Azure Linux 3.0 Security Update: lua / memcached / ntopng (CVE-2021-44647)

The version of lua / memcached / ntopng installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-44647 advisory. - Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function i...

Azure Linux 3.0 Security Update: lua / memcached / ntopng (CVE-2021-43519)

The version of lua / memcached / ntopng installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-43519 advisory. - Stack overflow in luaresume of ldo.c in Lua Interpreter 5.1.05.4.4 allows attackers to...

CVE-2025-25605

Totolink X5000R running 9.1.0u.6369_B20230113 is affected by a command-injection in mtkwifi.lua’s apcli_wps_gen_pincode function. Root cause: input handling in that Lua function allows arbitrary command execution. Impact: network-accessible, authenticated? The CVSS shows network attack, no user i...

PT-2025-7559 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: Totolink X5000R version 9.1.0u.6369 B20230113 Description: The issue concerns a command injection vulnerability via the vif disable function in mtkwifi.lua. Recommendations: For Totolink X5000R version 9.1.0u.6369 B20230113, as a temporary...

CVE-2025-25605

Totolink X5000R V9.1.0u.6369B20230113 is vulnerable to command injection via the apcliwpsgenpincode function in mtkwifi.lua...

CBL Mariner 2.0 Security Update: lua / memcached / ntopng (CVE-2021-43519)

The version of lua / memcached / ntopng installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-43519 advisory. - Stack overflow in luaresume of ldo.c in Lua Interpreter 5.1.05.4.4 allows attackers to...

CVE-2024-31714

Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows an attacker to cause a denial of service via the Lua library component...

RockyLinux 8 : redis:6 (RLSA-2025:0595)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:0595 advisory. redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service CVE-2023-22458 redis: Integer overflow in the Redi...

RLSA-2025:0595 Important: redis:6 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

CVE-2025-26361

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests...

CVE-2025-26355

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests...

PT-2025-7155 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to a missing authentication for a critical function in the maxprofile/setup/routes.lua file. This allows an unauthenticated remote attacker to disable front panel...

PT-2025-7150 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authentication for a critical function in maxprofile/setup/routes.lua, allowing an unauthenticated remote attacker to factory reset the device via crafted...

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/menu/routes.lua. An...

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/setup/routes.lua. An...

PT-2025-7136 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: A missing authentication issue for a critical function in maxprofile/menu/routes.lua allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests...

PT-2025-7137 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions prior to 2.11.0 Description: The issue is related to an improper neutralization of special elements used in an SQL command, also known as SQL Injection. This occurs in the maxprofile/menu/model.lua file, specifically a...

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that stems from a missing authorization in maxprofile/users/routes.lua. An attacker could exploit the vulnerability t...

PT-2025-7148 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to a missing authentication for a critical function in the maxprofile/accounts/routes.lua file. This allows an unauthenticated remote attacker to reset user PINs via...

The vulnerability of the lua_resume component in the ldo.c script interpreter of Lua allows a hacker to cause a service failure.

The vulnerability of the luaresume component in the ldo.c script interpreter of Lua is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure...