229 matches found
CVE-2023-27224
An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file...
Design/Logic Flaw
An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file...
CVE-2023-27224
An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file...
Low: redis6
Issue Overview: A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user. CVE-2022-24735 A flaw was found in the Red...
CVE-2023-27224
An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file...
CVE-2023-27224
CVE-2023-27224 affects NginxProxyManager v2.9.19. A vulnerability allows remote attackers to execute arbitrary code by injecting a Lua script into the configuration file, due to insufficient input/data sanitization at the management level. This is described across multiple sources, and the impact...
Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2023-064)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-064 advisory. A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the...
PT-2023-2252 · Unknown · Nginx Proxy Manager
Name of the Vulnerable Software and Affected Versions: NginxProxyManager version 2.9.19 Description: An issue in NginxProxyManager allows an attacker to execute arbitrary code via a lua script to the configuration file. The vulnerability is related to the lack of data sanitization at the manageme...
K17157: Apache HTTP server vulnerability CVE-2015-0228
Security Advisory Description The luawebsocketread function in luarequest.c in the modlua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service child-process crash by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade...
K29735525: Apache HTTPD vulnerability CVE-2022-29404
Security Advisory Description In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size. CVE-2022-29404 Impact There is no impact; F5 products are not affected by this...
SUSE CVE-2011-3360
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory...
SUSE CVE-2022-29404
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...
SUSE CVE-2022-35978
Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs i...
Rocky Linux 9 : redis (RLSA-2022:8096)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8096 advisory. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior ...
Updated minetest packages fix security vulnerability
This update provides minetest 5.6.1, the latest stable release of the open source voxel game. This updates provides a number of feature and bug fix changes compared to the previous version 5.4.0 provided in Mageia 8. See the linked release notes and changelogs for details. The update also improve...
openSUSE 15 Security Update : minetest (openSUSE-SU-2023:0001-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2023:0001-1 advisory. - Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that contro...
Rocky Linux 8 : redis:6 (RLSA-2022:7541)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7541 advisory. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior ...
Oracle Linux 9 : redis (ELSA-2022-8096)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8096 advisory. 6.2.7-1 - rebase to 6.2.7 2083151 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...
AlmaLinux 9 : redis (ALSA-2022:8096)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8096 advisory. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis...
redis: Code injection via Lua script execution environment
A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user...