AZL-68661 CVE-2025-46817 affecting package compat-lua 5.1.5-17

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting...

Redis 输入验证错误漏洞

Redis is an open source, ANSI C, web-enabled, memory-based and persistent logging, key-value Key-Value storage database from Redis, Inc. and provides APIs in multiple languages. An input validation error vulnerability exists in Redis 8.2.1 and earlier versions, which stems from a specially crafte...

Redis 输入验证错误漏洞

Redis is an open source, ANSI C, web-enabled, memory-based and persistent logging, key-value Key-Value storage database from Redis, Inc. that provides APIs in multiple languages. An input validation error vulnerability exists in Redis 8.2.1 and earlier versions, which stems from a specially craft...

Redis 资源管理错误漏洞

Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis, Inc. and provides APIs in multiple languages. A resource management error vulnerability exists in Redis 8.2.1 and earlier versions, which stems from a specially...

CVE-2025-22470

CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...

CVE-2025-22470

CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...

CVE-2025-22470

CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...

CVE-2025-22470

CVE-2025-22470 affects SATO CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with firmware versions prior to 1.15.5-r1. The vulnerability arises from the ability to upload crafted dangerous files, enabling an arbitrary Lua script to execute on the target system with root privileges. Public reference...

CVE-2025-22470

CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...

Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series

Overview Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series provided by SATO Corporation contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-22469 Unrestricted upload of file with dangerous type CWE-434 - CVE-2025-22470 MASAHIRO IIDA of LAC Co., Ltd...

SATO CL4/6NX Plus和SATO CL4/6NX-J Plus 代码问题漏洞

SATO CL4/6NX Plus and SATO CL4/6NX-J Plus are both series of smart industrial label printers from SATO Japan. A code issue vulnerability exists in the SATO CL4/6NX Plus and SATO CL4/6NX-J Plus versions prior to 1.15.5-r1, which stems from the fact that uploading a specially crafted hazardous file...

PT-2025-32149 · Unknown · Cl4/6Nx-J Plus +1

Name of the Vulnerable Software and Affected Versions: CL4/6NX Plus versions prior to 1.15.5-r1 CL4/6NX-J Plus Japan model versions prior to 1.15.5-r1 Description: The CL4/6NX Plus and CL4/6NX-J Plus devices are susceptible to arbitrary Lua script execution. This occurs due to the ability to uplo...

CLSA-2025-1752089153 redis: Fix of CVE-2024-31449

CVE-2024-31449: fix stack buffer overflow in bit library triggered by Lua script execution...

CVE-2023-27224

An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file...

nodejs:22 security update

nodejs 1:22.15.0-1 - Update to 22.15.0 - Drop upstream patches Resolves: RHEL-87319 RHEL-86586 1:22.13.1-4 - Patch fix for sqlite CVE-2025-31498 Resolves: RHEL-87319 1:22.13.1-3 - Update c-ares to newest version with fix for CVE-2025-31498 Resolves: RHEL-86586 1:22.13.1-2 - Remove obsolete lua...

CVE-2025-3249

A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apclicancelwps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The explo...

Linux Distros Unpatched Vulnerability : CVE-2022-35978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua...

Linux Distros Unpatched Vulnerability : CVE-2022-24735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior t...

ROS-20250203-12

A vulnerability in the ldebug.c component of the Lua script interpreter involves an integer loss of significance. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20250203-11

A vulnerability in the luaupvaluejoin function lapi.c of the Lua script interpreter is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service Vulnerability in the luaresume ldo.c component of the Lua...