CVE-2021-39156

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request...

CVE-2021-39156

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request...

CVE-2021-39155

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...

Path traversal

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request...

CVE-2021-39156 Fragments in Path May Lead to Authorization Policy Bypass

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request...

CVE-2021-39155 Authorization Policy Bypass Due to Case Insensitive Host Comparison

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...

Fedora: Security Advisory for prosody (FEDORA-2021-1d574ae400)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for prosody (FEDORA-2021-fe9513e089)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: prosody-0.11.10-1.fc33

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

[SECURITY] Fedora 34 Update: prosody-0.11.10-1.fc34

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

Prosodical Thoughts Prosody 安全漏洞

Prosodical Thoughts Prosody is an open source application of Prosodical Thoughts. A modern XMPP communication server. Prosodical Thoughts Prosody is vulnerable to an information disclosure vulnerability that originates in muc.lib.lua in Prosody versions 0.11.0 through 0.11.9, which can be exploit...

CVE-2021-37601

Prosody vulnerability CVE-2021-37601 affects muc.lib.lua and exposes the list of admins, members, owners, and banned entities for a Multi-User Chat in Prosody 0.11.0–0.11.9. The issue is an information-disclosure flaw that could be exploited remotely in some configurations. Upstream fix is availa...

The vulnerability of the ldebug.c component of the Lua script interpreter, related to a numerical loss of significance, allows an attacker to trigger a service failure.

The vulnerability of the ldebug.c component of the Lua script interpreter is related to a numerical loss of significance. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...

openSUSE 15 Security Update : lua53 (openSUSE-SU-2021:0962-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0962-1 advisory. - ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31...

Advisory ROSA-SA-2021-1910

Software: lua 5.1.4 OS: Cobalt 7.9 CVE-ID: CVE-2020-15888 CVE-Crit: HIGH CVE-DESC: Lua through 5.4.0 incorrectly handles the interaction between stack resizing and garbage collection, resulting in heap-based buffer overflow, heap-based buffer overflow, or post-release usage. CVE-STATUS: default...

Fedora: Security Advisory for redis (FEDORA-2021-0ad4bec5b1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

lua-resty-waf

This is a Lua library for building a web application firewall WAF on top of the OpenResty stack. The library is called "lua-resty-waf" and is maintained by Robert Paprocki p0pr0ck5. The library provides a set of APIs for loading and managing rules, as well as for logging and storing data. It also...

[SECURITY] Fedora 34 Update: redis-6.2.4-1.fc34

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

Libinjection - SQL / SQLI Tokenizer Parser Analyzer

SQL / SQLI tokenizer parser analyzer. For C and C++ PHP Python Lua Java external port LuaJIT/FFI https://github.com/p0pr0ck5/lua-ffi-libinjection external port See https://www.client9.com/ for details and presentations. Simple example: fingerprint of '%s'\n", state.fingerprint; return issqli; "...

SUSE SLES11 Security Update : vim (SUSE-SU-2020:14385-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14385-1 advisory. - In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces e.g., Python, Ruby,...