Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lua lua vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2022-35978
Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua enviro...
Minetest Minetest
10
CVSSv3
CVE-2022-0543
It exists, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
Redis Redis -
1 Metasploit module
10 Github repositories
10
CVSSv3
CVE-2018-4031
An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua s...
Getcujo Smart Firewall 7003
9.8
CVSSv3
CVE-2023-50919
An issue exists on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4....
Gl-inet Gl-ax1800 Firmware 4.3.7
Gl-inet Gl-ax1800 Firmware 4.4.6
Gl-inet Gl-axt1800 Firmware 4.3.7
Gl-inet Gl-axt1800 Firmware 4.4.6
Gl-inet Gl-mt3000 Firmware 4.3.7
Gl-inet Gl-mt3000 Firmware 4.4.6
Gl-inet Gl-mt2500 Firmware 4.3.7
Gl-inet Gl-mt2500 Firmware 4.4.6
Gl-inet Gl-mt6000 Firmware 4.3.7
Gl-inet Gl-mt6000 Firmware 4.4.6
Gl-inet Gl-mt1300 Firmware 4.3.7
Gl-inet Gl-mt1300 Firmware 4.4.6
Gl-inet Gl-mt300n-v2 Firmware 4.3.7
Gl-inet Gl-mt300n-v2 Firmware 4.4.6
Gl-inet Gl-ar750s Firmware 4.3.7
Gl-inet Gl-ar750s Firmware 4.4.6
Gl-inet Gl-ar750 Firmware 4.3.7
Gl-inet Gl-ar750 Firmware 4.4.6
Gl-inet Gl-ar300m Firmware 4.3.7
Gl-inet Gl-ar300m Firmware 4.4.6
Gl-inet Gl-b1300 Firmware 4.3.7
Gl-inet Gl-b1300 Firmware 4.4.6
1 Metasploit module
9.8
CVSSv3
CVE-2023-52252
Unified Remote 3.13.0 allows remote malicious users to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.
Unifiedremote Unified Remote 3.13.0
9.8
CVSSv3
CVE-2023-35853
In Suricata prior to 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
Oisf Suricata
9.8
CVSSv3
CVE-2023-27488
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components ...
Envoyproxy Envoy
9.8
CVSSv3
CVE-2023-27224
An issue found in NginxProxyManager v.2.9.19 allows an malicious user to execute arbitrary code via a lua script to the configuration file.
Jc21 Nginx Proxy Manager 2.9.19
9.8
CVSSv3
CVE-2023-23551
Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an malicious user to remotely execute arbitrary code.
Controlbyweb X-600m Firmware
9.8
CVSSv3
CVE-2022-28373
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local network can inject shell metacharacters to ac...
Verizon Lvskihp Indoorunit Firmware 3.4.66.162
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »