Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis (UTSA-2026-005343)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005343 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to...

redis: Lua library commands may lead to integer overflow and potential RCE

An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script for example via EVAL/EVALSHA that can trigger memory corruption and potentially lead to remote code execution within the Redis server process...

redis: Lua library commands may lead to integer overflow and potential RCE

An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script for example via EVAL/EVALSHA that can trigger memory corruption and potentially lead to remote code execution within the Redis server process...

redis: Lua library commands may lead to integer overflow and potential RCE

An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script for example via EVAL/EVALSHA that can trigger memory corruption and potentially lead to remote code execution within the Redis server process...

redis,valkey -- Running Lua function as a different user

redis reports: An authenticated user may use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user The problem exists in all versions of Redis with Lua scripting. An additional workaround to mitigate the problem withou...

SUSE CVE-2015-4335

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...

ALPINE-CVE-2022-24735

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

ALPINE-CVE-2022-24736

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...

UBUNTU-CVE-2022-24736

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...

xdebug Unauthenticated OS Command Execution Exploit

This Metasploit module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below. This allows the attacker to execute arbitrary php code as the context of the web user. This module requires Metasploit: https://metasploit.com/download Current source:...

redis: Lua sandbox escape and arbitrary code execution

A flaw was discovered in redis that could allow an authenticated user, who was able to use the EVAL command to run Lua code, to break out of the Lua sandbox and execute arbitrary code on the system...

Redis EVAL Lua Sandbox Security Bypass Vulnerability

Redis is an open source memory-based and key-value pair storage the simplest form of database organization database system. Redis has a security vulnerability that allows a remote attacker to bypass certain security restrictions by submitting a special eval command to execute arbitrary Lua byteco...

DEBIAN-CVE-2015-4335

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...

CVE-2015-4335

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...

UBUNTU-CVE-2015-4335

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...

CVE-2015-4335

CVE-2015-4335: Redis EVAL Lua sandbox escape . The vulnerability affects Redis up to 2.8.21 and 3.x up to 3.0.2, where remote attackers could abuse the EVAL Lua command to execute arbitrary Lua bytecode, potentially escaping the sandbox and running code with Redis process privileges. Debian’s adv...

DSA-3279-1 redis - security update

Bulletin has no description...

Foswiki MAKETEXT - Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Foswiki MAKETEXT Remote Command...

Foswiki MAKETEXT Remote Command Execution

This module exploits a vulnerability in the MAKETEXT Foswiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since the input is passed to the Perl "eval" command without first being sanitized. The problem is caused by an underlying security issue in th...