229 matches found
DEBIAN-CVE-2022-29404
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...
CVE-2022-29404
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...
ALPINE-CVE-2022-29404
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...
Design/Logic Flaw
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...
UBUNTU-CVE-2022-29404
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...
CVE-2022-29404
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...
CVE-2022-29404
CVE-2022-29404 affects Apache HTTP Server 2.4.53 and earlier. The vulnerability lies in the mod_lua code path: a malicious request to a Lua script calling r:parsebody(0) can cause a denial of service due to no default input size limit. Impact is DoS (availability) with network exposure; no data c...
CVE-2022-29404
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...
CVE-2022-29404
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...
SUSE SLES15 Security Update : redis (SUSE-SU-2022:1929-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1929-1 advisory. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attack...
Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root Exploit
Schneider Electric C-Bus Automation Controller 5500SHAC version 1.10 suffers from an authenticated arbitrary command execution vulnerability. An attacker can abuse the Start-up init script editor and exploit the script POST parameter to insert malicious Lua script code and execute commands with...
Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root
!/usr/bin/env python3 -- coding: utf-8 -- Schneider Electric C-Bus Automation Controller 5500SHAC 1.10 Remote Root Exploit Vendor: Schneider Electric SE Product web page: https://www.se.com | https://www.clipsal.com Product details: -...
Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root Exploit
Summary The C-Bus Network Automation Controller 5500NAC and the Wiser for C-Bus Automation Controller 5500SHAC is an advanced controller from Schneider Electric. It is specifically designed to unite the C-Bus home automation solution with common household communication protocols, from lighting an...
SUSE SLES15 Security Update : redis (SUSE-SU-2022:1842-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1842-1 advisory. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attack...
A Malformed Lua script can crash Redis
...
Denial Of Service (DoS)
Redis is vulnerable to denial of service. An attacker can load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process...
CVE-2022-24736
A flaw was found in the Redis database when a malformed Lua script can cause a NULL pointer dereference. This flaw allows an attacker to load a crafting script, which results in a crash of the redis-server process. Mitigation If Lua scripting is not being used, this vulnerability can be mitigated...
Redis Injection Vulnerability
Redis Labs Redis is the United States Redis Labs, Inc. of a set of open-source use of ANSI C written to support the network , can be based on the memory can also be a persistent log-type , key-value Key-Value storage database , and provides a variety of languages API. An injection vulnerability...
FreeBSD : redis -- Multiple vulnerabilities (cc42db1c-c65f-11ec-ad96-0800270512f4)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the cc42db1c-c65f-11ec-ad96-0800270512f4 advisory. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua...
Unspecified Vulnerability in Redis
Redis Labs Redis is the United States Redis Labs, Inc. of a set of open-source use of ANSI C written to support the network , can be based on the memory can also be a persistent log-type , key-value Key-Value storage database , and provides a variety of languages API. A security vulnerability...