192 matches found
UBUNTU-CVE-2022-28615
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...
Out-of-bounds
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...
CVE-2022-28615
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...
CVE-2022-28615
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...
CVE-2022-28615
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...
Apache 2.4.x < 2.4.52 mod_lua Buffer Overflow
The version of Apache httpd installed on the remote host is prior to 2.4.52. It is, therefore, affected by a flaw related to modlua when handling multipart content. A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The...
Lua scripts can be manipulated to overcome ACL rules in Redis
...
USN-5316-1 redis vulnerability
Reginaldo Silva discovered that due to a packaging issue, a remote attacker with the ability to execute arbitrary Lua scripts could possibly escape the Lua sandbox and execute arbitrary code on the host...
CVE-2021-44790
A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...
Debian: Security Advisory (DLA-2810-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : Red Hat OpenStack Platform 13.0 (redis) (RHSA-2021:3980)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3980 advisory. Redis is an advanced key-value store. Security Fixes: Lua scripts can overflow the heap-based Lua stack CVE-2021-32626 Integer overflow issu...
redis: Lua scripts can overflow the heap-based Lua stack
A heap buffer overflow was found in redis. Specially crafted Lua scripts executing in Redis cause the heap-based Lua stack to overflow due to incomplete checks for this condition. This flaw allows a remote attacker to corrupt the heap and potentially trigger remote code execution. The highest...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 10.0 (redis) security update
An update for redis is now available for Red Hat OpenStack Platform 10 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
redis: Lua scripts can overflow the heap-based Lua stack
A heap buffer overflow was found in redis. Specially crafted Lua scripts executing in Redis cause the heap-based Lua stack to overflow due to incomplete checks for this condition. This flaw allows a remote attacker to corrupt the heap and potentially trigger remote code execution. The highest...
RHEL 7 : rh-redis5-redis (RHSA-2021:3947)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3947 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets...
RHEL 8 : redis:6 (RHSA-2021:3945)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3945 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets...
RHEL 8 : redis:5 (RHSA-2021:3946)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3946 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets...
MGASA-2021-0483 Updated redis packages fix security vulnerability
CVE-2021-32626: Specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. CVE-2021-32627: An integer overflow bug in Redis 5.0 or...
Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.1.12 security fixes and container updates
Red Hat Advanced Cluster Management for Kubernetes 2.1.12 General Availability release images, which provide security fixes and update the container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...
Important: Red Hat Security Advisory: redis:6 security update
An update for the redis:6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...