CVE-2024-31714

Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows an attacker to cause a denial of service via the Lua library component...

CVE-2024-31714

Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows an attacker to cause a denial of service via the Lua library component...

CVE-2024-31714

Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows an attacker to cause a denial of service via the Lua library component...

CVE-2024-31714

CVE-2024-31714 affects Waxlab wax v0.9-3 and earlier, with a buffer overflow in the Lua library component that can lead to denial of service. Exploitation details are not provided in the documents, but the issue is confirmed across multiple sources: Waxlab wax is an open‑source Lua extension for ...

Waxlab wax 安全漏洞

Waxlab wax is a Waxlab open source set of multi-purpose modules for extending the Lua standard library. A security vulnerability exists in Waxlab wax v.0.9-3 and earlier versions that originated from allowing an attacker to cause a denial of service via a Lua library component...

PT-2024-24192 · Unknown · Waxlab Wax +1

Name of the Vulnerable Software and Affected Versions: Waxlab wax versions 0.9-3 and earlier Description: The issue allows an attacker to cause a denial of service via the Lua library component. Recommendations: For versions 0.9-3 and earlier, consider disabling the Lua library component as a...

ShellSweep - PowerShell/Python/Lua Tool Designed To Detect Potential Webshell Files In A Specified Directory

ShellSweep ShellSweeping the evil Why ShellSweep "ShellSweep" is a PowerShell/Python/Lua tool designed to detect potential webshell files in a specified directory. ShellSheep and it's suite of tools calculate the entropy of file contents to estimate the likelihood of a file being a webshell. High...

PT-2025-40593

Name of the Vulnerable Software and Affected Versions Redis versions 8.2.1 and below Linux kernel versions affected versions not specified Description Redis, an in-memory database, is susceptible to a vulnerability where an authenticated user can execute a specially crafted Lua script to read...

RHEL 9 : redis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - redis: heap overflow in the lua cjson and cmsgpack libraries CVE-2022-24834 - Redis is an in-memory...

RHEL 7 : lua (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - lua: stack overflow in luaresume of ldo.c allows a DoS via a crafted script file CVE-2021-43519 Note that Nessus ha...

RHEL 6 : lua (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - lua: stack overflow in luaresume of ldo.c allows a DoS via a crafted script file CVE-2021-43519 Note that Nessus ha...

lua bug fix and enhancement update

An update is available for lua. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.3...

Malicious code in roblox.lua (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e40a28a758bd57252f74153dd5b2a9b6358608bfa2ec08c301e3647a7721e35a The OpenSSF Package Analysis project identified 'roblox.lua' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

CVE-2024-32973

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. In affected versions an attacker with the ability to actively intercept network traffic would be able to use a specifically-crafted certificate to fool Pluto into trusting it to be the intended remote for the TLS session...

CVE-2024-32973

Pluto (a Lua 5.4 superset) is affected in versions prior to 0.9.3. An attacker who can intercept network traffic can present a specially-crafted certificate to cause Pluto to trust the remote for a TLS session, degrading transport integrity in the HTTP library and socket.starttls. The issue is ad...

CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

PT-2024-25302

Name of the Vulnerable Software and Affected Versions lua-resty-jwt version 0.2.3 Description The issue allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM. This enables them to potentially access unauthorized resources or perfor...

lua-resty-jwt 安全漏洞

lua-resty-jwt is a library from the individual developer Christian Battaglia. A security vulnerability exists in lua-resty-jwt version 0.2.3, which originated from a vulnerability that allows an attacker to bypass all JWT parsing signature checks by crafting a JWT with an enc header with the valu...