3315 matches found
Fedora 22 : redis-2.8.21-1.fc22 (2015-9498)
Upstream 2.8.21 - Fix Lua sandbox escape and arbitrary code execution RHBZ 1228331 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
Fedora 21 : redis-2.8.21-1.fc21 (2015-9488)
Upstream 2.8.21 RHBZ 1228245 - Fix Lua sandbox escape and arbitrary code execution RHBZ 1228331 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...
wesnoth: information leakage
Wesnoth implements a text preprocessing language that is used in conjunction with its own game scripting language. It also has a built-in Lua interpreter and API. Both the Lua API and the preprocessor make use of the same function filesystem::getwmllocation to resolve file paths so that only...
Updated redis package fixes security vulnerability
It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code CVE-2015-4335...
MGASA-2015-0244 Updated redis package fixes security vulnerability
It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code CVE-2015-4335...
Redis EVAL Lua Sandbox Security Bypass Vulnerability
Redis is an open source memory-based and key-value pair storage the simplest form of database organization database system. Redis has a security vulnerability that allows a remote attacker to bypass certain security restrictions by submitting a special eval command to execute arbitrary Lua byteco...
CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
AZL-44232 CVE-2015-4335 affecting package compat-lua 5.1.5-17
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
DEBIAN-CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
Command injection
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
UBUNTU-CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
CVE-2015-4335 — Redis EVAL Lua Sandbox Escape
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. Recent assessments: hrbrmstr at June 08, 2020 6:38pm UTC reported: Ben Murphy’s dissection — — is pretty thorough. Assessed Attacker Value: 5 Assessed Attacker Value: 5Assessed...
FreeBSD : redis -- EVAL Lua Sandbox Escape (838fa84a-0e25-11e5-90e4-d050996490d0)
Ben Murphy reports : It is possible to break out of the Lua sandbox in Redis and execute arbitrary code. This shouldn't pose a threat to users under the trusted Redis security model where only trusted users can connect to the database. However, in real deployments there could be databases that ca...
Debian DSA-3279-1 : redis - security update
It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...
Redis LUA Exploit | Cloud Foundry
Redis LUA Exploit High Vendor Redis Versions Affected Redis 3.0.1 or older Redis 2.8.20 or older Redis 2.6.x Description It was discovered that it is possible to break out of the LUA sandbox in Redis and execute arbitrary code. The user must have access to the Redis process to connect and execute...
redis restrictions bypass
Lua sandbox escaping...