.5", "weighted_severity": "1.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g5t1-3tab-uuf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96706?format=api", "vulnerability_id": "VCID-jjqh-pw7r-buau", "summary": "In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24224", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24333", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24442", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2429", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24409", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24251", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24308", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24351", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46394" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46394", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46394" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104008", "reference_id": "1104008", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104008" }, { "reference_url": "https://security.archlinux.org/AVG-2880", "reference_id": "AVG-2880", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2880" }, { "reference_url": "https://www.busybox.net/downloads/", "reference_id": "downloads", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:43:05Z/" } ], "url": "https://www.busybox.net/downloads/" }, { "reference_url": "https://bugs.busybox.net/show_bug.cgi?id=16018", "reference_id": "show_bug.cgi?id=16018", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:43:05Z/" } ], "url": "https://bugs.busybox.net/show_bug.cgi?id=16018" }, { "reference_url": "https://www.busybox.net", "reference_id": "www.busybox.net", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:43:05Z/" } ], "url": "https://www.busybox.net" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921602?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-46394" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjqh-pw7r-buau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77940?format=api", "vulnerability_id": "VCID-n1u3-njfx-vfcp", "summary": "busybox: A heap-buffer-overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42366.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42366.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42366", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06631", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06596", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08131", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08123", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08103", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08085", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08049", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08109", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42366" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42366", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42366" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059053", "reference_id": "1059053", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059053" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251851", "reference_id": "2251851", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251851" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921602?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-42366" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n1u3-njfx-vfcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79421?format=api", "vulnerability_id": "VCID-syfd-zx16-n3gy", "summary": "busybox: A use-after-free in Busybox's awk applet leads to denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30065.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30065.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30065", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66195", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66221", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66191", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66239", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66252", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66272", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66259", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66228", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30065" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30065", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30065" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088233", "reference_id": "2088233", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088233" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921599?format=api", "purl": "pkg:deb/debian/busybox@1:1.36.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.36.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-30065" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-syfd-zx16-n3gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66605?format=api", "vulnerability_id": "VCID-t62w-rrsb-vqgy", "summary": "busybox: BusyBox wget: HTTP request-target allows header injection", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-60876.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-60876.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-60876", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13208", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13327", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13295", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13257", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.138", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20059", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20117", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19844", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-60876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60876" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120795", "reference_id": "1120795", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120795" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413825", "reference_id": "2413825", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413825" }, { "reference_url": "https://gist.github.com/subyumatest/41554af6a72aedaacaec026adc311092", "reference_id": "41554af6a72aedaacaec026adc311092", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T20:45:24Z/" } ], "url": "https://gist.github.com/subyumatest/41554af6a72aedaacaec026adc311092" }, { "reference_url": "https://lists.busybox.net/pipermail/busybox/attachments/20250823/ccdc96ef/attachment-0001.htm", "reference_id": "attachment-0001.htm", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T20:45:24Z/" } ], "url": "https://lists.busybox.net/pipermail/busybox/attachments/20250823/ccdc96ef/attachment-0001.htm" }, { "reference_url": "https://lists.busybox.net/pipermail/busybox/attachments/20250828/e7f90492/attachment.htm", "reference_id": "attachment.htm", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T20:45:24Z/" } ], "url": "https://lists.busybox.net/pipermail/busybox/attachments/20250828/e7f90492/attachment.htm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921602?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-60876" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t62w-rrsb-vqgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77941?format=api", "vulnerability_id": "VCID-v6td-yjyg-rub4", "summary": "busybox: use-after-free", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42365.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42365.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09224", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09269", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09238", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09225", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09148", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09229", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09267", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09473", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42365" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059052", "reference_id": "1059052", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059052" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251853", "reference_id": "2251853", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251853" }, { "reference_url": "https://usn.ubuntu.com/6961-1/", "reference_id": "USN-6961-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6961-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921600?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-42365" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v6td-yjyg-rub4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77943?format=api", "vulnerability_id": "VCID-xjbx-z3d5-5bad", "summary": "busybox: use-after-free in awk", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42363.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42363.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07262", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07286", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07272", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07229", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07208", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07263", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0729", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07441", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42363" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059050", "reference_id": "1059050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252027", "reference_id": "2252027", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252027" }, { "reference_url": "https://usn.ubuntu.com/6961-1/", "reference_id": "USN-6961-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6961-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921600?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-42363" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xjbx-z3d5-5bad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77942?format=api", "vulnerability_id": "VCID-y9hd-5med-67c4", "summary": "busybox: use-after-free", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42364.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42364.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09224", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09229", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09267", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09269", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09238", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09225", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09148", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09473", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42364" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059051", "reference_id": "1059051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059051" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251855", "reference_id": "2251855", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251855" }, { "reference_url": "https://bugs.busybox.net/show_bug.cgi?id=15868", "reference_id": "show_bug.cgi?id=15868", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T20:28:22Z/" } ], "url": "https://bugs.busybox.net/show_bug.cgi?id=15868" }, { "reference_url": "https://usn.ubuntu.com/6961-1/", "reference_id": "USN-6961-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6961-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921600?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-42364" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y9hd-5med-67c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78125?format=api", "vulnerability_id": "VCID-ytff-pgz4-tub2", "summary": "busybox: CPIO command of Busybox allows attackers to execute a directory traversal", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39810.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39810.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39810", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25896", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26059", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25955", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.261", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25868", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25938", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25989", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39810", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39810" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055307", "reference_id": "1055307", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055307" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235824", "reference_id": "2235824", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235824" }, { "reference_url": "http://busybox.com", "reference_id": "busybox.com", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:58:10Z/" } ], "url": "http://busybox.com" }, { "reference_url": "https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/", "reference_id": "busybox-cpio-directory-traversal-vulnerability", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:58:10Z/" } ], "url": "https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921601?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-39810" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ytff-pgz4-tub2" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56192?format=api", "vulnerability_id": "VCID-1186-afu9-nuhd", "summary": "A vulnerability in BusyBox might allow remote attackers to cause a\n Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6301.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6301.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6301", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.87173", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.87118", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.87129", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.87146", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.87142", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.87162", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.8717", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.87183", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03277", "scoring_system": "epss", "scoring_elements": "0.87177", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6301" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1363710", "reference_id": "1363710", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:45:35Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1363710" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Mar/15", "reference_id": "15", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:45:35Z/" } ], "url": "http://seclists.org/fulldisclosure/2020/Mar/15" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Aug/20", "reference_id": "20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:45:35Z/" } ], "url": "http://seclists.org/fulldisclosure/2020/Aug/20" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/08/03/7", "reference_id": "7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:45:35Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/08/03/7" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833442", "reference_id": "833442", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833442" }, { "reference_url": "http://www.securityfocus.com/bid/92277", "reference_id": "92277", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:45:35Z/" } ], "url": "http://www.securityfocus.com/bid/92277" }, { "reference_url": "https://security.gentoo.org/glsa/201701-05", "reference_id": "GLSA-201701-05", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:45:35Z/" } ], "url": "https://security.gentoo.org/glsa/201701-05" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71", "reference_id": "?id=150dc7a2b483b8338a3e185c478b4b23ee884e71", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:45:35Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585052?format=api", "purl": "pkg:deb/debian/busybox@1:1.27.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.27.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-6301" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1186-afu9-nuhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83011?format=api", "vulnerability_id": "VCID-1drx-383s-uqb7", "summary": "busybox: Out of bounds read in udhcp components resulting in information disclosure", "references": [ { "reference_url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:25:21Z/" } ], "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20679.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20679.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20679", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11964", "scoring_system": "epss", "scoring_elements": "0.9376", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11964", "scoring_system": "epss", "scoring_elements": "0.93722", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11964", "scoring_system": "epss", "scoring_elements": "0.93731", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11964", "scoring_system": "epss", "scoring_elements": "0.93741", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.11964", "scoring_system": "epss", "scoring_elements": "0.93744", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11964", "scoring_system": "epss", "scoring_elements": "0.93753", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11964", "scoring_system": "epss", "scoring_elements": "0.93756", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11964", "scoring_system": "epss", "scoring_elements": "0.93761", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20679" }, { "reference_url": "https://bugs.busybox.net/show_bug.cgi?id=11506", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:25:21Z/" } ], "url": "https://bugs.busybox.net/show_bug.cgi?id=11506" }, { "reference_url": "https://busybox.net/news.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:25:21Z/" } ], "url": "https://busybox.net/news.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20679" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Sep/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:25:21Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Sep/7" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:25:21Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:25:21Z/" } ], "url": "https://seclists.org/bugtraq/2019/Sep/7" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666667", "reference_id": "1666667", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666667" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918846", "reference_id": "918846", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918846" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20679", "reference_id": "CVE-2018-20679", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20679" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:25:21Z/" } ], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584110?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20679" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1drx-383s-uqb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79549?format=api", "vulnerability_id": "VCID-2kxn-4rm6-nfh2", "summary": "busybox: remote attackers may execute arbitrary code if netstat is used", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28391.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28391.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28391", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02386", "scoring_system": "epss", "scoring_elements": "0.84947", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02386", "scoring_system": "epss", "scoring_elements": "0.85009", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02386", "scoring_system": "epss", "scoring_elements": "0.84964", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02386", "scoring_system": "epss", "scoring_elements": "0.84968", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02386", "scoring_system": "epss", "scoring_elements": "0.84991", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02386", "scoring_system": "epss", "scoring_elements": "0.84998", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02386", "scoring_system": "epss", "scoring_elements": "0.85014", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02386", "scoring_system": "epss", "scoring_elements": "0.85013", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28391" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch", "reference_id": "0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:32:28Z/" } ], "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" }, { "reference_url": "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch", "reference_id": "0002-nslookup-sanitize-all-printed-strings-with-printable.patch", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:32:28Z/" } ], "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" }, { "reference_url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661", "reference_id": "13661", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:32:28Z/" } ], "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080958", "reference_id": "2080958", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080958" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584570?format=api", "purl": "pkg:deb/debian/busybox@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-28391" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2kxn-4rm6-nfh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58887?format=api", "vulnerability_id": "VCID-3gvz-zyd7-pfh5", "summary": "Multiple vulnerabilities have been found in BusyBox, allowing\n remote attackers to execute arbitrary code or cause a Denial of Service\n condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1813.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1813.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26034", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26118", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26159", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.25927", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.25995", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26046", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26056", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.2601", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.25951", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1813" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965", "reference_id": "701965", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=919608", "reference_id": "919608", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919608" }, { "reference_url": "https://security.gentoo.org/glsa/201312-02", "reference_id": "GLSA-201312-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201312-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1732", "reference_id": "RHSA-2013:1732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1732" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585100?format=api", "purl": "pkg:deb/debian/busybox@1:1.20.0-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.20.0-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1813" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gvz-zyd7-pfh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58886?format=api", "vulnerability_id": "VCID-41a2-4ukm-pbfk", "summary": "Multiple vulnerabilities have been found in BusyBox, allowing\n remote attackers to execute arbitrary code or cause a Denial of Service\n condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2716.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2716.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2716", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72112", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72118", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72138", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72116", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72153", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72165", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72187", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72171", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72158", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2716" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2716", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2716" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635548", "reference_id": "635548", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635548" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=725364", "reference_id": "725364", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=725364" }, { "reference_url": "https://security.gentoo.org/glsa/201312-02", "reference_id": "GLSA-201312-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201312-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0308", "reference_id": "RHSA-2012:0308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0810", "reference_id": "RHSA-2012:0810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0810" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585462?format=api", "purl": "pkg:deb/debian/busybox@1:1.20.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.20.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-2716" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-41a2-4ukm-pbfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82888?format=api", "vulnerability_id": "VCID-4asq-bb6w-1bf2", "summary": "busybox: Out of bounds read in udhcp components resulting in information disclosure", "references": [ { "reference_url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:27:45Z/" } ], "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5747.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5747.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5747", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.5882", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58717", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58791", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58812", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58781", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58833", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58839", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.58857", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.5884", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5747" }, { "reference_url": "https://bugs.busybox.net/show_bug.cgi?id=11506", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:27:45Z/" } ], "url": "https://bugs.busybox.net/show_bug.cgi?id=11506" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5747" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Sep/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:27:45Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Sep/7" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:27:45Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:27:45Z/" } ], "url": "https://seclists.org/bugtraq/2019/Sep/7" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667067", "reference_id": "1667067", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667067" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5747", "reference_id": "CVE-2019-5747", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5747" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:27:45Z/" } ], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583521?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-5747" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4asq-bb6w-1bf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40694?format=api", "vulnerability_id": "VCID-4muk-rhx5-yqeu", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42386.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42386.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42386", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52565", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52665", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52608", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52601", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52652", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52647", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52697", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52681", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023938", "reference_id": "2023938", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023938" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583312?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583313?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-42386" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4muk-rhx5-yqeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40693?format=api", "vulnerability_id": "VCID-4qpt-mxfy-6bh6", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42385.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42385.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42385", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52565", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52665", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52608", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52601", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52652", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52647", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52697", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52681", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023936", "reference_id": "2023936", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023936" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583312?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583313?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-42385" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4qpt-mxfy-6bh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47304?format=api", "vulnerability_id": "VCID-5rmt-k48a-ubbg", "summary": "Multiple vulnerabilities have been found in BusyBox, the worst of\n which could allow remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15873.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15873.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15873", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33641", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33877", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33985", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.34016", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33871", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33913", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33945", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33943", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33901", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15873" }, { "reference_url": "https://bugs.busybox.net/show_bug.cgi?id=10431", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:26:38Z/" } ], "url": "https://bugs.busybox.net/show_bug.cgi?id=10431" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15873" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:26:38Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:26:38Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:26:38Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515249", "reference_id": "1515249", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515249" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879732", "reference_id": "879732", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879732" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:1.27.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:busybox:busybox:1.27.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:1.27.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15873", "reference_id": "CVE-2017-15873", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15873" }, { "reference_url": "https://security.gentoo.org/glsa/201803-12", "reference_id": "GLSA-201803-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-12" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:26:38Z/" } ], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582947?format=api", "purl": "pkg:deb/debian/busybox@1:1.27.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.27.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-15873" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5rmt-k48a-ubbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43809?format=api", "vulnerability_id": "VCID-674c-ab3f-a7av", "summary": "Multiple vulnerabilities have been found in BusyBox, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2147.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2147.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92215", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92222", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92228", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92231", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92242", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92246", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92251", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92252", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08286", "scoring_system": "epss", "scoring_elements": "0.92249", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2147" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316554", "reference_id": "1316554", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316554" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818499", "reference_id": "818499", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818499" }, { "reference_url": "https://security.gentoo.org/glsa/201612-04", "reference_id": "GLSA-201612-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-04" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585052?format=api", "purl": "pkg:deb/debian/busybox@1:1.27.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.27.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2147" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-674c-ab3f-a7av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40685?format=api", "vulnerability_id": "VCID-8r73-bpac-dubc", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42377.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42377.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86174", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86236", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86228", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86243", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.8624", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86184", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86197", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86198", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86217", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42377" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42377", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42377" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023895", "reference_id": "2023895", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023895" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583313?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-42377" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8r73-bpac-dubc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40683?format=api", "vulnerability_id": "VCID-92nk-cwc9-rkg4", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42375.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42375.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19135", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19076", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19269", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1932", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19035", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19115", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19168", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19175", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19128", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42375" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023888", "reference_id": "2023888", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023888" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583313?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-42375" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-92nk-cwc9-rkg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40692?format=api", "vulnerability_id": "VCID-9fex-zr2n-w3cb", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42384.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42384.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42384", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4647", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46535", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46507", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46476", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46531", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46555", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42384" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023933", "reference_id": "2023933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023933" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583312?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583313?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-42384" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9fex-zr2n-w3cb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85464?format=api", "vulnerability_id": "VCID-a4vx-45xg-zqej", "summary": "busybox: Segmentation fault when unzipping specially crafted zip file", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9261.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9261.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9261", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74226", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74178", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74183", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.7421", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74216", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74231", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74252", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74233", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9261" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9261", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9261" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276427", "reference_id": "1276427", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276427" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803097", "reference_id": "803097", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803097" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585052?format=api", "purl": "pkg:deb/debian/busybox@1:1.27.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.27.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-9261" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a4vx-45xg-zqej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83563?format=api", "vulnerability_id": "VCID-dkng-6ayt-h7fv", "summary": "busybox: wget: Heap-based buffer overflow in the retrieve_file_data() function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000517.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000517.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13702", "scoring_system": "epss", "scoring_elements": "0.94221", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.16054", "scoring_system": "epss", "scoring_elements": "0.94785", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.16054", "scoring_system": "epss", "scoring_elements": "0.94758", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.16054", "scoring_system": "epss", "scoring_elements": "0.94762", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.16054", "scoring_system": "epss", "scoring_elements": "0.94763", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.16054", "scoring_system": "epss", "scoring_elements": "0.94772", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.16054", "scoring_system": "epss", "scoring_elements": "0.94777", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.16054", "scoring_system": "epss", "scoring_elements": "0.9478", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.16054", "scoring_system": "epss", "scoring_elements": "0.94784", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:36:05Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:36:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:36:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595595", "reference_id": "1595595", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595595" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902724", "reference_id": "902724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000517", "reference_id": "CVE-2018-1000517", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000517" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:36:05Z/" } ], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586893?format=api", "purl": "pkg:deb/debian/busybox@1:1.27.2-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.27.2-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-1000517" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dkng-6ayt-h7fv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47306?format=api", "vulnerability_id": "VCID-dktd-xqjr-h7h1", "summary": "Multiple vulnerabilities have been found in BusyBox, the worst of\n which could allow remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16544.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16544.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16544", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87216", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87206", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87232", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87229", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87249", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87256", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87268", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87263", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87258", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Mar/15", "reference_id": "15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2020/Mar/15" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515713", "reference_id": "1515713", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515713" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Aug/20", "reference_id": "20", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2020/Aug/20" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Aug/21", "reference_id": "21", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2021/Aug/21" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Jan/39", "reference_id": "39", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2021/Jan/39" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Sep/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2020/Sep/6" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882258", "reference_id": "882258", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882258" }, { "reference_url": "https://security.archlinux.org/ASA-201803-1", "reference_id": "ASA-201803-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-1" }, { "reference_url": "https://security.archlinux.org/ASA-201803-2", "reference_id": "ASA-201803-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-2" }, { "reference_url": "https://security.archlinux.org/AVG-512", "reference_id": "AVG-512", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-512" }, { "reference_url": "https://security.archlinux.org/AVG-514", "reference_id": "AVG-514", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-514" }, { "reference_url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/", "reference_id": "cve-2017-16544-busybox-autocompletion-vulnerability", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/" }, { "reference_url": "https://security.gentoo.org/glsa/201803-12", "reference_id": "GLSA-201803-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-12" }, { "reference_url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01", "reference_id": "icsa-20-240-01", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8", "reference_id": "?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582947?format=api", "purl": "pkg:deb/debian/busybox@1:1.27.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.27.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-16544" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dktd-xqjr-h7h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40688?format=api", "vulnerability_id": "VCID-dse8-esmh-3ygm", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42380.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42380.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63716", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63676", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63728", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63745", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63759", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64309", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64251", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023912", "reference_id": "2023912", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023912" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583312?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583313?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-42380" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dse8-esmh-3ygm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47305?format=api", "vulnerability_id": "VCID-g587-5fx5-5uew", "summary": "Multiple vulnerabilities have been found in BusyBox, the worst of\n which could allow remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15874.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15874.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15874", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51276", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51374", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51328", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51355", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51314", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51368", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51409", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51388", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15874" }, { "reference_url": "https://bugs.busybox.net/show_bug.cgi?id=10436", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:23:46Z/" } ], "url": "https://bugs.busybox.net/show_bug.cgi?id=10436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15874", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15874" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515286", "reference_id": "1515286", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515286" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879732", "reference_id": "879732", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879732" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:1.27.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:busybox:busybox:1.27.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:busybox:busybox:1.27.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15874", "reference_id": "CVE-2017-15874", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15874" }, { "reference_url": "https://security.gentoo.org/glsa/201803-12", "reference_id": "GLSA-201803-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582947?format=api", "purl": "pkg:deb/debian/busybox@1:1.27.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.27.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-15874" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g587-5fx5-5uew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88935?format=api", "vulnerability_id": "VCID-gaff-7x2r-2qaf", "summary": "security flaw", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-1058.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-1058.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13877", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13959", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14015", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13817", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.139", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13952", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1391", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13873", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13825", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1058" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618027", "reference_id": "1618027", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618027" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360578", "reference_id": "360578", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360578" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0244", "reference_id": "RHSA-2007:0244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0244" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584727?format=api", "purl": "pkg:deb/debian/busybox@1:1.1.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.1.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2006-1058" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gaff-7x2r-2qaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40687?format=api", "vulnerability_id": "VCID-gdfa-8gar-47gd", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42379.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42379.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4647", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46535", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46507", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46476", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46531", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46555", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42379" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023904", "reference_id": "2023904", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023904" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583312?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583313?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-42379" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdfa-8gar-47gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/116378?format=api", "vulnerability_id": "VCID-gr6n-rhdb-bfh9", "summary": "Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded \"%2e%2e/\" sequences in the URI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-5050", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51235", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51287", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51312", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51271", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51323", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51366", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51345", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51331", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-5050" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584570?format=api", "purl": "pkg:deb/debian/busybox@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2006-5050" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gr6n-rhdb-bfh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40686?format=api", "vulnerability_id": "VCID-jjxj-yf1x-4qg5", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42378.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42378.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4647", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46535", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46507", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46476", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46531", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46555", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023900", "reference_id": "2023900", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023900" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583312?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583313?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-42378" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjxj-yf1x-4qg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40690?format=api", "vulnerability_id": "VCID-mdmz-hjvu-hke3", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42382.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42382.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42382", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.54992", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55117", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55094", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55093", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55143", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55155", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55135", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42382" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023929", "reference_id": "2023929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023929" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583312?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583313?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-42382" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mdmz-hjvu-hke3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85482?format=api", "vulnerability_id": "VCID-nthm-4fpy-zfev", "summary": "busybox: Path traversal via crafted tar file containing symlink", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5325.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5325.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-5325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.88051", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.87992", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.88002", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.88016", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.88021", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.8804", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.88047", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.88057", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03772", "scoring_system": "epss", "scoring_elements": "0.8805", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-5325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5325" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274215", "reference_id": "1274215", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274215" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802702", "reference_id": "802702", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802702" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585052?format=api", "purl": "pkg:deb/debian/busybox@1:1.27.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.27.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-5325" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nthm-4fpy-zfev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51110?format=api", "vulnerability_id": "VCID-qrs2-dwcr-cfam", "summary": "Multiple vulnerabilities have been found in BusyBox, allowing\n context dependent attackers to load arbitrary kernel modules, execute\n arbitrary files, or cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4607.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4607.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4607", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.93133", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.93142", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.93146", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.93144", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.93153", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.93157", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.93163", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.9316", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10271", "scoring_system": "epss", "scoring_elements": "0.93161", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4607" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112418", "reference_id": "1112418", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112418" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752861", "reference_id": "752861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752861" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768945", "reference_id": "768945", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768945" }, { "reference_url": "https://security.gentoo.org/glsa/201503-13", "reference_id": "GLSA-201503-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-13" }, { "reference_url": "https://security.gentoo.org/glsa/201701-14", "reference_id": "GLSA-201701-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0861", "reference_id": "RHSA-2014:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0861" }, { "reference_url": "https://usn.ubuntu.com/2300-1/", "reference_id": "USN-2300-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2300-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583648?format=api", "purl": "pkg:deb/debian/busybox@1:1.22.0-10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.22.0-10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-4607" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qrs2-dwcr-cfam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40689?format=api", "vulnerability_id": "VCID-r12h-q1dj-a7b8", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42381.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42381.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.54992", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55117", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55094", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55093", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55143", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55155", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55135", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023927", "reference_id": "2023927", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023927" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583312?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583313?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-42381" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r12h-q1dj-a7b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40681?format=api", "vulnerability_id": "VCID-rp81-5jrg-jkht", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42373.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42373.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42373", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2428", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24249", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24331", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24349", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24306", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24407", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24439", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24222", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24288", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42373" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023876", "reference_id": "2023876", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023876" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583313?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-42373" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rp81-5jrg-jkht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51112?format=api", "vulnerability_id": "VCID-rsbc-rpd9-t3hz", "summary": "Multiple vulnerabilities have been found in BusyBox, allowing\n context dependent attackers to load arbitrary kernel modules, execute\n arbitrary files, or cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9645.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9645.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9645", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59014", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.5909", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59113", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59077", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59128", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59131", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59149", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59132", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9645" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185707", "reference_id": "1185707", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185707" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776186", "reference_id": "776186", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776186" }, { "reference_url": "https://security.gentoo.org/glsa/201503-13", "reference_id": "GLSA-201503-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-13" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585539?format=api", "purl": "pkg:deb/debian/busybox@1:1.22.0-15?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.22.0-15%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9645" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rsbc-rpd9-t3hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40691?format=api", "vulnerability_id": "VCID-svyb-nqje-dbcs", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42383.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42383.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42383", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52144", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5225", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52188", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52215", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5218", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52233", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52229", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5228", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52264", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42383" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023931", "reference_id": "2023931", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023931" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583313?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-42383" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-svyb-nqje-dbcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40682?format=api", "vulnerability_id": "VCID-tkat-gfks-kqg9", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42374.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42374.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20042", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20022", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20189", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20244", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19969", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20049", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20107", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20126", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.2008", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023881", "reference_id": "2023881", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023881" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583312?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583313?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-42374" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tkat-gfks-kqg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40684?format=api", "vulnerability_id": "VCID-vjyq-6k64-7fat", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42376.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42376.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13819", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13766", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13893", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13851", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13815", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13902", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13958", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1376", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13843", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42376" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023891", "reference_id": "2023891", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023891" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583313?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-42376" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vjyq-6k64-7fat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57806?format=api", "vulnerability_id": "VCID-vm8g-v83d-mbfm", "summary": "This GLSA contains notification of vulnerabilities found in several\n Gentoo packages which have been fixed prior to January 1, 2011. The worst\n of these vulnerabilities could lead to local privilege escalation and\n remote code execution. Please see the package list and CVE identifiers\n below for more information.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0001.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0001.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.22601", "scoring_system": "epss", "scoring_elements": "0.95813", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.22601", "scoring_system": "epss", "scoring_elements": "0.95822", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.22601", "scoring_system": "epss", "scoring_elements": "0.9583", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.22601", "scoring_system": "epss", "scoring_elements": "0.95832", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.22601", "scoring_system": "epss", "scoring_elements": "0.95841", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.22601", "scoring_system": "epss", "scoring_elements": "0.95845", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.22601", "scoring_system": "epss", "scoring_elements": "0.95848", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.22601", "scoring_system": "epss", "scoring_elements": "0.95849", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0001" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=554418", "reference_id": "554418", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554418" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566002", "reference_id": "566002", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566002" }, { "reference_url": "https://security.gentoo.org/glsa/201412-08", "reference_id": "GLSA-201412-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0061", "reference_id": "RHSA-2010:0061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0061" }, { "reference_url": "https://usn.ubuntu.com/889-1/", "reference_id": "USN-889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584570?format=api", "purl": "pkg:deb/debian/busybox@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-0001" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vm8g-v83d-mbfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39478?format=api", "vulnerability_id": "VCID-vpmv-afzs-tffj", "summary": "A vulnerability in BusyBox might allow remote attackers to cause a\n Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28831.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28831.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77155", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77217", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77191", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77173", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77205", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77241", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.7722", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941028", "reference_id": "1941028", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941028" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/", "reference_id": "3UDQGJRECXFS5EZVDH2OI45FMO436AC4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985674", "reference_id": "985674", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985674" }, { "reference_url": "https://security.archlinux.org/ASA-202103-11", "reference_id": "ASA-202103-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202103-11" }, { "reference_url": "https://security.archlinux.org/ASA-202103-12", "reference_id": "ASA-202103-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202103-12" }, { "reference_url": "https://security.archlinux.org/AVG-1707", "reference_id": "AVG-1707", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1707" }, { "reference_url": "https://security.archlinux.org/AVG-1708", "reference_id": "AVG-1708", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1708" }, { "reference_url": "https://security.gentoo.org/glsa/202105-09", "reference_id": "GLSA-202105-09", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://security.gentoo.org/glsa/202105-09" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd", "reference_id": "?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html", "reference_id": "msg00001.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" }, { "reference_url": "https://usn.ubuntu.com/5179-2/", "reference_id": "USN-5179-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-2/" }, { "reference_url": "https://usn.ubuntu.com/6335-1/", "reference_id": "USN-6335-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6335-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/", "reference_id": "Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/", "reference_id": "ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583312?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583313?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-28831" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vpmv-afzs-tffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43811?format=api", "vulnerability_id": "VCID-z13y-nsuu-ckfq", "summary": "Multiple vulnerabilities have been found in BusyBox, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2148.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2148.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.94744", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.94708", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.94716", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.9472", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.94722", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.94731", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.94735", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.9474", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.15842", "scoring_system": "epss", "scoring_elements": "0.94743", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2148" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2148", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2148" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316556", "reference_id": "1316556", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316556" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818497", "reference_id": "818497", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818497" }, { "reference_url": "https://security.gentoo.org/glsa/201612-04", "reference_id": "GLSA-201612-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-04" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585052?format=api", "purl": "pkg:deb/debian/busybox@1:1.27.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.27.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582948?format=api", "purl": "pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-8r73-bpac-dubc" }, { "vulnerability": "VCID-92nk-cwc9-rkg4" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-rp81-5jrg-jkht" }, { "vulnerability": "VCID-svyb-nqje-dbcs" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-vjyq-6k64-7fat" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582949?format=api", "purl": "pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-9s28-b1gj-uqaj" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-syfd-zx16-n3gy" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-v6td-yjyg-rub4" }, { "vulnerability": "VCID-xjbx-z3d5-5bad" }, { "vulnerability": "VCID-y9hd-5med-67c4" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582950?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8844-hdkd-yyc7" }, { "vulnerability": "VCID-fugr-ve7z-efdb" }, { "vulnerability": "VCID-g5t1-3tab-uuf9" }, { "vulnerability": "VCID-jjqh-pw7r-buau" }, { "vulnerability": "VCID-n1u3-njfx-vfcp" }, { "vulnerability": "VCID-t62w-rrsb-vqgy" }, { "vulnerability": "VCID-ytff-pgz4-tub2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582951?format=api", "purl": "pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2148" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z13y-nsuu-ckfq" } ], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie" }