3315 matches found
CVE-2020-13151
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...
Remote code execution
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...
CVE-2020-13151
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...
CVE-2020-13151
CVE-2020-13151 affects the Aerospike Community Edition, specifically versions around 4.9.0.5. The vulnerability allows an unauthenticated user to submit a crafted Lua UDF that can execute arbitrary OS commands via os.execute(), enabling remote command execution on all cluster nodes with the Aeros...
PT-2020-13356 · Aerospike · Aerospike Community Edition
Name of the Vulnerable Software and Affected Versions: Aerospike Community Edition version 4.9.0.5 Description: The issue allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. Although it attempts to restrict code executio...
CVE-2020-15945
A flaw was found in lua. A segmentation fault is possible because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...
luajit: out-of-bounds read because __gc handler frame traversal is mishandled
A flaw was found in luajit. An out-of-bounds read can occur due to a frame traversal being mishandled...
AZL-6671 CVE-2020-15945 affecting package lua for versions less than 5.4.3-1
Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in changedline in ldebug.c e.g., when called by luaGtraceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...
CVE-2020-15945
Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in changedline in ldebug.c e.g., when called by luaGtraceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...
CVE-2020-15945
Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in changedline in ldebug.c e.g., when called by luaGtraceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...
DEBIAN-CVE-2020-15945
Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in changedline in ldebug.c e.g., when called by luaGtraceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...
AZL-40818 CVE-2020-15945 affecting package lua for versions less than 5.4.0-1
Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in changedline in ldebug.c e.g., when called by luaGtraceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...
Design/Logic Flaw
Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c e.g., when called by luaGtraceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...
CVE-2020-15945
Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in changedline in ldebug.c e.g., when called by luaGtraceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...
CVE-2020-15945
Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in changedline in ldebug.c e.g., when called by luaGtraceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...
CVE-2020-15945
CVE-2020-15945 : Lua 5.4.0 contains a segmentation fault in ldebug.c (e.g., when invoked by luaG_traceexec) due to incorrect handling of an oldpc value on function returns. This is fixed in Lua 5.4.1. Affected: Lua 5.4.0; Fix: upgrade to 5.4.1. If you rely on this CVE, upgrade your Lua runtime to...
CVE-2020-15945
Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in changedline in ldebug.c e.g., when called by luaGtraceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...
CVE-2020-15888
A flaw was found in Lua in versions through 5.4.0. The interactions between stack resizes and garbage collections are mishandled leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. The highest threat from this vulnerability is to data confidentiality and...
CVE-2020-15889
Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members...
PT-2020-14728 · Lua +1 · Lua +1
Name of the Vulnerable Software and Affected Versions: Lua versions prior to 5.4.1 Description: The issue is related to a segmentation fault in the changedline function in ldebug.c, which can be triggered when luaG traceexec is called. This occurs because the code incorrectly assumes that the old...