[SECURITY] Fedora 31 Update: prosody-0.11.7-1.fc31

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

[SECURITY] Fedora 32 Update: prosody-0.11.7-1.fc32

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

CVE-2020-15889 affecting package lua 5.3.5-9

CVE-2020-15889 affecting package lua 5.3.5-9. A patched version of the package is available...

PoetRAT: Malware targeting public and private sector in Azerbaijan evolves

By Warren Mercer, Paul Rascagneres and Vitor Ventura. The Azerbaijan public sector and other important organizations are still targeted by new versions of PoetRAT.This actor leverages malicious Microsoft Word documents alleged to be from the Azerbaijan government.The attacker has moved from Pytho...

[SECURITY] Fedora 33 Update: prosody-0.11.7-1.fc33

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

Cisco IOS XE Software Arbitrary Code Execution (cisco-sa-ios-lua-rce-7VeJX4f)

According to its self-reported version, Cisco IOS XE Software is affected by an arbitrary code execution vulnerability in its Lua interpreter due to insufficient permission checks on Lua function calls. An authenticated, local attacker can exploit this to bypass authentication and execute arbitra...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2020-2001)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.6.0 : vim (EulerOS-SA-2020-2001)

According to the version of the vim packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting...

Fedora: Security Advisory for lua (FEDORA-2020-38e35de8aa)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: lua-5.4.0-7.fc33

Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...

Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.

...

Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection leading to a heap-based buffer overflow heap-based buffer over-read or use-after-free.

...

Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.

...

Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.

...

CVE-2020-3423

A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system OS of an affected device. The vulnerability is due to...

Buffer overflow

A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system OS of an affected device. The vulnerability is due to...

CVE-2020-3423 Cisco IOS XE Software Arbitrary Code Execution Vulnerability

A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system OS of an affected device. The vulnerability is due to...

CVE-2020-3423 Cisco IOS XE Software Arbitrary Code Execution Vulnerability

A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system OS of an affected device. The vulnerability is due to...

CVE-2020-3423

CVE-2020-3423 concerns Cisco IOS XE Software, where the Lua interpreter implementation allows an authenticated, local attacker to execute arbitrary code with root privileges on the device’s Linux OS. The root cause is insufficient restrictions on Lua function calls within user-supplied scripts, e...

Cisco IOS XE Software Arbitrary Code Execution Vulnerability

A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system OS of an affected device. The vulnerability is due to...