366 matches found
[SECURITY] Fedora 34 Update: redis-6.2.3-1.fc34
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
FreedroidRPG Input Validation Error Vulnerability
FreedroidRPG is an open source role-playing game from the Freedroid team. A security vulnerability exists in the savestructinternal.c file in FreedroidRPG version 1.0rc2, which originates from a saved game file being a Lua script file. The vulnerability stems from the fact that the saved game fil...
UBUNTU-CVE-2019-20807
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces e.g., Python, Ruby, or Lua...
Hidden Bee: Let’s go down the rabbit hole
Some time ago, we discussed the interesting malware, Hidden Bee. It is a Chinese miner, composed of userland components, as well as of a bootkit part. One of its unique features is a custom format used for some of the high-level elements this format was featured in my recent presentation at SAS...
openSUSE Security Update : redis (openSUSE-2019-481)
This update for redis to 4.0.10 fixes the following issues : These security issues were fixed : - CVE-2018-11218: Prevent heap corruption vulnerability in cmsgpack bsc1097430. - CVE-2018-11219: Prevent integer overflow in Lua scripting bsc1097768. For Leap 42.3 and openSUSE SLE 12 backports this ...
openSUSE Security Update : haproxy (openSUSE-2019-824)
This update for haproxy to version 1.8.14 fixes the following issues : These security issues were fixed : - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpackvalididx that resulted in a remote crash and denial of service bsc1108683 -...
Open Source IPS: Suricata
Suricata is a free and open source, mature, fast and robust network threat detection engine. The Suricata engine is capable of real time intrusion detection IDS, inline intrusion prevention IPS, network security monitoring NSM and offline pcap processing. Suricata inspects the network traffic usi...
MGASA-2018-0325 Updated wesnoth packages fix security vulnerability
The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and play...
[ASA-201807-15] wesnoth: arbitrary code execution
Arch Linux Security Advisory ASA-201807-15 ========================================== Severity: High Date : 2018-07-25 CVE-ID : CVE-2018-1999023 Package : wesnoth Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-741 Summary ======= The package wesnoth before...
CVE-2018-1999023
The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and play...
CVE-2018-1999023
The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and play...
Code injection
The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and play...
CVE-2018-1999023
The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and play...
CVE-2018-1999023
CVE-2018-1999023 affects The Battle for Wesnoth Project versions 1.7.0 through 1.14.3. The vulnerability is a Code Injection flaw in the Lua scripting engine that can lead to code execution outside the sandbox. Exploitation vectors include loading specially-crafted saved games, networked games, r...
CVE-2018-1999023
The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and play...
CVE-2018-1999023
The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and play...
[SECURITY] Fedora 28 Update: love-0.10.2-12.fc28
LOVE is an open source, cross platform 2D game engine which uses the Lua scripting language. LOVE can be used to make games of any license allowing it to be used for both free and non-free projects...
[SECURITY] Fedora 26 Update: love-0.10.2-6.fc26
LOVE is an open source, cross platform 2D game engine which uses the Lua scripting language. LOVE can be used to make games of any license allowing it to be used for both free and non-free projects...
[SECURITY] Fedora 24 Update: redis-3.2.8-1.fc24
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
CVE-2017-5671
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriti...