BIT-KEYDB-2022-24834 Heap overflow issue with the Lua cjson library used by Redis

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

CVE-2024-43395

CraftOS-PC 2 on Windows is affected by a local filesystem escape vulnerability where an attacker can bypass the parent-directory check by obfuscating dots (..), allowing access to files outside the computer folder. This issue existed prior to version 2.8.3; a patch was released in 2.8.3. No explo...

Security Bulletin: IBM Cloud Pak for Data is vulnerable due to lua-resty (CVE-2024-33531)

Summary Lua is used by IBM Cloud Pak for Data as part of the web interface. CVE-2024-33531 Vulnerability Details CVEID:CVE-2024-33531 DESCRIPTION: lua-resty-jwt could allow a remote attacker to bypass security restrictions, caused by improper authentication validation. By sending a specially...

Ubuntu 22.04 LTS : Lua vulnerabilities (USN-6916-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6916-1 advisory. It was discovered that Lua did not properly generate code when ENV is constant. An attacker could possibly use this issue to cause a denial of service or...

USN-6916-1: Lua vulnerabilities

It was discovered that Lua did not properly generate code when "ENV" is constant. An attacker could possibly use this issue to cause a denial of service or execute arbitrary unstrusted lua code. CVE-2022-28805 It was discovered that Lua did not properly handle C stack overflows during error...

USN-6916-1 lua5.4 vulnerabilities

It was discovered that Lua did not properly generate code when "ENV" is constant. An attacker could possibly use this issue to cause a denial of service or execute arbitrary unstrusted lua code. CVE-2022-28805 It was discovered that Lua did not properly handle C stack overflows during error...

ROS-20240726-03

A vulnerability in the cjson and cmsgpack libraries of the Redis database management system DBMS is related to a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code using a specially crafted Lua...

Photon OS 3.0: Lua PHSA-2023-3.0-0620

An update of the lua package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0620. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid20380...

Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware

The Computer Emergency Response Team of Ukraine CERT-UA has alerted of a spear-phishing campaign that targeted a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which...

OpenResty 安全漏洞

OpenResty is an American OpenResty open source web application server based on Nginx and Lua. A security vulnerability exists in OpenResty, which stems from a hash denial of service vulnerability discovered in ljstrhash.c. The vulnerability is caused by a hash denial of service vulnerability...

Photon OS 4.0: Lua PHSA-2022-4.0-0168

An update of the lua package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-4.0-0168. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid20323...

Photon OS 4.0: Lua PHSA-2022-4.0-0214

An update of the lua package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-4.0-0214. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid20332...

Photon OS 4.0: Lua PHSA-2021-4.0-0130

An update of the lua package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-4.0-0130. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid20347...

Photon OS 5.0: Lua PHSA-2023-5.0-0036

An update of the lua package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0036. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid20360...

Photon OS 3.0: Lua PHSA-2019-3.0-0036

An update of the lua package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0036. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid20307...

Photon OS 4.0: Lua PHSA-2022-4.0-0173

An update of the lua package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-4.0-0173. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid20318...

Ankitects Anki MPV script injection vulnerability

Talos Vulnerability Report TALOS-2024-1993 Ankitects Anki MPV script injection vulnerability July 22, 2024 CVE Number CVE-2024-26020 SUMMARY An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary...

PT-2025-1017

Name of the Vulnerable Software and Affected Versions: Redis versions prior to 7.4.2, versions prior to 7.2.7, and versions prior to 6.2.17. Redis versions 5:6.0.16-1+deb11u5 and 5:7.0.15-1deb12u3. Redis versions 6.2.17-alt1. Description: Redis, an in-memory data store, is affected by a...

RHEL 8 : redis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - redis: Code injection via Lua script execution environment CVE-2022-24735 - redis: heap overflow in the l...

CBL Mariner 2.0 Security Update: lua / ntopng / memcached (CVE-2021-45985)

The version of lua / ntopng / memcached installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-45985 advisory. - In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffe...