CVE-2021-44647

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service...

USN-5212-2: Apache HTTP Server vulnerabilities

USN-5212-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use thi...

USN-5212-2 apache2 vulnerabilities

USN-5212-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use thi...

actix-lua (=0.2.0), age (>=0.5.0 <=0.6.1) +99 more potentially affected by CVE-2021-45712 via rust-embed (>=0.5.2 <=5.9.0)

rust-embed CARGO version =0.5.2, =0.5.0, =0.0.0, =0.1.0, =0.5.1, =0.1.0, =0.2.0, =0.1.0, =1.0.1, =0.1.0, =1.0.0, =0.1.31, =0.1.36 and more Source cves: CVE-2021-45712 Source advisory: OSV:GHSA-XRG3-HMF3-RVGW...

USN-5212-1 apache2 vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. CVE-2021-44224 It was discovered that...

OESA-2021-1473 httpd security update

Apache HTTP Server. Security Fixes: A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket...

CVE-2021-44790

A buffer overflow flaw in httpd's lua module could allow an out-of-bounds write. An attacker who is able to submit a crafted request to an httpd instance that is using the lua module may be able to cause an impact to confidentiality, integrity, and/or availability. Mitigation Disabling modlua and...

AZL-7044 CVE-2021-44790 affecting package httpd for versions less than 2.4.52-1

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

UBUNTU-CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

Vulnerabilities fixed in Apache httpd

Apache has fixed two vulnerabilities in HTTP Server. The vulnerability with attribute CVE-2021-44224 is present when HTTP Server is configured as a forward proxy. The vulnerability allows a remote malicious person to cause a denial-of-service cause or potentially perform a cross-site request...

CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

PT-2021-5542

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.51 and earlier Description A carefully crafted request body can cause a buffer overflow in the mod lua multipart parser, specifically when the r:parsebody function is called from Lua scripts. The Apache httpd te...

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

nginx-mitigate-log4shell Mitigate log4shell CVE-2021-44228 an...

OESA-2021-1452 redis5 security update

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

PT-2022-12269

Name of the Vulnerable Software and Affected Versions Lua interpreter versions 5.4.0 through 5.4.3 Description The issue is related to a use after free in the garbage collector and finalizer of lgc.c in the Lua interpreter. This allows attackers to perform a Sandbox Escape via a crafted script...

Critical Photon OS Security Update - PHSA-2021-0130

Updates of 'lua', 'go', 'kafka' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2021-4.0-0130

Updates of 'go', 'librdkafka', 'lua', 'kafka' packages of Photon OS have been released...

openSUSE 15 Security Update : redis (openSUSE-SU-2021:3772-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3772-1 advisory. - Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis...

SUSE SLES15 Security Update : redis (SUSE-SU-2021:3772-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3772-1 advisory. - Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can...