DEBIAN-CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

ALPINE-CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

UBUNTU-CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

Design/Logic Flaw

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

CVE-2022-29404

CVE-2022-29404 affects Apache HTTP Server 2.4.53 and earlier. The vulnerability lies in the mod_lua code path: a malicious request to a Lua script calling r:parsebody(0) can cause a denial of service due to no default input size limit. Impact is DoS (availability) with network exposure; no data c...

CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

SUSE SLES15 Security Update : redis (SUSE-SU-2022:1929-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1929-1 advisory. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attack...

Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root Exploit

Schneider Electric C-Bus Automation Controller 5500SHAC version 1.10 suffers from an authenticated arbitrary command execution vulnerability. An attacker can abuse the Start-up init script editor and exploit the script POST parameter to insert malicious Lua script code and execute commands with...

Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root

!/usr/bin/env python3 -- coding: utf-8 -- Schneider Electric C-Bus Automation Controller 5500SHAC 1.10 Remote Root Exploit Vendor: Schneider Electric SE Product web page: https://www.se.com | https://www.clipsal.com Product details: -...

Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root Exploit

Summary The C-Bus Network Automation Controller 5500NAC and the Wiser for C-Bus Automation Controller 5500SHAC is an advanced controller from Schneider Electric. It is specifically designed to unite the C-Bus home automation solution with common household communication protocols, from lighting an...

SUSE SLES15 Security Update : redis (SUSE-SU-2022:1842-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1842-1 advisory. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attack...

A Malformed Lua script can crash Redis

...

Denial Of Service (DoS)

Redis is vulnerable to denial of service. An attacker can load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process...

CVE-2022-24736

A flaw was found in the Redis database when a malformed Lua script can cause a NULL pointer dereference. This flaw allows an attacker to load a crafting script, which results in a crash of the redis-server process. Mitigation If Lua scripting is not being used, this vulnerability can be mitigated...

Redis Injection Vulnerability

Redis Labs Redis is the United States Redis Labs, Inc. of a set of open-source use of ANSI C written to support the network , can be based on the memory can also be a persistent log-type , key-value Key-Value storage database , and provides a variety of languages API. An injection vulnerability...

FreeBSD : redis -- Multiple vulnerabilities (cc42db1c-c65f-11ec-ad96-0800270512f4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the cc42db1c-c65f-11ec-ad96-0800270512f4 advisory. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua...

Unspecified Vulnerability in Redis

Redis Labs Redis is the United States Redis Labs, Inc. of a set of open-source use of ANSI C written to support the network , can be based on the memory can also be a persistent log-type , key-value Key-Value storage database , and provides a variety of languages API. A security vulnerability...