CVE-2021-44647

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service...

Lua安全漏洞

Lua is a lightweight, extensible open source scripting language from the Lua LUA team. Lua 5.4.4 and 5.4.2 have a security vulnerability that stems from a type obfuscation vulnerability in the funcnamefromcode function in lldebug.c, which can be exploited by an attacker to cause a local denial of...

PT-2022-12190

Name of the Vulnerable Software and Affected Versions Lua versions 5.4.2 through 5.4.4 Description The issue is related to a type confusion in the funcnamefromcode function in ldebug.c, which can cause a local denial of service due to a SEGV. Recommendations For Lua versions 5.4.2 through 5.4.4,...

CVE-2021-44647

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service...

CVE-2021-44647

CVE-2021-44647 affects Lua v5.4.3 and above. The vulnerability is a SEGV caused by a type confusion in funcnamefromcode within ldebug.c, leading to local denial of service. The provided materials identify Lua as the affected component and describe the local attack potential and lack of cross‑site...

CVE-2021-44647

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service...

USN-5212-2: Apache HTTP Server vulnerabilities

USN-5212-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use thi...

USN-5212-2 apache2 vulnerabilities

USN-5212-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use thi...

actix-lua (=0.2.0), age (>=0.5.0 <=0.6.1) +99 more potentially affected by CVE-2021-45712 via rust-embed (>=0.5.2 <=5.9.0)

rust-embed CARGO version =0.5.2, =0.5.0, =0.0.0, =0.1.0, =0.5.1, =0.1.0, =0.2.0, =0.1.0, =1.0.1, =0.1.0, =1.0.0, =0.1.31, =0.1.36 and more Source cves: CVE-2021-45712 Source advisory: OSV:GHSA-XRG3-HMF3-RVGW...

USN-5212-1 apache2 vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. CVE-2021-44224 It was discovered that...

OESA-2021-1473 httpd security update

Apache HTTP Server. Security Fixes: A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket...

CVE-2021-44790

A buffer overflow flaw in httpd's lua module could allow an out-of-bounds write. An attacker who is able to submit a crafted request to an httpd instance that is using the lua module may be able to cause an impact to confidentiality, integrity, and/or availability. Mitigation Disabling modlua and...

AZL-7044 CVE-2021-44790 affecting package httpd for versions less than 2.4.52-1

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

UBUNTU-CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

PT-2021-5542

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.51 and earlier Description A carefully crafted request body can cause a buffer overflow in the mod lua multipart parser, specifically when the r:parsebody function is called from Lua scripts. The Apache httpd te...

CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

Vulnerabilities fixed in Apache httpd

Apache has fixed two vulnerabilities in HTTP Server. The vulnerability with attribute CVE-2021-44224 is present when HTTP Server is configured as a forward proxy. The vulnerability allows a remote malicious person to cause a denial-of-service cause or potentially perform a cross-site request...

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

nginx-mitigate-log4shell Mitigate log4shell CVE-2021-44228 an...

OESA-2021-1452 redis5 security update

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...