Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lua lua vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-4540
Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. This issue affects lua-http: all versions before commit d...
Daurnimator Lua-http 0.4
6.1
CVSSv3
CVE-2014-2875
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote malicious users to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID.
Keplerproject Cgilua
Keplerproject Cgilua 5.2
NA
CVE-2014-10300
lua-cgi: CVE-2014-2875
6.1
CVSSv3
CVE-2014-10400
The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote malicious users to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.
Keplerproject Cgilua
Keplerproject Cgilua 5.2
10
CVSSv3
CVE-2022-0543
It exists, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
Redis Redis -
1 Metasploit module
10 Github repositories
NA
CVE-2014-3399
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and previous versions does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or...
Cisco Adaptive Security Appliance Software
9.8
CVSSv3
CVE-2020-13151
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with net...
Aerospike Aerospike Server
1 Github repository
9.8
CVSSv3
CVE-2023-35853
In Suricata prior to 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
Oisf Suricata
8.1
CVSSv3
CVE-2019-3806
An issue has been found in PowerDNS Recursor versions after 4.1.3 prior to 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.
Powerdns Recursor
7.5
CVSSv3
CVE-2022-35158
A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows malicious users to cause a Denial of Service (DoS) via a crafted lua script.
Tencent Tscancode 2.15.01
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »