OESA-2022-1764 lua security update

Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description. Security Fixes: An issue in the component luaGrunerror of Lua v5.4.4 and below leads to...

Important Photon OS Security Update - PHSA-2022-4.0-0214

Updates of 'go', 'ImageMagick', 'linux-esx', 'libtiff', 'lua', 'linux-secure', 'linux-aws', 'linux', 'linux-rt' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2022-0422

Updates of 'lua' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2022-3.0-0422

Updates of 'lua' packages of Photon OS have been released...

CVE-2022-28375

Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to...

CVE-2022-28375

Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to...

CVE-2022-28374

Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the local network can inject shell metacharacters into...

CVE-2022-28373

Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local network can inject shell metacharacters to achieve remote code...

Remote code execution

Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the local network can inject shell metacharacters into...

CVE-2022-28375

Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to...

PT-2022-18984 · Verizon · Verizon 5G Home Lvskihp Outdoorunit

Name of the Vulnerable Software and Affected Versions: Verizon 5G Home LVSKIHP OutDoorUnit ODU version 3.33.101.0 Description: The issue arises from improper sanitization of user-controlled parameters within the crtcsimprofile function of the crtcrpc JSON listener. This allows a remote attacker o...

An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.

...

CVE-2022-33099

A vulnerability was found in Lua. During error handling, the luaGerrormsg component uses slots from EXTRASTACK. Some errors can recur such as a string overflow while creating an error message in 'luaGrunerror', or a C-stack overflow before calling the message handler, causing a crash that leads t...

Fedora: Security Advisory for golang-github-yuin-gopher-lua (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vulnerability of the r:wsread() function in the mod_lua module of the Apache HTTP Server, which allows an attacker to gain unauthorized access to protected information

The vulnerability of the r:wsread function in the modlua module of the Apache HTTP Server is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the mod_lua module in the Apache HTTP Server allows a hacker to cause a service failure.

The vulnerability of the modlua module in the Apache HTTP Server is related to the unlimited distribution of resources when processing the function with zero parameter r:parsebody0. Exploiting this vulnerability allows a malicious actor to cause service failures by sending a specially crafted HTT...

AZL-35032 CVE-2022-33099 affecting package nmap for versions less than 7.95-1

An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...

CVE-2022-33099

An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...

AZL-10045 CVE-2022-33099 affecting package lua for versions less than 5.4.3-4

An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...

DEBIAN-CVE-2022-33099

An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...