CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10776 – SICK InspectorP61x and SICK InspectorP62x: missing authentication
https://notcve.org/view.php?id=CVE-2024-10776
06 Dec 2024 — Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write files or load apps that use all features of the product available to a customer. Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write files or load apps that use all features of the pro... • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45985
https://notcve.org/view.php?id=CVE-2021-45985
10 Apr 2023 — In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read. • http://lua-users.org/lists/lua-l/2021-12/msg00019.html • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3CVE-2022-33099 – lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to uncontrolled recursion in error handling
https://notcve.org/view.php?id=CVE-2022-33099
01 Jul 2022 — An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. Un problema en el componente luaG_runerror de Lua versiones v5.4.4 y posteriores, conlleva a un desbordamiento del búfer de la pila cuando es producido un error recursivo A vulnerability was found in Lua. During error handling, the luaG_errormsg() component uses slots from EXTRA_STACK. Some errors can recur such as a string overflow while creating an error message in 'luaG_runerror'... • https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 3CVE-2022-28805 – lua: heap buffer overread
https://notcve.org/view.php?id=CVE-2022-28805
08 Apr 2022 — singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. singlevar en lparser.c en Lua desde (incluyendo) 5.4.0 hasta (excluyendo) 5.4.4 carece de una determinada llamada a luaK_exp2anyregup, lo que lleva a una sobrelectura del búfer basada en la pila que podría afectar a un sistema que compila código Lua no fiable A heap buffer-overflow vulnerabil... • https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 3CVE-2021-44964 – lua: use after free allows Sandbox Escape
https://notcve.org/view.php?id=CVE-2021-44964
14 Mar 2022 — Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file. Un uso de memoria previamente liberada en el recolector de basura y en el finalizador de lgc.c en el intérprete de Lua versiones 5.4.0~5.4.3, permite a atacantes llevar a cabo un Escape del Sandbox por medio de un archivo de script diseñado A flaw was found in the Lua interpreter. This flaw allows an attacker who can have a malicious script executed ... • http://lua-users.org/lists/lua-l/2021-11/msg00186.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44647 – Gentoo Linux Security Advisory 202305-23
https://notcve.org/view.php?id=CVE-2021-44647
11 Jan 2022 — Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service. Lua versión v5.4.3 y superiores están afectados por SEGV por confusión de tipo en la función funcnamefromcode en ldebug.c que puede causar una denegación de servicio local Multiple vulnerabilities have been discovered in Lua, the worst of which could result in arbitrary code execution. • http://lua-users.org/lists/lua-l/2021-11/msg00195.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-43519 – lua: stack overflow in lua_resume of ldo.c allows a DoS via a crafted script file
https://notcve.org/view.php?id=CVE-2021-43519
09 Nov 2021 — Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. UN desbordamiento de pila en la función lua_resume del archivo ldo.c en Lua Interpreter versiones 5.1.0~5.4.4, permite a atacantes llevar a cabo una Denegación de Servicio por medio de un archivo de script diseñado A stack overflow issue was discovered in Lua in the lua_resume() function of 'ldo.c'. This flaw allows a local attacker to pass a specially crafted file ... • http://lua-users.org/lists/lua-l/2021-10/msg00123.html • CWE-674: Uncontrolled Recursion CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 3%CPEs: 6EXPL: 0CVE-2021-32921 – Debian Security Advisory 4916-1
https://notcve.org/view.php?id=CVE-2021-32921
13 May 2021 — An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker. Se detectó un problema en Prosody versiones anteriores a 0.11.9. No utiliza un algoritmo de tiempo constante para comparar determinadas cadenas secretas cuando se ejecuta bajo Lua versiones 5.2 o posteriores. • http://www.openwall.com/lists/oss-security/2021/05/13/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0CVE-2021-32918 – Debian Security Advisory 4916-1
https://notcve.org/view.php?id=CVE-2021-32918
13 May 2021 — An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3. Se detectó un problema en Prosody versiones anteriores a 0.11.9. La configuración predeterminada es susceptible a ataques remotos de denegación de servicio (DoS) no autenticados por medio del agotamiento de la memoria cuando se ejecuta bajo Lua versiones 5.2 o Lua 5.3 Multiple vulnerabilities have been f... • http://www.openwall.com/lists/oss-security/2021/05/13/1 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24369
https://notcve.org/view.php?id=CVE-2020-24369
17 Aug 2020 — ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference. El archivo ldebug.c en Lua versión 5.4.0, intenta acceder a la información de depuración por medio del enlace de línea de una función despojada, conllevando a una desreferencia del puntero NULL. • https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a • CWE-476: NULL Pointer Dereference •