CVE-2020-24987

Tenda AC18 Router through V15.03.05.05EN and through V15.03.05.196318 CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck function in /usr/lib/lua/ngxauthserver/ngxwdas.lua file if the administrator UI Interface is set to "radius"...

MGASA-2020-0362 Updated lua and lua5.3 packages fix security vulnerability

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31. CVE-2020-24370...

Updated lua and lua5.3 packages fix security vulnerability

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31. CVE-2020-24370...

Fedora: Security Advisory for lua (FEDORA-2020-c83556709c)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2020-1934)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 31 : lua (2020-c83556709c)

Fix CVE-2020-24370 . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security,...

[SECURITY] Fedora 31 Update: lua-5.3.5-8.fc31

Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...

The vulnerability of the ngx_http_lua_subrequest.c component in the OpenResty web server allows a attacker to compromise data integrity.

The vulnerability of the ngxhttpluasubrequest.c component in the OpenResty web server is related to inconsistent interpretation of http requests. Exploiting this vulnerability could allow a malicious actor to compromise data integrity from a remote location...

EulerOS 2.0 SP5 : vim (EulerOS-SA-2020-1934)

According to the version of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces e.g., Python, Ruby, o...

Fedora: Security Advisory for lua (FEDORA-2020-d7ed9f18ff)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-24342

Lua through 5.4.0 allows a stack redzone cross in luaOpushvfstring because a protection mechanism wrongly calls luaDcallnoyield twice in a row...

Debian DSA-4750-1 : nginx - security update

It was reported that the Lua module for Nginx, a high-performance web and reverse proxy server, is prone to a HTTP request smuggling vulnerability. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4750. The te...

Fedora 32 : lua (2020-d7ed9f18ff)

Fix CVE-2020-24370 . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security,...

Debian: Security Advisory (DSA-4750-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 32 Update: lua-5.3.5-8.fc32

Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...

CVE-2020-24371

lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage...

CVE-2020-24370

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31...

CVE-2020-24369

ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference...

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.

...

Lua Code Problems Vulnerabilities

Lua is a lightweight, extensible open source scripting language from the Lua team. A code issue vulnerability exists in the ldebug.c file in Lua version 5.4.0. The vulnerability stems from an improperly designed or implemented code development process for a networked system or product. No detaile...