Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2023-064)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-064 advisory. A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the...

CBL Mariner 2.0 Security Update: lua (CVE-2022-33099)

The version of lua installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-33099 advisory. - An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive...

CBL Mariner 2.0 Security Update: lua / memcached / ntopng (CVE-2021-44647)

The version of lua / memcached / ntopng installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-44647 advisory. - Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function i...

CBL Mariner 2.0 Security Update: lua (CVE-2022-28805)

The version of lua installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-28805 advisory. - singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call,...

Moderate: Red Hat Security Advisory: lua security update

An update for lua is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

lua: stack overflow in lua_resume of ldo.c allows a DoS via a crafted script file

A stack overflow issue was discovered in Lua in the luaresume function of 'ldo.c'. This flaw allows a local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a denial of service...

lua: use after free allows Sandbox Escape

A flaw was found in the Lua interpreter. This flaw allows an attacker who can have a malicious script executed by the interpreter, to cause a use-after-free issue that may result in a sandbox escape...

RHEL 9 : lua (RHSA-2023:1211)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1211 advisory. The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also...

[SECURITY] Fedora 38 Update: redis-7.0.9-1.fc38

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

[SECURITY] Fedora 36 Update: redis-6.2.11-1.fc36

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

PT-2023-2337 · Unknown · Rg-Ew1200G Pro Wireless Routers +2

Name of the Vulnerable Software and Affected Versions: RG-EW1200G PRO Wireless Routers version EW 3.01B11P204 RG-EW1800GX PRO Wireless Routers version EW 3.01B11P204 RG-EW3200GX PRO Wireless Routers version EW 3.01B11P204 Description: The issue is related to the lack of input data sanitization in...

The vulnerability of the microprogramming software of the input/output controller for controlling and monitoring the Control By Web X-600M, related to errors during code generation, allows a perpetrator to execute arbitrary code.

The vulnerability of the microprogramming software of the input/output controller for controlling and monitoring the Control By Web X-600M is related to errors during code generation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by running scripts written ...

lua: use after free allows Sandbox Escape

A flaw was found in the Lua interpreter. This flaw allows an attacker who can have a malicious script executed by the interpreter, to cause a use-after-free issue that may result in a sandbox escape...

lua: stack overflow in lua_resume of ldo.c allows a DoS via a crafted script file

A stack overflow issue was discovered in Lua in the luaresume function of 'ldo.c'. This flaw allows a local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a denial of service...

Moderate: Red Hat Security Advisory: lua security update

An update for lua is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

RHEL 9 : lua (RHSA-2023:0957)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0957 advisory. The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also...

AlmaLinux 9 : lua (ALSA-2023:0957)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0957 advisory. - Stack overflow in luaresume of ldo.c in Lua Interpreter 5.1.05.4.4 allows attackers to perform a Denial of Service via a crafted script file...

lua security update

5.4.4-2 - Resolves CVE-2021-43519 5.4.4-1 - Rebase to lua 5.4.4 - Resolves CVE-2021-44964 5.4.2-7 - Fix up CVE-2022-33099 patch 5.4.2-6 - Enable gating 5.4.2-5 - apply upstream fix for CVE-2022-33099...

Oracle Linux 9 : lua (ELSA-2023-0957)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0957 advisory. - Resolves CVE-2021-43519 - Resolves CVE-2021-44964 - Fix up CVE-2022-33099 patch Tenable has extracted the preceding description block directly from t...

ALSA-2023:0957 Moderate: lua security update

The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fixes: lua: use after free allows Sandbox Escape CVE-2021-44964 lua: stack overflow in...