AZL-9048 CVE-2021-44964 affecting package lua for versions less than 5.4.4-1

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

AZL-60112 CVE-2021-44964 affecting package memcached for versions less than 1.6.22-2

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

AZL-60034 CVE-2021-44964 affecting package ntopng for versions less than 5.2.1-3

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

Double free

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

UBUNTU-CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

CVE-2021-44964

CVE-2021-44964 affects Lua interpreter 5.4.0–5.4.3, where use-after-free in the garbage collector/finalizer (lgc.c) enables Sandbox Escape via a crafted script file. Multiple connected advisories confirm the issue and note that patched versions exist (e.g., Lua 5.4.4+; e.g., 5.4.4-1 or newer) and...

CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

Lua 资源管理错误漏洞

Lua is a lightweight, extended open source scripting language from the Lua LUA team. Lua interpreter versions 5.4.0 through 5.4.3 are vulnerable to a resource management error, which can be exploited by attackers to execute Sandbox Escape via a specially crafted script file...

USN-5316-1 redis vulnerability

Reginaldo Silva discovered that due to a packaging issue, a remote attacker with the ability to execute arbitrary Lua scripts could possibly escape the Lua sandbox and execute arbitrary code on the host...

USN-5316-1: Redis vulnerability

Reginaldo Silva discovered that due to a packaging issue, a remote attacker with the ability to execute arbitrary Lua scripts could possibly escape the Lua sandbox and execute arbitrary code on the host...

Ubuntu 20.04 LTS : Redis vulnerability (USN-5316-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5316-1 advisory. Reginaldo Silva discovered that due to a packaging issue, a remote attacker with the ability to execute arbitrary Lua scripts could possibly escape the Lua sandbo...

APISIX Admin API default access token RCE

Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1 that can be used to access all of the admin API, which leads to remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass the IP...

Apache APISIX Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'APISIX Admin API default access token RCE', 'Description' = %q Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1...

Apache APISIX Remote Code Execution Exploit

Apache APISIX has a default, built-in API token that can be used to obtain full access of the admin API. Access to this API allows for remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass th e IP restriction...

Phishing Campaign Targeted Those Aiding Ukraine Refugees

Cyberattackers used a compromised Ukrainian military email address to phish EU government employees who’ve been involved in managing the logistics of refugees fleeing Ukraine, according to a new report. Ukraine has been at the center of an unprecedented wave of cyberattacks in recent weeks and...

Hackers Try to Target European Officials to Get Info on Ukrainian Refugees, Supplies

Details of a new nation-state sponsored phishing campaign have been uncovered setting its sights on European governmental entities in what's seen as an attempt to obtain intelligence on refugee and supply movement in the region. Enterprise security company Proofpoint, which detected the malicious...

Vulnerability fixed in redis

A vulnerability has been fixed in the redis packages for Debian. The vulnerability allows a remote malicious person to execute execute arbitrary commands on the underlying system. This vulnerability affects only Debian packages for redis, due to a bug in the Debian specific configuration for the...

Debian: Security Advisory (DSA-5081-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...