Lucene search
K

59 matches found

CNNVD
CNNVD
added 2025/07/31 12:0 a.m.4 views

MB connect line mbNET 安全漏洞

MB Connect Line mbNET is an industrial router from MB Connect Line, Germany. A security vulnerability exists in MB connect line mbNET HW1 and mbNET/mbNET.rokey, which stems from an undocumented method of bypassing the LUA sandbox and could lead to the execution of arbitrary OS commands...

7.2CVSS7AI score0.0064EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.6 views

PT-2025-31501 · Helmholz +1 · Rex 200/250 +3

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox. This issue ha...

7.2CVSS6.9AI score0.0064EPSS
Exploits0References12
F5 Networks
F5 Networks
added 2023/09/04 5:30 a.m.37 views

K000136079: Redis vulnerability CVE-2022-0543

Security Advisory Description It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution. CVE-2022-0543 Impact There is no impact; F5 products are not affected by this...

10CVSS9.3AI score0.9967EPSS
Exploits8
The Hacker News
The Hacker News
added 2023/07/31 1:38 p.m.57 views

New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods

The P2PInfect peer-to-peer P2 worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security...

10CVSS9.1AI score0.9967EPSS
Exploits8
The Hacker News
The Hacker News
added 2023/07/20 6:12 a.m.116 views

New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems

Cybersecurity researchers have uncovered a new cloud targeting, peer-to-peer P2P worm called P2PInfect that targets vulnerable Redis instances for follow-on exploitation. "P2PInfect exploits Redis servers running on both Linux and Windows Operating Systems making it more scalable and potent than...

10CVSS9.1AI score0.9967EPSS
Exploits8
SUSE CVE
SUSE CVE
added 2023/02/15 3:35 a.m.5 views

SUSE CVE-2022-0543

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution...

10CVSS9.3AI score0.9967EPSS
Exploits8References3
GithubExploit
GithubExploit
added 2022/09/01 4:44 p.m.600 views

Exploit for Missing Authorization in Redis

CVE-2022-0543 Fully featured exploit for Redis RCE through Lua...

10CVSS10AI score0.9967EPSS
Exploits8
Vulnrichment
Vulnrichment
added 2022/08/15 7:5 p.m.7 views

CVE-2022-35978 Lua sandbox escape from mod in Minetest

Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs i...

7.7CVSS9.4AI score0.02195EPSS
Exploits0References3
Metasploit
Metasploit
added 2022/04/28 5:42 p.m.377 views

Redis Lua Sandbox Escape

This module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries. On...

10CVSS9.1AI score0.9967EPSS
Exploits8
0day.today
0day.today
added 2022/04/27 12:0 a.m.760 views

Redis Lua Sandbox Escape Exploit

This Metasploit module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary...

10CVSS9.9AI score0.9967EPSS
Exploits8
The Hacker News
The Hacker News
added 2022/03/28 6:59 a.m.317 views

Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability

Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system. The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data...

10CVSS1.9AI score0.99999EPSS
Exploits521
VulnCheck KEV
VulnCheck KEV
added 2022/03/24 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-0543

Redis is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution...

10CVSS7.6AI score0.9967EPSS
Exploits8References1
Ubuntu
Ubuntu
added 2022/03/08 3:54 a.m.345 views

USN-5316-1: Redis vulnerability

Reginaldo Silva discovered that due to a packaging issue, a remote attacker with the ability to execute arbitrary Lua scripts could possibly escape the Lua sandbox and execute arbitrary code on the host...

10CVSS9.1AI score0.9967EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2022/03/08 12:0 a.m.197 views

Ubuntu 20.04 LTS : Redis vulnerability (USN-5316-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5316-1 advisory. Reginaldo Silva discovered that due to a packaging issue, a remote attacker with the ability to execute arbitrary Lua scripts could possibly escape the Lua sandbo...

10CVSS9.1AI score0.9967EPSS
Exploits8References2
NCSC
NCSC
added 2022/02/22 12:0 a.m.4 views

Vulnerability fixed in redis

A vulnerability has been fixed in the redis packages for Debian. The vulnerability allows a remote malicious person to execute execute arbitrary commands on the underlying system. This vulnerability affects only Debian packages for redis, due to a bug in the Debian specific configuration for the...

10CVSS6.8AI score0.9967EPSS
Exploits8
OpenVAS
OpenVAS
added 2022/02/22 12:0 a.m.21 views

Debian: Security Advisory (DSA-5081-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.8AI score0.9967EPSS
Exploits8References6
Tenable Nessus
Tenable Nessus
added 2022/02/21 12:0 a.m.47 views

Debian DSA-5081-1 : redis - security update

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5081 advisory. - It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in...

10CVSS9AI score0.9967EPSS
Exploits8References7
Veracode
Veracode
added 2022/02/20 2:24 p.m.88 views

Remote Code Execution

redis is vulnerable to remote code execution. A persistent key-value database is prone to a Debian-specific Lua sandbox escape due to a packaging issue allows an attacker to upload and execute malicious code on the targeted system...

10CVSS6.1AI score0.9967EPSS
Exploits8References7Affected Software1
OSV
OSV
added 2022/02/18 8:15 p.m.2 views

DEBIAN-CVE-2022-0543

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution...

10CVSS9.1AI score0.9967EPSS
Exploits8References1
OSV
OSV
added 2022/02/18 8:15 p.m.13 views

CVE-2022-0543

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution...

10CVSS9.9AI score0.9967EPSS
Exploits8References7
Rows per page
Query Builder