The vulnerability of the `static ptrdiff_t finderrfunc` function in the `src/lj_err.c` file of the LuaJIT compiler, a programming language for Lua. This vulnerability allows an attacker to cause a service failure.

The vulnerability of the static ptrdifft finderrfunc function in the src/ljerr.c file of the LuaJIT compiler for the Lua programming language is related to reading data beyond the allowed buffer size. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

OESA-2021-1057 luajit security update

LuaJIT is a Just-In-Time Compiler JIT for the Lua programming language. Lua is a powerful, dynamic and light-weight programming language. It may be embedded or used as a general-purpose, stand-alone language. Security Fixes: LuaJIT through 2.1.0-beta3 has an out-of-bounds read in ljerrrun in...

Huawei EulerOS: Security Advisory for lua (EulerOS-SA-2021-1545)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.6.0 : lua (EulerOS-SA-2021-1545)

According to the version of the lua packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by...

Fedora: Security Advisory for prosody (FEDORA-2021-a639ec5d6e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for prosody (FEDORA-2021-54d3af6388)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 32 Update: prosody-0.11.8-1.fc32

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

[SECURITY] Fedora 33 Update: prosody-0.11.8-1.fc33

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

The vulnerability of the getnum() function implementation in the NoSQL Redis database management system allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the getnum function implementation in the NoSQL Redis database management system arises from a potential integer overflow. Exploiting this vulnerability could allow an attacker to cause service failures or execute arbitrary code using the scripting language Lua...

Huawei EulerOS: Security Advisory for lua (EulerOS-SA-2021-1154)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : lua (EulerOS-SA-2021-1154)

According to the version of the lua packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31.CVE-2020-24370 Not...

CentOS 8 : lua (CESA-2019:3706)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:3706 advisory. - lua: use-after-free in luaupvaluejoin in lapi.c resulting in denial of service CVE-2019-6706 Note that Nessus has not tested for this issue but has instead...

OSV-2021-205 Heap-use-after-free in lua_closeslot

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29610 Crash type: Heap-use-after-free WRITE 1 Crash state: luacloseslot luaLtraceback msghandler...

Medium: vim

Issue Overview: A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found that users could still execute some arbitrary OS commands in the restricted mode. This flaw was fixed by filtering the functions that can call OS...

CVE-2020-25757

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17...

CVE-2020-25757

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17...

Input validation

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17...

CVE-2020-25757

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17...

CVE-2020-25757

CVE-2020-25757 affects D-Link DSR-series VPN routers (DSR-150, DSR-250, DSR-500, DSR-1000AC) running firmware 3.14 and 3.17. The root cause is inadequate input validation and access controls in Lua CGI handlers, allowing user-supplied data to reach system command APIs (os.popen) and enabling arbi...

The vulnerability of the Lua interpreter used in Cisco IOS XE operating systems allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the Lua interpreter used in Cisco IOS XE operating systems is related to insufficient restrictions on function calls. Exploiting this vulnerability allows an attacker to execute arbitrary code with root privileges...