EulerOS Virtualization for ARM 64 3.0.6.0 : vim (EulerOS-SA-2020-2001)

According to the version of the vim packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2020-2001)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for lua (FEDORA-2020-38e35de8aa)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: lua-5.4.0-7.fc33

Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...

Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.

...

Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.

...

Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection leading to a heap-based buffer overflow heap-based buffer over-read or use-after-free.

...

Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.

...

CVE-2020-3423

A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system OS of an affected device. The vulnerability is due to...

Buffer overflow

A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system OS of an affected device. The vulnerability is due to...

CVE-2020-3423 Cisco IOS XE Software Arbitrary Code Execution Vulnerability

A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system OS of an affected device. The vulnerability is due to...

CVE-2020-3423 Cisco IOS XE Software Arbitrary Code Execution Vulnerability

A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system OS of an affected device. The vulnerability is due to...

CVE-2020-3423

CVE-2020-3423 concerns Cisco IOS XE Software, where the Lua interpreter implementation allows an authenticated, local attacker to execute arbitrary code with root privileges on the device’s Linux OS. The root cause is insufficient restrictions on Lua function calls within user-supplied scripts, e...

Cisco IOS XE Software Arbitrary Code Execution Vulnerability

A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system OS of an affected device. The vulnerability is due to...

PT-2020-5052 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: The issue is related to insufficient restrictions on Lua function calls within the context of user-supplied Lua scripts in the Lua interpreter integrated in Cisco IOS XE...

CVE-2019-15992

A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating...

CVE-2019-15992

A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating...

Design/Logic Flaw

A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating...

CVE-2019-15992 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability

A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating...

CVE-2019-15992 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability

A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating...