3296 matches found
Lua Player Plus Vita security vulnerability
Lua Player Plus Vita is a script interpreter developed by Alessio Tosto as an individual project. Prior versions of Lua Player Plus Vita R6 had security vulnerabilities, which stemmed from out-of-bounds read operations...
PT-2026-4896
Name of the Vulnerable Software and Affected Versions turanszkij WickedEngine versions through 0.71.727 Description An out-of-bounds read issue exists in turanszkij WickedEngine, specifically within the LUA modules and associated file lparser.C. The issue is a heap-based buffer over-read that can...
PT-2026-4895
Out-of-bounds Read vulnerability in turanszkij WickedEngine WickedEngine/LUA modules. This vulnerability is associated with program files ldebug.C. This issue affects WickedEngine: before 0.71.705...
PT-2026-4893
Out-of-bounds Read vulnerability in praydog UEVR dependencies/lua/src modules. This vulnerability is associated with program files lparser.C. This issue affects UEVR: before 1.05...
GO-2026-4312 Envoy Extension Policy lua scripts injection causes arbitrary command execution in github.com/envoyproxy/gateway
Envoy Extension Policy lua scripts injection causes arbitrary command execution in github.com/envoyproxy/gateway...
Ubuntu: Security Advisory (USN-7969-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Azure Linux 3.0 Security Update: redis / valkey (CVE-2024-31449)
The version of redis / valkey installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-31449 advisory. - Redis is an open source, in-memory database that persists on disk. An authenticated user May use a...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Dungeon Crawl Stone Stoup vulnerability (USN-7969-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7969-1 advisory. David Mendenhall discovered that Dungeon Crawl Stone Soup was incorrectly handling Lua bytecode embedded in an uploaded .crawlrc file. An...
MiracleLinux 9 : redis:7 (AXSA:2024-9438:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9438:01 advisory. redis: Redis SORTRO may bypass ACL configuration CVE-2023-41053 redis: possible bypass of Unix socket permissions on startup CVE-2023-45145 redis:...
MiracleLinux 9 : lua-5.4.4-2.el9 (AXSA:2023-5175:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5175:02 advisory. lua: use after free allows Sandbox Escape CVE-2021-44964 lua: stack overflow in luaresume of ldo.c allows a DoS via a crafted script file...
MiracleLinux 8 : redis:6 (AXSA:2022-4434:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4434:01 advisory. redis: Code injection via Lua script execution environment CVE-2022-24735 redis: Malformed Lua script can crash Redis CVE-2022-24736 Tenable has...
MiracleLinux 9 : redis-6.2.7-1.el9 (AXSA:2023-4604:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4604:01 advisory. redis: Code injection via Lua script execution environment CVE-2022-24735 redis: Malformed Lua script can crash Redis CVE-2022-24736 Tenable has...
MiracleLinux 9 : redis:7 (AXSA:2025-11023:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11023:01 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts...
MiracleLinux 8 : lua-5.3.4-12.el8 (AXSA:2021-2619:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2619:01 advisory. lua: segmentation fault in getlocal and setlocal functions in ldebug.c CVE-2020-24370 Tenable has extracted the preceding description block directly from the...
MiracleLinux 9 : lua-5.4.4-3.el9 (AXSA:2023-5344:03)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5344:03 advisory. lua: heap buffer overread CVE-2022-28805 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...
MiracleLinux 9 : lua-5.4.2-4.el9.3 (AXSA:2023-5088:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5088:01 advisory. lua: heap buffer overflow in luaGerrormsg in ldebug.c due to uncontrolled recursion in error handling CVE-2022-33099 Tenable has extracted the preceding...
MiracleLinux 8 : redis:5 (AXSA:2021-2497:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2497:01 advisory. redis: Lua scripts can overflow the heap-based Lua stack CVE-2021-32626 redis: Integer overflow issue with Streams CVE-2021-32627 redis: Integer...
USN-7969-1 crawl vulnerability
David Mendenhall discovered that Dungeon Crawl Stone Soup was incorrectly handling Lua bytecode embedded in an uploaded .crawlrc file. An attacker could possibly use this issue to execute arbitrary code...
USN-7969-1: Dungeon Crawl Stone Stoup vulnerability
David Mendenhall discovered that Dungeon Crawl Stone Soup was incorrectly handling Lua bytecode embedded in an uploaded .crawlrc file. An attacker could possibly use this issue to execute arbitrary code...
CVE-2026-23742
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...