Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.

...

VulnCheck KEV: CVE-2023-50919

An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR30...

Linux Distros Unpatched Vulnerability : CVE-2020-11722

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dungeon Crawl Stone Soup aka DCSS or crawl before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file...

Linux Distros Unpatched Vulnerability : CVE-2021-37601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information list of admins, members, owners, and banned entities of a...

Linux Distros Unpatched Vulnerability : CVE-2018-1999023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code executio...

Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model

Cybersecurity company ESET has disclosed that it discovered an artificial intelligence AI-powered ransomware variant codenamed PromptLock. Written in Golang, the newly identified strain uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts in real-tim...

Linux Distros Unpatched Vulnerability : CVE-2021-32918

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service DoS attacks via memory exhaustion...

Linux Distros Unpatched Vulnerability : CVE-2021-32921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or...

Linux Distros Unpatched Vulnerability : CVE-2017-18265

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prosody before 0.10.0 allows remote attackers to cause a denial of service application crash, related to an incompatibility with certain versions of the LuaSock...

Linux Distros Unpatched Vulnerability : CVE-2023-4540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service DoS attack to be...

[SECURITY] Fedora 42 Update: pandoc-3.1.11.1-33.fc42

Pandoc is a Haskell library for converting from one markup format to another. The formats it can handle include - light markup formats many variants of Markdown, reStructuredText, AsciiDoc, Org-mode, Muse, Textile, txt2tags - HTML formats HTML 4 and 5 - Ebook formats EPUB v2 and v3, FB2 -...

Linux Distros Unpatched Vulnerability : CVE-2019-3806

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some...

Linux Distros Unpatched Vulnerability : CVE-2022-24834

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and...

Fedora 43 : lua-http (2025-0db06733a2)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-0db06733a2 advisory. Automatic update for lua-http-0.3-17.fc43. Changelog Mon May 26 2025 Jakub Ruika - 0.3-17 - Fix CVE-2023-4540 rhbz2237419 Tenable has extracted the preceding...

Linux Distros Unpatched Vulnerability : CVE-2024-25177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...

CVE-2025-22470

CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...

Linux Distros Unpatched Vulnerability : CVE-2024-46981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage...

CVE-2025-22470

CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...

CVE-2025-22470

CVE-2025-22470 affects SATO CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with firmware versions prior to 1.15.5-r1. The vulnerability arises from the ability to upload crafted dangerous files, enabling an arbitrary Lua script to execute on the target system with root privileges. Public reference...

CVE-2025-22470

CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...