CVE-2013-1951

A cross-site scripting XSS vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names...

Cross site scripting

A cross-site scripting XSS vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names...

CVE-2013-1951

A cross-site scripting XSS vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names...

CVE-2013-1951

CVE-2013-1951 affects MediaWiki: specific XSS vulnerability where an attacker can inject arbitrary script/HTML via Lua function names. Affected software includes MediaWiki prior to 1.19.5 and 1.20.x prior to 1.20.4; the underlying issue is triggered through Lua function name handling. The public ...

CVE-2013-1951

A cross-site scripting XSS vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names...

Debian DLA-1976-1 : imapfilter security update

The imapfilter tool, a utility for scripting IMAP operations in lua, lacked server name / certificate peer hostname validation support. For Debian 8 'Jessie', this problem has been fixed in version 1:2.5.2-2+deb8u1. We recommend that you upgrade your imapfilter packages. NOTE: Tenable Network...

[SECURITY] [DLA 1976-1] imapfilter security update

Package : imapfilter Version : 1:2.5.2-2+deb8u1 CVE ID : CVE-2016-10937 Debian Bug : 939702 The imapfilter tool, a utility for scripting IMAP operations in lua, lacked server name / certificate peer hostname validation support. For Debian 8 "Jessie", this problem has been fixed in version...

Mail.ru: Access to Tarantool

An access to admin interface of Tarantool host in development/stage environment was not properly restricted, allowing LUA code execution...

Critical Photon OS Security Update - PHSA-2019-3.0-0036

Updates of 'sysstat', 'etcd', 'dbus', 'gdb', 'u-boot', 'systemd', 'linux-esx', 'linux-aws', 'git', 'libgcrypt', 'rsyslog', 'lua', 'polkit', 'linux', 'python3', 'linux-secure', 'sqlite', 'oniguruma' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2019-0036

Updates of 'sysstat', 'gdb', 'rsyslog', 'polkit', 'sqlite', 'dbus', 'python3', 'etcd', 'lua', 'u-boot', 'libgcrypt', 'git', 'linux-esx', 'systemd', 'linux', 'linux-secure', 'linux-aws', 'oniguruma' packages of Photon OS have been released...

CVE-2018-11219

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking...

EulerOS 2.0 SP5 : lua (EulerOS-SA-2019-1978)

According to the version of the lua package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service...

PT-2021-23858 · Lua +6 · Lua +6

Name of the Vulnerable Software and Affected Versions: Lua Interpreter versions 5.1.0 through 5.4.4 Description: The issue is related to a stack overflow in the lua resume function of ldo.c in the Lua Interpreter. This can allow attackers to perform a Denial of Service via a crafted script file...

redis: Integer overflow in lua_struct.c:b_unpack()

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking...

redis: Heap corruption in lua_cmsgpack.c

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows...

EulerOS 2.0 SP8 : lua (EulerOS-SA-2019-1776)

According to the version of the lua packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Lua 5.3.5 has a use-after-free in luaupvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a...

Vera Edge Home Controller Command Execution Vulnerability

Vera Edge Home Controller is a smart home central control unit. A security vulnerability exists in LuaUPnP in Vera Edge Home Controller version 1.7.4452. A remote attacker can exploit the vulnerability by sending the 'code' parameter to /port3480/datarequest to execute arbitrary operating system...

CVE-2019-13598

LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port3480/datarequest because the "No unsafe lua allowed" code block is skipped...

CVE-2019-13598

LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port3480/datarequest because the "No unsafe lua allowed" code block is skipped...

CVE-2017-9389

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device allows a user to install applications written in the Lua programming language. Also the interfa...