CVE-2024-39840

Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects...

CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

CVE-2024-36513

A privilege context switching error vulnerability CWE-270 in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts...

CVE-2023-34849

An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1...

CVE-2023-21404

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data...

CVE-2023-1143

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code...

CVE-2023-27224

An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file...

CVE-2020-9470

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and sessionadmin directories, which expose active session cookies within the Wing FTP HTTP interface and administrati...

CVE-2020-11724

An issue was discovered in OpenResty before 1.15.8.4. ngxhttpluasubrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API...

CVE-2020-9433

opensslx509checkemail in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses luapushboolean for certain non-boolean return values...

CVE-2020-9432

opensslx509checkhost in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses luapushboolean for certain non-boolean return values...

CVE-2020-9434

opensslx509checkipasc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses luapushboolean for certain non-boolean return values...

CVE-2020-11966

In IQrouter through 3.3.1, the Lua function resetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...

CVE-2020-36661

A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function isheader of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this...

nodejs:22 security update

nodejs 1:22.15.0-1 - Update to 22.15.0 - Drop upstream patches Resolves: RHEL-87319 RHEL-86586 1:22.13.1-4 - Patch fix for sqlite CVE-2025-31498 Resolves: RHEL-87319 1:22.13.1-3 - Update c-ares to newest version with fix for CVE-2025-31498 Resolves: RHEL-86586 1:22.13.1-2 - Remove obsolete lua...

Huawei EulerOS: Security Advisory for lua (EulerOS-SA-2025-1548)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for lua (EulerOS-SA-2025-1563)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.12.0 : lua (EulerOS-SA-2025-1563)

According to the versions of the lua package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by...

EulerOS Virtualization 2.12.1 : lua (EulerOS-SA-2025-1548)

According to the versions of the lua package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by...

Alibaba Cloud Linux 3 : 0157: redis:6 (ALINUX3-SA-2023:0157)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0157 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-29477: Redis is an open source BS...