CVE-2024-46981

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

CVE-2024-46981

CVE-2024-46981 affects Redis where an authenticated user using a crafted Lua script can manipulate the Lua garbage collector, potentially leading to remote code execution. Affected Redis versions are fixed in 7.4.2, 7.2.7, and 6.2.17; advisories also note an added mitigation: restricting Lua exec...

redis,valkey -- Remote code execution valnerability

Redis core team reports: An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting...

EulerOS 2.0 SP12 : lua (EulerOS-SA-2024-2939)

According to the versions of the lua package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31.CVE-2020-24370...

EulerOS 2.0 SP12 : lua (EulerOS-SA-2024-2954)

According to the versions of the lua package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31.CVE-2020-24370...

Huawei EulerOS: Security Advisory for lua (EulerOS-SA-2024-2954)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for lua (EulerOS-SA-2024-2939)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2022 : lua, lua-devel, lua-libs (ALAS2022-2022-031)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-031 advisory. A stack overflow issue was discovered in Lua in the luaresume function of ldo.c. This flaw allows a local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that...

CVE-2024-10776

Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write files or load apps that use all features of the product available to a customer...

CVE-2024-10776 SICK InspectorP61x and SICK InspectorP62x: missing authentication

Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write files or load apps that use all features of the product available to a customer...

CVE-2024-10776

CVE-2024-10776 concerns SICK InspectorP61x/InspectorP62x (and related TiM3xx in SICK PSIRT context) where Lua apps can be deployed, removed, started, reloaded or stopped without authorization through AppManager. This leads to DoS by removing legitimate apps, plus reading/writing files or loading ...

PT-2024-16535 · Unknown · Appmanager

Name of the Vulnerable Software and Affected Versions: AppManager affected versions not specified Description: The issue allows Lua apps to be deployed, removed, started, reloaded, or stopped without authorization via AppManager. This enables an attacker to remove legitimate apps, creating a...

SICK InspectorP61x 安全漏洞

The SICK InspectorP61x is an ultra-compact industrial 2D vision sensor from SICK, Germany. A security vulnerability exists in the SICK InspectorP61x version prior to 5.0.0 and InspectorP62x version prior to 5.0.0 that originates from a Lua application that can be deployed, deleted, started,...

redis: Lua library commands may lead to stack overflow and RCE in Redis

A flaw was found in Redis. This flaw allows an authenticated user to use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may lead to remote code execution. The problem exists in all versions of Redis with Lua scripting...

Moderate: Red Hat Security Advisory: redis:7 security update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

NodeMCU 安全漏洞

NodeMCU is a Lua-based open source firmware from NodeMCU Open Source. A security vulnerability exists in NodeMCU version v3.0.0-release20240225, which stems from the getnum function in /modules/struct.c containing an integer overflow...

Fedora 41 : lua-mpack (2024-c83b7dcae0)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c83b7dcae0 advisory. Fix buffer overrun when giving an offset to Session:receive Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora 41 : valkey (2024-e717420659)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e717420659 advisory. update to 8.0.1 fixes CVE-2024-31449 Lua library commands may lead to stack overflow and potential RCE. CVE-2024-31227 Potential Denial-of-service d...

CVE-2024-36513

A privilege context switching error vulnerability CWE-270 in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts...

CVE-2024-36513

A privilege context switching error vulnerability CWE-270 in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts...