EulerOS Virtualization 2.9.1 : httpd (EulerOS-SA-2022-2347)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an...

Mageia: Security Advisory (MGASA-2022-0339)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated redis packages fix security vulnerability

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

Amazon Linux 2022 : redis6, redis6-devel (ALAS2022-2022-115)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-115 advisory. A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the...

EulerOS 2.0 SP5 : httpd (EulerOS-SA-2022-2270)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to...

CVE-2022-35978

Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs i...

CVE-2022-35978

Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs i...

CVE-2022-35978

Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs i...

Design/Logic Flaw

Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs i...

CVE-2022-35978

Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs i...

CVE-2022-35978 Lua sandbox escape from mod in Minetest

Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs i...

OESA-2022-1823 redis6 security update

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

CVE-2022-35158

A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service DoS via a crafted lua script...

USN-5221-1 redis vulnerabilities

It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2021-32626 It was discovered that Redis incorrectly handled some malformed requests when using Redis...

Tencent TscanCode 安全漏洞

Tencent TscanCode is a fast and accurate static analysis solution for C/C++, C and Lua code from Tencent. Tencent TscanCode tsclua suffers from an unspecified vulnerability that stems from its lua parser that allows an attacker to cause a denial of service via a crafted lua script. No detailed...

CVE-2022-28375

Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2022:2101-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2101-1 advisory. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows a...

Denial Of Service (DoS)

Apache HTTP Server is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization to the input size allowing an attacker to crash the system via a malicious request to a lua script that calls r:parsebody0...

CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

DEBIAN-CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...