CVE-2024-33531

CVE-2024-33531 affects lua-resty-jwt 0.2.3, allowing attackers to bypass all JWT-signature checks by crafting a token with an enc header value of A256GCM. The issue is documented across multiple IBM advisories and CVE aggregations, with no public exploitation details provided in the sources. Reme...

CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

PT-2024-24156 · Unknown · Rg-Rsr10-01G-T(Wa)-S

Name of the Vulnerable Software and Affected Versions: RG-RSR10-01G-TW-S and RG-RSR10-01G-TWA-S routers version RSR10-01G-T-S RSR 3.01B9P2, Release07150910 Description: An issue in the routers allows attackers to execute arbitrary code via the common quick config.lua file. Recommendations: For...

New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth

A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control C2 server IP...

CVE-2024-31446

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device ...

CVE-2024-31446 OpenComputers Denial of Service using xpcall

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device ...

CVE-2024-31446

OpenComputers vulnerable prior to version 1.8.4 (and GregTech: New Horizons pre-patch 1.10.10-GTNH). A user can cause a Computer thread to hang in the Lua VM via xpcall, which can eventually block the Server thread and require a server restart. LuaJ is reported not to have this issue. The vulnera...

CVE-2024-31446 OpenComputers Denial of Service using xpcall

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device ...

CVE-2024-31446 OpenComputers Denial of Service using xpcall

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device ...

[SECURITY] Fedora 39 Update: pandoc-3.1.3-29.fc39

Pandoc is a Haskell library for converting from one markup format to another. The formats it can handle include - light markup formats many variants of Markdown, reStructuredText, AsciiDoc, Org-mode, Muse, Textile, txt2tags - HTML formats HTML 4 and 5 - Ebook formats EPUB v2 and v3, FB2 -...

CVE-2022-33099 affecting package lua for versions less than 5.4.4-2

CVE-2022-33099 affecting package lua for versions less than 5.4.4-2. A patched version of the package is available...

CVE-2022-28805 affecting package lua for versions less than 5.4.4-2

CVE-2022-28805 affecting package lua for versions less than 5.4.4-2. A patched version of the package is available...

CVE-2020-24370 affecting package lua for versions less than 5.4.6-1

CVE-2020-24370 affecting package lua for versions less than 5.4.6-1. A patched version of the package is available...

Exploit for CVE-2024-27697

FuguHub 8.4 Authenticated RCE Fuguhub is a Cloud Media Serve...

Fedora: Security Advisory for xmvn-generator (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: xmvn-generator-1.2.2-3.fc40

XMvn Generator is a dependency generator for RPM Package Manager written in Java and Lua, that uses LuJavRite library to call Java code from Lua...

BIT-REDIS-2021-32626 Lua scripts can overflow the heap-based Lua stack in Redis

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...

BIT-REDIS-2021-32672 Vulnerability in Lua Debugger in Redis

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support 3.2 or newer...

BIT-REDIS-2022-0543

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution...

BIT-REDIS-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...