BIT-APACHE-2022-28615 Read beyond bounds in ap_strcmp_match()

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

The vulnerabilities of microprogrammed software in routers such as GL-A1300, GL-AX1800, GL-AXT1800, GL-MT3000, GL-MT2500, GL-MT6000, GL-MT1300, GL-MT300N-V2, GL-AR750S, GL-AR750, GL-AR300M, and GL-B1300 allow attackers to bypass authentication procedures and gain unauthorized access to protected information.

The vulnerability of microprogrammed software in routers such as GL-A1300, GL-AX1800, GL-AXT1800, GL-MT3000, GL-MT2500, GL-MT6000, GL-MT1300, GL-MT300N-V2, GL-AR750S, GL-AR750, GL-AR300M, and GL-B1300 is related to deficiencies in authentication procedures when processing lua scripts. Exploiting...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Redis vulnerabilities (USN-5221-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5221-1 advisory. It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. A remote attacker could possibly use this...

Important: redis

Issue Overview: A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and...

Low: redis

Issue Overview: A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user. CVE-2022-24735 A flaw was found in the Red...

Important: redis6

Issue Overview: A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and...

Unspecified Vulnerability in Delta Electronics InfraSuite Device Master

Delta Electronics InfraSuite Device Master is Delta Electronics' device for simplifying and automating critical equipment monitoring. A security vulnerability exists in Delta Electronics InfraSuite Device Master versions prior to 1.0.5, which can be exploited by an attacker to remotely execute...

CVE-2023-1143

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code...

CVE-2023-1143

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code...

Code injection

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code...

CVE-2023-1143

Delta Electronics InfraSuite Device Master (versions prior to 1.0.5) is affected by a Lua script deserialization/remote code execution vulnerability. The issue stems from Lua scripting support in the device, allowing an unauthenticated or minimally authenticated attacker to remotely execute arbit...

CVE-2023-1143 CVE-2023-1143

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code...

CVE-2023-1143 CVE-2023-1143

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code...

PT-2023-2320 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master versions prior to 1.0.5 Description: The issue is related to errors in code generation, allowing an attacker to remotely execute arbitrary code by running Lua scripts. This could enable an attacker t...

The vulnerability of the microprogramming software of the input/output controller for controlling and monitoring the Control By Web X-600M, related to errors during code generation, allows a perpetrator to execute arbitrary code.

The vulnerability of the microprogramming software of the input/output controller for controlling and monitoring the Control By Web X-600M is related to errors during code generation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by running scripts written ...

CVE-2023-23551

Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code...

CVE-2023-23551

Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code...

Code injection

Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code...

CVE-2023-23551

CVE-2023-23551 affects Control By Web X-600M web-enabled industrial I/O controllers. The vulnerability arises from improper generation of code, allowing Lua-script execution that could let an attacker remotely execute arbitrary code via the network. Affected device: X-600M; root cause: code injec...

CVE-2023-23551 X-600M Code Injection

Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code...