3306 matches found
CVE-2021-32921
CVE-2021-32921 affects Prosody before 0.11.9. When running under Lua 5.2 or later, it does not use a constant-time algorithm for comparing certain secret strings, which can enable a timing attack to reveal secret data. Public advisories and Debian/Arch/Gentoo listings corroborate this as part of ...
CVE-2021-32918
An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service DoS attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3...
CVE-2021-32918
An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service DoS attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3...
CVE-2021-32918
CVE-2021-32918 affects Prosody prior to 0.11.9. A default-configuration condition allows remote unauthenticated DoS via memory exhaustion when running under Lua 5.2 or Lua 5.3. The vulnerability arises from the way the server handles requests under those Lua versions, with the impact described as...
[SECURITY] Fedora 33 Update: redis-6.0.13-1.fc33
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
[SECURITY] Fedora 34 Update: redis-6.2.3-1.fc34
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
PT-2021-4055 · Lua 5.3 +4 · Lua 5.3 +4
Name of the Vulnerable Software and Affected Versions: Prosody versions prior to 0.11.9 Description: An issue in Prosody allows remote unauthenticated denial-of-service DoS attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3. The problem is related to an error in the resource...
PT-2021-4058 · Lua +2 · Lua +2
Name of the Vulnerable Software and Affected Versions: Prosody versions prior to 0.11.9 Description: An issue in Prosody allows an attacker to potentially reveal the contents of secret strings through a timing attack. This is due to the use of a non-constant-time algorithm for comparing certain...
Photon OS 4.0: Lua PHSA-2021-4.0-0009
An update of the lua package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-4.0-0009. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid148816;...
Important Photon OS Security Update - PHSA-2021-4.0-0009
Updates of 'lua' packages of Photon OS have been released...
Important Photon OS Security Update - PHSA-2021-0009
Updates of 'lua' packages of Photon OS have been released...
openSUSE Security Update : bcc (openSUSE-2021-535)
This update for bcc fixes the following issues : - Enabled PIE for bcc-lua if lua support is enabled bsc1183399 This update was imported from the SUSE:SLE-15-SP2:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Security update for bcc (moderate)
openSUSE Security Update: Security update for bcc Announcement ID: openSUSE-SU-2021:0535-1 Rating: moderate References: 1183399 Affected Products: openSUSE Leap 15.2 An update that contains security fixes can now be installed. Description: This update for bcc fixes the following issues: - Enabled...
OPENSUSE-SU-2021:0535-1 Security update for bcc
This update for bcc fixes the following issues: - Enabled PIE for bcc-lua if lua support is enabled bsc1183399 This update was imported from the SUSE:SLE-15-SP2:Update update project...
Redis < 6.0.3 Integer Overflow Vulnerability
Redis is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2020-36309
ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...
Cross site request forgery (csrf)
ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...
UBUNTU-CVE-2020-36309
ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...
PT-2021-11997 · Unknown +3 · Ngx Http Lua Module +3
Name of the Vulnerable Software and Affected Versions: ngx http lua module aka lua-nginx-module versions prior to 0.10.16 Description: The issue allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. Recommendations: For versions prior to...
PT-2021-2490 · Openwrt · Openwrt
Name of the Vulnerable Software and Affected Versions: OpenWrt 19.07 Description: The issue is related to the DDNS package in OpenWrt 19.07, where the detail.lua file allows remote authenticated users to inject arbitrary commands via POST requests to the /cgi-bin/luci API endpoint, specifically t...