24 matches found
SUSE CVE-2026-41196
Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...
CVE-2026-41196
Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...
CVE-2026-40959
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...
CVE-2025-41688 High Privilege RCE via LUA Sandbox Escape
A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox...
CVE-2025-41688
CVE-2025-41688 describes a high-privilege RCE via an undocumented method that escapes the LUA sandbox, enabling execution of arbitrary OS commands. Reported impact includes total system compromise with network access as the attack vector and no user interaction required. Affected products noted i...
CVE-2025-41688 High Privilege RCE via LUA Sandbox Escape
A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox...
K000136079: Redis vulnerability CVE-2022-0543
Security Advisory Description It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution. CVE-2022-0543 Impact There is no impact; F5 products are not affected by this...
New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems
Cybersecurity researchers have uncovered a new cloud targeting, peer-to-peer P2P worm called P2PInfect that targets vulnerable Redis instances for follow-on exploitation. "P2PInfect exploits Redis servers running on both Linux and Windows Operating Systems making it more scalable and potent than...
Exploit for Missing Authorization in Redis
CVE-2022-0543 Fully featured exploit for Redis RCE through Lua...
Redis Lua Sandbox Escape
This module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries. On...
Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability
Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system. The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data...
Ubuntu 20.04 LTS : Redis vulnerability (USN-5316-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5316-1 advisory. Reginaldo Silva discovered that due to a packaging issue, a remote attacker with the ability to execute arbitrary Lua scripts could possibly escape the Lua sandbo...
Debian: Security Advisory (DSA-5081-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-5081-1 : redis - security update
The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5081 advisory. - It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in...
Remote Code Execution
redis is vulnerable to remote code execution. A persistent key-value database is prone to a Debian-specific Lua sandbox escape due to a packaging issue allows an attacker to upload and execute malicious code on the targeted system...
CVE-2022-0543
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution...
Remote code execution
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution...
CVE-2022-0543
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution...
CVE-2022-0543
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution...
CVE-2022-0543
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution...