22 matches found
PT-2022-3822 · Lua +5 · Lua +5
Name of the Vulnerable Software and Affected Versions: Lua versions 5.4.0 through 5.4.4 Description: The issue is related to a heap-based buffer over-read in the singlevar function in lparser.c of Lua. This might affect systems that compile untrusted Lua code, potentially allowing a remote attack...
Arbitrary Code Execution
libxml2 is vulnerable to arbitrary code execution. The vulnerability exists as lparser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...